Mac OS X trojan/virus/malware
#1
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Mac OS X trojan/virus/malware
Have a read of this. More info on it can be found here.
My take on it. Well, it's interesting, as it's injecting code into an executable, quite a nice little trick. A serious threat? Not really. The post that contained the file has been removed, plus, and this is the big point, if you downloaded it and ran it, then 99 percent of the time you'll be asked for an Admin password.
Now, who has ever been asked for an admin password to view a JPEG? That should give you a big clue that Bad Things Might Happen if you actually enter the password.
The other 1 percent of the time would be if you have, within the last, 60 seconds or so, used Admin authorisation, or you are logged in as a root user.
Now, if you're logged in as root then you're asking for trouble anyway. I've always been told to never log in as root on OS X unless you need to, and if you do, don't stay logged in as that user, and certainly don't use it as your regular account.
If you're an Admin user, then you can "sudo" or "su" in the terminal so there is no need to login to the machine as root anyway.
My take on it. Well, it's interesting, as it's injecting code into an executable, quite a nice little trick. A serious threat? Not really. The post that contained the file has been removed, plus, and this is the big point, if you downloaded it and ran it, then 99 percent of the time you'll be asked for an Admin password.
Now, who has ever been asked for an admin password to view a JPEG? That should give you a big clue that Bad Things Might Happen if you actually enter the password.
The other 1 percent of the time would be if you have, within the last, 60 seconds or so, used Admin authorisation, or you are logged in as a root user.
Now, if you're logged in as root then you're asking for trouble anyway. I've always been told to never log in as root on OS X unless you need to, and if you do, don't stay logged in as that user, and certainly don't use it as your regular account.
If you're an Admin user, then you can "sudo" or "su" in the terminal so there is no need to login to the machine as root anyway.
Last edited by Markus; 16 February 2006 at 02:37 PM.
#3
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Jack,
Sounds like it's the same. I've seen Leap mentioned as the name.
Essentially it's a file that alleges to contain JPEG pictures of 10.5. When you double click on it, it asks for admin password, and then installs itself. Tries to spread itself using Bonjour.
Interested to see what, if anything Apple does about this, as some applications legitimatley inject code into applications/memory, to "patch" things. Stuff such as Unsanity's haxies and things like that.
Sounds like it's the same. I've seen Leap mentioned as the name.
Essentially it's a file that alleges to contain JPEG pictures of 10.5. When you double click on it, it asks for admin password, and then installs itself. Tries to spread itself using Bonjour.
Interested to see what, if anything Apple does about this, as some applications legitimatley inject code into applications/memory, to "patch" things. Stuff such as Unsanity's haxies and things like that.
#4
Scooby Senior
I don't see is as that much of an issue, you have authorise it. Big news in PR terms though.
Anyhow, apologies to the Mac community, I knew as soon as I switched the problems would follow me.
Anyhow, apologies to the Mac community, I knew as soon as I switched the problems would follow me.
#5
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Jack,
Neither do I. If you are silly enough to enter an admin password for opening a jpeg file then your'e asking for trouble. Yes, some people aren't as computer literate as they should be, and probably think this would be normal behaviour and know no different. Same people probably click on the links in the emails form banks asking for them to verify their credit card details.
Agree that PR wise it IS a big thing. But again, requires user interaction, so it's not a silent attack.
From a tech viewpoint it does display a hole in the security, but what was more worrying to me was how Apple would approach a fix. Our software injects code into things, as we need to "patch" various things. Depending on how Apple fixes things, ie; would it stop code being injected, then it could prevent certain parts of our software from working. However, I don't think it's going to be a problem, as the way we do things is used by the kernel itself for, if I've got it right, inter process communication, so it's not something they could block.
Neither do I. If you are silly enough to enter an admin password for opening a jpeg file then your'e asking for trouble. Yes, some people aren't as computer literate as they should be, and probably think this would be normal behaviour and know no different. Same people probably click on the links in the emails form banks asking for them to verify their credit card details.
Agree that PR wise it IS a big thing. But again, requires user interaction, so it's not a silent attack.
From a tech viewpoint it does display a hole in the security, but what was more worrying to me was how Apple would approach a fix. Our software injects code into things, as we need to "patch" various things. Depending on how Apple fixes things, ie; would it stop code being injected, then it could prevent certain parts of our software from working. However, I don't think it's going to be a problem, as the way we do things is used by the kernel itself for, if I've got it right, inter process communication, so it's not something they could block.
#6
Scooby Senior
Our pages have now been updated.
One of my favorite viruses was called Polite, it asked if you liked to be infected when the code was executed. Now you'd think that would be clue enough, but this particular macro virus was in our top ten for quite some time.
One of my favorite viruses was called Polite, it asked if you liked to be infected when the code was executed. Now you'd think that would be clue enough, but this particular macro virus was in our top ten for quite some time.
Thread
Thread Starter
Forum
Replies
Last Post
pimmo2000
Computer & Technology Related
2
21 September 2015 12:04 PM