MacDailyNews - Where Mac news comes first

We as Mac users need to trumpet this fact as far and as wide as we can. Don't let these "news" organizations get away with posting these errors as news and then not having it thrown in their faces that they were WRONG!

Post the truth everywhere. Forums, discussion boards, mailing lists. Even cite the "journalists" and their respective "news outlets" that got it wrong, I say. Don't let them off the hook.

Screw them.

(after all, why not just post the pics?)

Jason D. O'Grady is a moron, some sites don't let people post pic's and then you need a host as well.

And since a link can go to a web page which immediatly starts a download or not, how are people supposed to know the difference before they click?


Hang in there MDN!

We lost some people too, they are A O fscking L

"This week's 'Mac virus' scare turned out to be nothing more than a worm for Mac OS X that propagates through iChat and infects local Mac applications

Excuse me, a worm is a virus. Let me repeat that for those of you who missed it: a worm is a virus. The first virus for OS X has arrived. MDN, it's time for you to admit the truth.

Even if they can't post pics-- why would you need an administrator password to open a compressed file?

MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.

And if someone has pics of Leopard and it ain't on Apple's own site, AppleInsider, ThinkSecret, MacRumours, MacBidouille, MOSR, MacWorld, or MDN, then I'm already suspicious.

However, as I got so roundly pounded a few weeks ago, someone has shown it is possible to create something like this, but to make it work you've got to target utter morons.

Now, I'll be happy to go back and be smug, because this story is utterly overblown and totally misreported.

Wanna know how fearsome this worm isn't? Read: http://www.macworld.com/news/2006/02/17/leapafollow/

Look, the bugs in MS Office are more pervasive than this thing. Of course, the virus protection software guys are predicting the apocolypse....they have to somehow come up with a reason for us to buy virus protection software for a platform THAT DOESN'T HAVE VIRUSES. It's like the guy who is selling snow-making machines in Fairbanks.

The virus protection software guys are PRAYING for a mac virus - hell, if they were at all competent, they'd probably write one themselves, but since there just aren't going to be any real ones, they are going to make something up. And the Windows IT guys administering Macs will buy it hook, line, and sinker...that is the reason that the IT dept. where I work insists on buying institutional licenses and loading and automatically enabling virus protection software on all the Macs distributed in our department. That is also the reason that I end up administering our Macs....the first thing I do is turn off the virus software and the second thing I do is enable ARD...it's easier than explaining why they are wasting their money.

MW: makes. As in, virus protection software on a Mac MAKES me laugh.

Exactly Tommy Boy. This so called "virus" doesn't even propagate itself via iChat unless you have local bonjour chat active. It DOES NOT spread via iChat to anyone over the internet at all!

Some teensy things have been overlooked:

THIS SO-CALLED VIRUS IS NOT A WORM BECAUSE IT DOESN'T INFECT WITHOUT USER INTERVENTION!!!!

THIS SO-CALLED VIRUS ONLY WORKS ON A LAN NOT OVER THE INTERNET!!!!

THE DEFAULT CONFIG OF A MAC IS IMMUNE BECAUSE BONJOUR IS TURNED OFF!!!!

How come only Mac World picked up that little factoid?
http://www.macworld.com/news/2006/02/17/leapafollow/index.php

Sing it! YOU CAN'T GET THIS VIRUS OVER THE INTERNET.

What about the Inqtana 'worm'? Where are MDN's denials of that one? True, it's more like just a soon-to-expire piece of proof that the Bluetooth vulnerability is there, but I expected to see something about it too.

I have written a couple letters to the magazines and sites myself already... but as far as Leap/A is concerne, there isn't much the Mac community can do when Sophos themselves adamantly classifies this as a virus. And MDN... a worm IS a virus, as many others have pointed out.

True or not... utterly idiotic or not... say goodbye to the official "zero-viruses OS X."

$5 says Symantec created this lame worm to get over the public humilation that their anti-virus software had a serious exploit for years.

http://news.designtechnica.com/article9131.html


Friends don't let friends install programs as root.

Is this thing a virus/worm or a program? So someone wrote a program that does things I would want it to do? My goodness, my ENTOURAGE that came with my Office Suite does that!

I'm sorry, but anythng that asks me if it can download, asks me if it can run, and then asks me for Administrator access before it does anything doesn't seem like much of a threat, and certainly not the kind malicious of code found covertly targeting Windows on a weekly basis.

I would be very upset if my Mac didn't run a program as it was designed. The scandal would be if it didn't.

It amuses me how this community are happy to classify any malicious Windows program as a virus when trumpeting how many Windows viruses there are (despite the fact that most of these are trojans, worms, spyware, etc, all requiring user intervention to install) but when it comes to Mac malware they tie themselves in semantic knots in order to deny the possibility that there are potential weaknesses in MacOS. One standard for Apple, another for everything else.

MacDude, hosting pics is nothing. Safari warns you if a page downloads something dangerous.

Nope, it only warns you that your about to download a application.

Malware has been attached to ordinary images and on web pages.

Also Javascript malware

You can classify this as a virus if it makes you feel better, but if this is indeed a virus, it has to be just about the lamest one ever written.

And please tell us how can it be classified as a true worm/virus if it doesn't have the ability to propagate itself over the internet?

This is definitely the end of Apple computer. Apple fan boys thought that OSX was secure and now we know it is full of holes. It will be a matter of weeks before OSX is overrun with viruses and all Apple users will have to switch to windows to get work done. With the second security problem this week (bluetooth hole) it is obvious that this is the tip of the iceberg and that the tidal wave of viruses, malware, and trojan horses are on their way.

Finally the computer world can unify behind Windows -- a secure, fast, and reliable operating system. This will be the end of overpriced computers that are only sold to rich people that have virtually no software to run.

Time to short Apple stock!

Hmm, looks like our pal "Reality Check" is having a schizophrenic moment or two it looks like based on his posts...somebody forgot to take his meds obviously.

Too bad for you that the "Bluetooth hole" you speak of was patched several months ago. Sorry, but thanks for playing...

Tempest in a teapot.

No no. It certainly doesn't make me feel better, and indeed it is one of the most lame 'viruses' ever written, because the fact remains that any malicious program must be given permission to run by the user. Not to mention the fact that it requires the most stringent of circumstances to work (including that it doesn't spread over the internet).

My point is that when Sophos classifies this thing as a virus, there is then very little we 'mere mortals' can do to combat that labeling. I am just as much of a Mac fan as the rest of you, I am just injecting a little reality into our combat attempts. :(

I think we have two different 'Reality Check's.

@ Reality Check #2: Despite the fact that I don't label this as a virus if is requires administrator privileges... I was thinking the same thing. Just how drastically would the number of Windows "viruses" decrease if we put the stringent standards on them as we are putting on Leap/A? Just a thought. Double standards are very hypocritical.

@ Obvious Man: I am fully aware that the Bluetooth vulnerability was patched shortly after Tiger's release. Blaster, and countless other Windows viruses were patched (with SP2 and the countless security updates), but that doesn't take away from the fact that they are viruses... because there are always those few who don't update their systems. Ignorant and unwise, yes, but they are out there nonetheless.

However,

(1) In the Mac community, there seem to be far fewer people who don't update their systems regularly and
(2) Again, the highly specialized and difficult application where this Bluetooth vulnerability applies makes it a negligible threat, if any at all.

Who the hell double clicks on a JPEG icon? And who computes "in the wild?" I'm in a mid-sized city, so I don't have anything to worry about, not to mention that I'm using Panther. This is just for Tiger, isn't it?

To Caruso:

The purpose of running anti-virus software on a Mac in a corporate network isn't to keep the Mac from being infected, it's to keep the Mac from being a carrier used propagate infected files.

Mac's may not get viruses but they can spread them.

if im the admin, does it ask for a admin password or not?

IT IS NOT A WORM IF IT REQUIRES USER INTERVENTION TO ACTIVATE AND PROPAGATE.

One more time: IT IS NOT A WORM IF IT REQUIRES USER INTERVENTION TO ACTIVATE AND PROPAGATE!

God I hate the mainstream tech press. Grrrrrrrr. I say we take a few lessons from our muslim brothers and burn down the Windows embassy.

This is the dumbest "virus" I've ever heard of. If it requires the user to accept the incoming bluetooth transfer, and since bluetooth requires the devices to be within several feet of each other to make a connection, how practical is this? Not very. Even if it didn't require user intervention, it wouldn't spread very far, if at all. Everybody in the mainstream tech press has been jizzing all over themselves that they can finally say "MAC OS X HAS A VIRUS!! MAC USERS ARE JUST AS VULNERABLE AS WINDOWS USERS! FEAR!! PANIC!! DREAD!!!!!"

<<< "The old rules still apply: do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source." >>>

That goes double if it is from Sony!

How do we know waht is a trusted source. Is any thing on Version Tracker guarenteed safe for instance?

This thing, whether it be virus or not, can still run without asking for an admin password if the account you use on a day-to-day basis is an admin itself. By default, the first user on a Mac when OSX is installed is an Admin. Therefore, this piece of malware has uncovered a problem in OSX. Now that one malware writer knows about it, there will be others that come up with variants.

Until Apple figure out how to patch against this (and I'm sure it won't be long until they do), you can either take extra caution on what you click on, or ensure that your day-to-day account is marked as standard.

Although if you have been running as an admin and decide to demote yourself, please remember that any software you have installed into /Applications will still have you as the owner, meaning the admin password prompt will once again not appear if malware attempts to write to it. You will need to correct this by either using the chown and chgrp commands or from the GUI if you have the patience.

I would recommend running your day-to-day account as standard anyway, but I can understand that some users find the restrictions it adds a bit of a chore. Each to their own.

Wikipedia sez: “Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration. …

“Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses which operate by spreading on their own and infecting executable files, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses. However, the defining characteristic of trojans is that they require some user action, and cannot function entirely on their own.”

Have I missed something. They don't mention any popup aking for admin password during the deliberate infection here!!!

Can this program really install without the admin password. If so, THAT is worrying...

http://www.macworld.com/news/2006/02/17/leapafollow/index.php

neomonkey

Yes, apparently this is just for Tiger. Good job I'm not the panicky type, as I eBayed my Panther install disks together with my old iMac.

As for that stupid flamebait above that everyone will now switch to Windows, I can't see anyone who ditches a UNIX based platform going back to Redmond's hacked together pile of steaming mess. Even if the Mac does find ourselves under a virus onslaught, it just means more Linux installations.

Either way, crappy old Symantec isn't going to get a penny.

mh

I refer the Honourable gentleman to the answer I gave some moments ago.

Sorry about the totally pants grammar. Too much Pinot Grigio.

Tip of the iceberg my friends, tip of the freakin' iceberg. As the Mac gains in popularity more will come. Obscurity a myth? Yeah, that's why taggers put their stuff in little know hidden places, huh?

These sick bastards write these things to have their handy work seen, and as the Mac OS becomes more and more prevalent it becomes a more tempting target.

Storm clouds on the horizon, time to head for the storm cellar.

goddammit...

A worm is not a virus, unless someone has conveniently redefined "virus" in recent years (which wouldn't surprise me).

There are three major types of malware:

Virus -- a virus is code which propagates by inserting itself into files, which are then shared between computers. Very few true viruses exist anymore.

Worm -- a worm is malware which spreads automatically from computer to computer via a network. Internet worms and email worms are the two main types. Email worms require minor intervention by the user, but only in the form of opening an attachment. Most problem malware these days are worms, NOT viruses.

Trojan -- a trojan (horse) is an malicious application pretending to be something else. It requires the user to explicitly run it.

Leap.A is most definitely NOT a virus. It does infect files, sort of, but not in a way that could be used for propagation. In fact, it's stretching the definition a little to call it a worm. Yes, it propagates over a network, but it requires significant trojan-style user-interaction at each stop. It would best be classified as a "self-replicating trojan".

So please, stop with the arrogant "admit it" bull$#!+. You don't know what you're talking about.

(I swear, the idea that people wouldn't switch from Windows because of this makes me think of a man in a burning building who won't leave because it's hot outside.)

Is Leap-A a virus or a Trojan?

Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).

However, this is not the definition of a Trojan horse.

A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.

Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.

OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.

Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

18 February 2006

Second Mac OS X worm spreads via Bluetooth vulnerability

http://www.sophos.com/pressoffice/news/articles/2006/02/inqtana.html

@ Sam City:

Come on and please read the articles next time. We and the mainstream press are not talking about the Bluetooth vulnerability. That is very very very minor news which only garnered a passing mention from The Register.

We are talking about the Leap/A piece of malware (I refuse to call it a virus or worm myself). Don't start hyperventilating.

Pathetic... when something shows up that runs without our knowledge and infects our osx then thats news. Look up the definition of virus. For your own pathetic sake, look it up. The lengths that one must go to for this to actually work is obsurd. These security companies number one priority is profit. Use some common sense. And please Windows users, be safe. Theres over 100,000 viruses out there for you, and as far as I'm concerned and most anybody with a bit of intelligence, theres are still no osx viruses. Period.

"OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform."

Except that Leap-A DOES NOT propagate itself via iChat to internet contacts. Therefore, it is NOT comparable to an e-mail or instant messaging worm on the Windows platform...

http://www.macworld.com/news/2006/02/17/leapafollow/index.php

"Second Mac OS X worm spreads via Bluetooth vulnerability"

Which was patched by the 10.4.2 update many, many months ago.

For those that have obviously been too lazy to read up on this, here you go courtesy of Macworld online...

It turns out that Leap-A will only send itself out via iChat under a very specific set of circumstances:

You must be using Bonjour iChat, not Internet-based iChat. That’s right. If you're using iChat in the way that probably 99 percent of us do, you’ll never see this file being sent from an infected buddy. Leap-A will only send itself to others on your Bonjour buddy list. This is why Kirk and I were never able to get the malware to do its thing—we were not conversing via Bonjour. It sounds amazingly simple, but we spent quite a bit of time trying to figure this out before someone at Intego pointed out that it was limited to Bonjour networks.

Even on a Bonjour network, you have to work a bit to get the file to send itself. It requires one (or more) status changes on either (or both?) of the Macs involved. In my case, I tested this by activating Bonjour chat on my G5-based desktop. For me, this was the only status change required to activate the file transfer function. But for Kirk, who already had Bonjour running, he had to change his status message on the target machine a couple times before the infected Mac noticed and then tried to send him the file. However, Kirk’s son Perceval, not being warned that this dangerous activity was occurring on the home network, turned on his iBook, logging in to iChat automatically. Since he logs into both AIM and Bonjour, this triggered the “hot” machine to send files to both the iBook and Kirk’s iMac.

You still have to manually accept the file (then expand it and then double-click it) to infect your machine. Clearly, this thing is not going to spread like wildfire via iChat.

So it seems the “iChat transmission” aspect of the Leap-A malware has been greatly overstated—unless you use Bonjour iChat, you’ll never see it arriving on your machine in this manner.

Why is everyone downplaying this whole thing and acting like it's nothing?

Yes, this is news... Call it what you want, trojan, virus, worm.. Whatever you call it, This is the first documented attack on OSX.. Sure, it's only a level one threat and yes, it requires user interaction, but it CAN do harm... And on an infected machine it can anonymously pop up on every person in that users iChat friends list..

No one is claiming that OSX is not any safer now than Windows, all these reports are saying is, there has been a first attack on our beloved platform.

This is the FIRST, there will be more.. Accept it!

Actually there has already been a second..

http://www.sophos.com/pressoffice/news/articles/2006/02/inqtana.html

Albeit minor, we've had two attacks on OSX in a week. They will become more sophisticated.

This is the third time that I've seen news sources running headlines gleefully proclaiming that the first Mac virus has arrived.

As nobody noticed this one either, they can have another go at running the 'First Mac virus' headline at some point in the future.

All the MacHaters will be in our face - ad infinitum - bla bla bla bla bla.

In THEIR world: 1 Mac malware = 100,000 Windows malwares

-

MacHater: Jeez, get a real PC. Why do you continue to use that Crapintosh, anyway?

MacUser: Because it annoys people like you so much.

-

Apple Computer, going out of business since 1984. Annoyed yet?

Whatever...

Thats because in their world 90% marketshare = our world 4% marketshare.

Like I said before, I'm tired of us Mac users being treated like second class citizens!

How come Windows users get to have over 70,000 real, hardcore, trash-the-peecee and all files, crash the ATM, subvert the server type malware? While Mac users only get these lame, "concept", can't install or propagate without root/admin passwords, "is it a virus?", nonsense code?

I think I'll switch to Windblows.

"Excuse me, a worm is a virus. Let me repeat that for those of you who missed it: a worm is a virus. The first virus for OS X has arrived. MDN, it's time for you to admit the truth."

Well, let me repeat it for you in case you missed it, this isn't the "first virus for OS X." It's no different from MP3Concept, Opener, or any of the other worms/viruses that have been written for OS X over the years that OS X remains impervious to because of its built-in security.

It's time for YOU to admit the truth.

To repeat again for the numbskull press--THIS ISN'T THE FIRST OS X VIRUS.

Plenty have been written for the platform over the years, but they never spread because of the need for user intervention, a result of OS X's inherent security. Christ, even Paul Thurrott at Wininformant got this part right.

MDN - affected by a power outage?! - methinks someone wanted to have a look at those "Leopard" pics ...

I guess this proves that Mac users are not immune to the same kinds of social-engineering techniques that users of PCs are ... Whatever this is, it's great to see the spirit of the Mac community and the calm and rational way people are speaking about this.

From what I gather, this program has to be launched to do any damage - this is a far cry from what our PC brethren have to contend with each day.