A worm targeting Windows operating systems hides in a file named itunes.exe, and will try distributing itself over AIM. Antivirus maker Trend Micro says the Opanki worm’s name may trick people into thinking it is a legitimate file associated with Apple’s iTunes Music Store:
This worm arrives as the file, ITUNES.EXE. Its file name may appear familiar to users as it is similar to the name of a popular media player from Apple Computer. Thus, users may be tricked into thinking that this worm is associated with a legitimate product.
It spreads via AOL Instant Messenger (AIM). It sends the following message to all online contacts of an affected user:
“this picture never gets old”
This worm has backdoor capabilities. It opens a random TCP port and connects to the Internet Relay Chat (IRC) server xyz.legi0n.net. Once connected, it joins the IRC channel #fate, where it listens for commands from a remote malicious user. It then executes these commands locally on affected machines.
It also downloads and executes other applications, mainly adware programs, into affected machines.
Full article here.
MacDailyNews Take: Trend Micro advises that Windows users should make sure that their their antivirus programs are up to date, to help protect against this worm and many other virus problems. Of course, you could just get a Mac where the real iTunes music jukebox runs much better and Windows worms, viruses, adware, spyware, and other malware won’t run at all.
Related MacDailyNews articles:
Microsoft Windows Sober.P worm shows ‘epidemic’ spread; Macintosh unaffected – May 03, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
So when are we going to get the articles claiming that apple software is now susceptible to viruses? There has to be some hack journalist who doesn’t know their arse from their elbow who will jump to that conclusion.
Thank God this virus is for PC only! We are still safe.
you gotta hand it to someone who can write this kind of stuff though…pretty clever if you ask me. sure, it shouldnt spread as a virus…if i was able to do something like this, i’d use it for an april fools joke etc.
somehow it seems kind of fitting.. . but all the same, M.X.N.T.4.1 is right about some journalist getting this wrong and setting apple back a few months of momentum.
What a relief that “[on a Mac] worms, viruses, adware, spyware, and other malware won’t run at all.”
Except that that isn’t true. Reason and logic say that of course these things _could_ run on a Mac. The are after all just programs. That the program may open an IRC channel and listen to it – well, IRC programs do so whose to say a malicious IRC program cannot?
The difference is that these programs would be limited in scope to what maliciousness they could perform. But if you run a program locally that has file IO access, you can do damage. You may not be able to format the drive as easily as you can on a windows box, but you can do damage to the system none the less. And turning a Mac into a spam relay box for sending emails from, say, a list sent via IRC, would not be impossible as MDN may lead us to believe.
Don’t get me wrong, as I said above, it is harder to do on the Mac and may be impossible to completely humble the system, but these programs _can_ exist and believing they cannot is planting your head firmly in the sand.
My Magic word is “changes”
Although it’s against everything I hold dear, someone should release a non-destructive virus that mimics the message of many a car bumper sticker – “if you can read this message, buy a Mac!”
That might eventually get the message accross…
Ha Ha Ha…
The real IT world has known for quite some time the vunerablities of the Mac platform. Now that has come to fruitition today with the disclosure that Apple has imbedded a virus in its iTunes program and distributes it to all iTunes users. The bell is tolling, Apple nears its date with death.
How can any serious internet enterprise system run on a system from a company that creates virii and distributes it through its software in hidden form?
The arrogance of Apple is rearing its big head. And soon, Apple’s arrogance will tip it own head into its own grave.
©
many users should stop acting like sheep!! seven years ago i sent a mass email to everyone in my address book that i would NOT under any circumstances accept ANY attachments that included .EXE as a suffix, i would probably bounce it back unopened and that this was the way malware was spread… and i’m a Mac user! yeah, i couldn’t be infected but i got a bunch of people to clue into the fact that they were all infecting each other, sometimes repeatedly, with the same virus or worm.
and yes, some hack journalists will likely ride this horse till it drops dead two weeks from now and then continue flogging it as long as it gets them hits from evangelistic Mac neophites.
oh… my… god.
Sputnik… that has to be the absolute WORST flame bait i have ever read. you’re too obvious! it has to be more subtle, insidious, misinformation with hints at the truth. hey, let’s all give him a chance to get his flame bait straightened out. Sput… go back and try again. we’ll wait. that was so blatently awful i cant start to find a reason to argue with it.
MW: issue
“Give us something we can actually take ‘issue’ with.”
Only a moron would download something sent unidentified over the web of an instant messenger and then go to a site about a dumb picture. I only allow people I know and are in my address book to instant message me in the first place.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
But I’m glad I use a Mac.
I fear that someone (WSJ journalist for instance) Googling for adverse Apple info with words like death-knell and viruses will come across young Sputniks comments and naturally believe them to be true.
“Only a moron would download something sent unidentified over the web…”
Most computers users I know are morons in computers terms. They’d do anyting the computer tells them to.
Hammer, you are judged by the company you keep. Find some new friends.
What the heck is fruitition? Can you pay for college with bananas now?
(normally I don’t care about typos but the literal dysentery from “Spudnik” deserves derision)
MW: taking
As in, trolls are taking the cake. Stop them before they multiply.
Sputnik’s here! My favorite troll and comrade! Of course he’s being obvious — as obvious as the fact that when the IT workers of the world rise up to smash the bourgeois, imperialist Apple Computer and their groveling lackeys that infest this forum, the glorious Microsoft revolution will usher in a new proletariat paradise!
I think it’s still a funny joke, and has been since 1991.
(Magic word is “couldnt” [sic] — what it lacks in correct punctuation it makes up for in security.)
would a legitimate iTunes file be arriving over AIM? And calling itself a picture from a friend?
Wow, I didn’t know even IM was a hazard on Windows!
Yesterday Gates is “not amused” about Apple’s dominance in the digital music arena, today there is a virus pretending to be iTunes, coincidence? I think not!
“WHY…
would a legitimate iTunes file be arriving over AIM? And calling itself a picture from a friend?
Wow, I didn’t know even IM was a hazard on Windows!”
why, Why? because virus writers count on the ol’ adage by P.T. Barnum… “There’s a sucker born every minute.”
and just about anything is a hazard on Windows.
Tempus, it isn’t just virii writers. One could say that the number of Windows users proves Barnum’s quote is right.
However, I personally think the use of Windows is just another validation of Sturgeon’s Law.
This is a virus that may have come from Redmond to thwart the proliferation of iTunes on PC.
I think someone slipped some LSD in Sputnik’s MS coffee mug.