Apple: ‘Opener’ is not a virus, Trojan horse, or worm

“After a week of contemplation, Apple has announced that the ‘Opener’ malware program blighting OS X is not a virus – although the security community disagrees,” Dan Ilett reports for ZDNet UK. “Discovered a week ago, the Opener program

33 Comments

  1. Theres also the Mallet virus that you guys haven’t heard about. Its very destructive and requires the user to repeatedly beat his mac with a heavy mallet. Keep an eye out for this one peeps.

  2. I have the Renepo code. It is public. It is rather a rootkit, of the kind that always existed for Unix platform.

    If I were the author and had been successful in tricking and admin of an OS X platform I would consider myself lucky if by the end of the week I had some 10 IP number for OS X machines where my Renepo had been able to spoof the root password from the first admin.
    And I would have to log to the first machine in order to retrieve that info in that – currently(?!) Renepo does not call home.

    Sure, it is a security threat, but it is more a threat of admin not having safe behavior rather than something else.

    If you are not admin of your machine there is no way Renepo can work. If you want to protect yourself even from a Renepo used in a Trojan, just create a second account and give this last admin privileges. Then turn your primary account – your daily horse – into a regular account. There: you cannot now install Renepo even if a naked Britney begged you to.

  3. Nope, it does not spread. The only thing it tries is to copy itself – IF – you have a mounted volume on another OS X machine AND you do that as admin of that machine. Then it copies itself in the System Startup Items and begins its spoofing and cracking (Joe the Ripper) if that machine is rebooted.

    Otherwise, there is no other means of spreading (currently).

  4. Symantec also reported on another virus which is at least as dangerous as Opener, if not more. It’s called OpenWindow. Basically a hacker gains access to your computer through a door in your home or business and chucks your computer out the window, often rendering it useless. Symantec is going to start selling a new protection system to deal with this particular virus, and they call it iChain. It is their first solution that is actually hardware as opposed to software.

  5. Sorry, I will not go out and buy virus software and bog down my Mac so I can help “protect my PC brethren”. I won’t purchase virus software until, or if, viruses actually start popping up for OS X.

    That may sound cruel and a bit harsh, but hey, they decided to buy a piece of crap, they can deal with the problems that come with it.

  6. glick, it is a regular bash script, using regular bash builtin commands that only do work if you have root level access. Otherwise: bzzz, does not work.

    It is a script, it is a script, it is a script. Nothing more, nothing less.

    Sure, you may put it in an installer that asks for admin password to install and it would copy Renepo in the System and Library location and issue a ./opener to launch it.

    If the shareware programs asks to install itself then yes, it would be possible. But then again, what spread? you should be admin to other OS X platform for it to do any damage once it spoofs your password.

    If you all think it as a Windows worm or virus with exponential growth then relax. It is a rootkit which at most drips to few hundred machines (if ever: it needs root account enabled) in a month worldwide if it was to be released.

    Nothing more nothing less than regular Unix rootkits existing since tens of years.

    So, as a final remark, yes, OS X is Unix. Someone just took the time to translate a bash rootkit script into one that would run under OS X environment.
    Doh!

  7. i would say that os x admins are more susceptible to this virus than windoze admins.

    windows admins make it a practice to never install anything on their servers that’s not necessary. os X feel safe that they can not be infilitrated, and are are perhaps more apt to “play” with their systems.

    complacency.

    Symantec always sets windows on orange alert, when it comes to viral e-terror.


    Fahrenheit x86, the temperature that virii’s born

  8. otto, dunno. Depends whether the OS X admin is a part-time Unix admin as well (or a converted one). In that case it has as much knowledge of Unix issue to not be duped by a thing like this.

    And, I do not believe there are true OS X admins (ie people looking after a network of OS X platform) that know little ’bout Unix.

    If you are the regular solo admin of your own Mac you are no threat in terms of infecting other machines.

    I do not think a true OS X admin would treat it any differently – or without the same care – as for other Unix platforms that s/he might look after at the very same time.

  9. hey guys,
    I just just discovered a NEW virus!!! I’ll call it FaRMeR.

    Please don’t try this as this virus will DESTROY your computer. But here it is:
    Open the terminal.
    type ‘sudo rm -rf /Library/’ and then ‘sudo rm -rf /System/’

    Of course you’ll need to supply your admin password, but this virus will wipe you out!

    Someone, please forward this information on to all the *security* companies for me, OK?

  10. I am ashamed to be a part of the information security community that thinks that this is anything close to a virus, worm, etc.

    IT’S A DAMN SCRIPTS THAT REQUIRES ADMIN ACCESS.

    One of the reasons I left the Windows world forever was because of the idiotic, mindless drivel that spews from the Windows Security world. If MS ever produces an OS that really is “secure” by Mac OSX standards, they will all go out of business.

    I will dance on their graves.

    Morons.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.