Apple: ‘Opener’ is not a virus, Trojan horse, or worm

33 Comments

“After a week of contemplation, Apple has announced that the ‘Opener’ malware program blighting OS X is not a virus – although the security community disagrees,” Dan Ilett reports for ZDNet UK. “Discovered a week ago, the Opener program

33 Comments

  4. Symantec declared that Mac owners were protected if they had kept their antivirus software up to date.” Ilett reports.

    Sheesh people are acting like it’s an epidmic,
    How many computers have been infected, I bet I count them on my hands.

    Reply

  7. Hey, beryllium

    What, exactly, is an “acorym” (to which you have such vehement objections)? Do you mean “acronym”? Man, if you’re going to be self-righteous, at least be RIGHT!

    Reply

  8. Well, we have all � as mac users � been saying that OSX is safe, and if this is the best that the underground can come up with, I have nothing to worry about. The only way this thing spreads is by the users’ own stupidity. Hell, anyone getting infected by this should have an honourable mention in the Darwin Awards.

    Reply

  10. Anti-virus software? I vaguely remember something called Norton Anti-Virus but since it would constantly crash my computer and disrupt the operation of other mission critical applications I deemed it malware and disposed of it. Since then my computer has been safe and stable.

    Reply

  11. The security companies have said that Opener is not in the wild and is not spreading so as far as I can tell it is another “proof of concept”, albeit a nasty one. I wonder who actually came up with this? Truth can be stranger than fiction.

    So anyway, even if you class Opener as a virus, there are still no viruses in the wild for OS X. We should not be complacent though, one will come along someday. I think the Mac community will deal with it swiftly when it does however. Just be smart and don’t provide your admin password for suspect downloads and everyone should be fine.

    This is a great article on why the Mac is more secure, and always will be:

    http://daringfireball.net/2004/06/broken_windows

    Reply

  12. I’d have to say, I only partly agree with Apple over this. I agree that Opener is not a virus, but I’m not certain I would say it’s not a trojan. Given the proper incentive, a user could be trick into installing it on their machine, and once installed, it would attempt to spread to other machines the user has access to. Of course, no one has actually proved that it could spread, just that it tries to, but that said, if you were a system admin, that got tricked, you could compromise your entire network.

    But seeing as the thing can’t spread across the internet, and requires administrator access, and user approval, I’d agree that calling it a virus is a bit much. And seeing as how no one created the ultimate program to trick users into installing it, it doesn’t technically qualify as a trojan either.

    Though, since Mac users should be running antivirus software, just to aid in the protection of their PC brethren, then I’d rather have the antivirus companies monitor for it than not.

    Reply

  13. Installing expensive anti virus software because of this sorry excuse of a trojan/virus/whatever is like buckling up in a drive-in movie theater when a car chase starts on the screen.
    Sorry, Symantec, no business here!

    Reply

  14. allgood2, if u are an admin and u get tricked! then you should be fired immediately!! what kind of fscking stupid admin is downloading shit from p2p services?? lol
    anyway even then he would still have to enter his admin passowrd on every computer for it to work right?? or am I wrong?? I’m asking a question here i’m not sure if an admin can do it over a network?. But it’s funnie how these product companies have to tryin to force us to buy their products! they broadcast it on CNN like Osma Bin Laden had just bombed another place in the states or something. Truly SAD!

    Reply

  16. Theres also the Mallet virus that you guys haven’t heard about. Its very destructive and requires the user to repeatedly beat his mac with a heavy mallet. Keep an eye out for this one peeps.

    Reply

  17. I have the Renepo code. It is public. It is rather a rootkit, of the kind that always existed for Unix platform.

    If I were the author and had been successful in tricking and admin of an OS X platform I would consider myself lucky if by the end of the week I had some 10 IP number for OS X machines where my Renepo had been able to spoof the root password from the first admin.
    And I would have to log to the first machine in order to retrieve that info in that – currently(?!) Renepo does not call home.

    Sure, it is a security threat, but it is more a threat of admin not having safe behavior rather than something else.

    If you are not admin of your machine there is no way Renepo can work. If you want to protect yourself even from a Renepo used in a Trojan, just create a second account and give this last admin privileges. Then turn your primary account – your daily horse – into a regular account. There: you cannot now install Renepo even if a naked Britney begged you to.

    Reply

  18. Nope, it does not spread. The only thing it tries is to copy itself – IF – you have a mounted volume on another OS X machine AND you do that as admin of that machine. Then it copies itself in the System Startup Items and begins its spoofing and cracking (Joe the Ripper) if that machine is rebooted.

    Otherwise, there is no other means of spreading (currently).

    Reply

  19. Symantec also reported on another virus which is at least as dangerous as Opener, if not more. It’s called OpenWindow. Basically a hacker gains access to your computer through a door in your home or business and chucks your computer out the window, often rendering it useless. Symantec is going to start selling a new protection system to deal with this particular virus, and they call it iChain. It is their first solution that is actually hardware as opposed to software.

    Reply

  22. Sorry, I will not go out and buy virus software and bog down my Mac so I can help “protect my PC brethren”. I won’t purchase virus software until, or if, viruses actually start popping up for OS X.

    That may sound cruel and a bit harsh, but hey, they decided to buy a piece of crap, they can deal with the problems that come with it.

    Reply

  23. glick, it is a regular bash script, using regular bash builtin commands that only do work if you have root level access. Otherwise: bzzz, does not work.

    It is a script, it is a script, it is a script. Nothing more, nothing less.

    Sure, you may put it in an installer that asks for admin password to install and it would copy Renepo in the System and Library location and issue a ./opener to launch it.

    If the shareware programs asks to install itself then yes, it would be possible. But then again, what spread? you should be admin to other OS X platform for it to do any damage once it spoofs your password.

    If you all think it as a Windows worm or virus with exponential growth then relax. It is a rootkit which at most drips to few hundred machines (if ever: it needs root account enabled) in a month worldwide if it was to be released.

    Nothing more nothing less than regular Unix rootkits existing since tens of years.

    So, as a final remark, yes, OS X is Unix. Someone just took the time to translate a bash rootkit script into one that would run under OS X environment.
    Doh!

    Reply

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.