Viruses, and all malicious scripts for that matter, are coded mainly to get the author some notoriety. By having a big spack fight over whether it is a virus or not is only likely to:a) make the author happy. 2) encourage someone to write a real self propagating virus for the platformiii) make me read the same "ITS NOT A VIRUS LOL ITZ A TROJAN U NUBZ!!!' statements over and over again.bottom line here is there is malicious code in the wild that installs a trojan if you authenticate it. Its not the first - it won't be the last. But if it wasn't for things like this people wouldn't bother writing them because very few people have Macs, and only a very small percentage of them would be stupid enough to type their password when asked. p.s. 'Viruses' if a fun word.
If you understand the differences in OS X vs. standard UNIX vs. Windows you will see that this trojan does no harm UNLESS you are stupid enough to enable the root account in OS X (root is disabled by default) and be running as root.Because OS X asks for permission (password dialog box) for any changes to files which you do not own (privilege escalation) this trojan won't do much harm. Of course, if you installed apps by dragging and dropping (no installer) then the Apps have your UID as the owner. Worst case, you trash them and reinstall (OS X is really nice this way because of the bundles). One would do more harm with a trojan that did a simple rm -rf ~ and wipe out your home directory...
From Andrew Welch, a long time Mac Developer:<a class="user" href="http://www.ambrosiasw.com/forums/index.php?showtopic=102379">http://www.ambrosiasw.com/forums/index.php?showtopic=102379</a>"1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file2) Double-click on the file to decompress it3) Double-click on the resulting file to "open" it...and then for most users, you must also enter your Admin password.You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it.A few important points-- This should probably be classified as a Trojan, not a virus, because it doesn't self-propagate externally (though it could arguably be called a very non-virulent virus)-- It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system-- It requires the admin password if you're not running as an admin user-- It doesn't actually do anything other than attempt to propagate itself via iChat-- It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching-- It's not particularly sophisticatedTo be on the safe side...DO NOT DOWNLOAD OR RUN THIS FILE"
"You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it."That's a big part of the difinition of the word virus. And it IS a virus. If it executed itself (without user interaction), it would be a worm. It's not a worm -- it is a virus.
whiskeycloneFeb 16, 2006
Viruses, and all malicious scripts for that matter, are coded mainly to get the author some notoriety. By having a big spack fight over whether it is a virus or not is only likely to:a) make the author happy. 2) encourage someone to write a real self propagating virus for the platformiii) make me read the same "ITS NOT A VIRUS LOL ITZ A TROJAN U NUBZ!!!' statements over and over again.bottom line here is there is malicious code in the wild that installs a trojan if you authenticate it. Its not the first - it won't be the last. But if it wasn't for things like this people wouldn't bother writing them because very few people have Macs, and only a very small percentage of them would be stupid enough to type their password when asked. p.s. 'Viruses' if a fun word.
zodiemanFeb 16, 2006
If you understand the differences in OS X vs. standard UNIX vs. Windows you will see that this trojan does no harm UNLESS you are stupid enough to enable the root account in OS X (root is disabled by default) and be running as root.Because OS X asks for permission (password dialog box) for any changes to files which you do not own (privilege escalation) this trojan won't do much harm. Of course, if you installed apps by dragging and dropping (no installer) then the Apps have your UID as the owner. Worst case, you trash them and reinstall (OS X is really nice this way because of the bundles). One would do more harm with a trojan that did a simple rm -rf ~ and wipe out your home directory...
insecureFeb 16, 2006
Quote from "jambarama"the specific exploit it uses can be patched very easily. Apple will jump on this.---------Funny, they haven't jumped on it since June of 2005<a class="user" href="http://freaky.staticusers.net/ugboard/viewtopic.php?t=17698">http://freaky.staticusers.net/ugboard/viewtopic.php?t=17698</a>
deepsubFeb 16, 2006
From Andrew Welch, a long time Mac Developer:<a class="user" href="http://www.ambrosiasw.com/forums/index.php?showtopic=102379">http://www.ambrosiasw.com/forums/index.php?showtopic=102379</a>"1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file2) Double-click on the file to decompress it3) Double-click on the resulting file to "open" it...and then for most users, you must also enter your Admin password.You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it.A few important points-- This should probably be classified as a Trojan, not a virus, because it doesn't self-propagate externally (though it could arguably be called a very non-virulent virus)-- It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system-- It requires the admin password if you're not running as an admin user-- It doesn't actually do anything other than attempt to propagate itself via iChat-- It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching-- It's not particularly sophisticatedTo be on the safe side...DO NOT DOWNLOAD OR RUN THIS FILE"
cannelleFeb 16, 2006
"You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it."That's a big part of the difinition of the word virus. And it IS a virus. If it executed itself (without user interaction), it would be a worm. It's not a worm -- it is a virus.
sal42Feb 16, 2006
symantec says it is a worm: <a class="user" href="http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html">http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html</a>
paradisoApr 7, 2006
First Mac OS X Virus? Apple Says No<a class="user" href="http://www.7uk.org/security/id_23655/">http://www.7uk.org/security/id_23655/</a>something information