A file called “latestpics.tgz” was recently posted on a Mac rumors web site (www.macrumors.com), claiming to be pictures of “Mac OS X Leopard.” Mac Rumors has, for some unknown reason, headlined their article “The First Mac OS X Virus?” – although they do seem to have recently tacked on the parenthetical “A New OS X Trojan” to the headine and added this statement to the end of their article: “It appears that there is some debate about the classification of this application, and as it does require user activation, it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.”
Ambrosia Software’s Andrew Welch explains:
You cannot be infected by this unless you do all of the following:
1) Are somehow sent (via email, iChat, etc.) or download the “latestpics.tgz” file
2) Double-click on the file to decompress it
3) Double-click on the resulting file to “open” it
…and then for most users, you must also enter your Admin password.
It does not exploit any security holes; rather it uses “social engineering” to get the user to launch it on their system. It requires the admin password if you’re not running as an admin user. It doesn’t actually do anything other than attempt to propagate itself via iChat. It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching. It’s not particularly sophisticated.
So, for those inclined to hyperbole and panic: relax. You cannot simply “catch” a trojan as you would a “virus.” There are zero Mac OS X viruses. This is not the first Mac OS X trojan and it won’t be the last. Even if someone does send you the “latestpics.tgz” file, you cannot be infected unless you unarchive the file, then open it, and authorize it to run. Just trash it. As usual, do not install and run applications from untrusted sources. Do not run Mac OS X as “root.” Same stuff as usual.
More information about this trojan in Welch’s full article here.
MacDailyNews Take: It’ll be interesting to see which media organizations, if any, pick up on this and run the incorrect story of “the first Mac OS X virus.”
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews article:
Incorrect reports of ‘Mac OS X virus’ begin to circulate – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004
I’ve found another virus! Oh my God this is terrible!
If you go to your Home folder and drag all visible folders into the Trash, THEN click Finder/Empty Trash, all my work disappears. This needs fixing by Apple ASAP.
*sarcasm
how does one run osx as ‘root’ anyway? and why would one do so?
All viruses/trojans rely on social engineering. This one is no different. PC viruses rely on the large number of people who don’t install or update their anti virus software. Mac trojans exploit Mac users’ complacency. Little difference.
We in the “real IT world” understand that this is why the Apple platform is inherently unsafe – the entire user base is operating without any anti-virus software.
Furthermore we the “pro’s” have a very limited tool set to use when a virus like this strikes. It is going to be a very long weekend for IT professionals that have the unfortunate burden of maintaining a network of infected Apple pc’s.
Once again the blind allegiance to a specific platform, one that is full of security holes I might add, is not the solution we would recommend to computer users.
At least Microsoft is dedicated to developing tools and resources for the mitigation of viruses – Apple just leaves you out in the cold…
©
right… 10,000 viruses out there for Windows… constantly hammering at PCs to get your financial and identity… yet NO, THAT IS NO active viruses exist for iOS or OS X.
thanks for SPUTNIK for today’s bit of comedy….and this folks is what I call a unemployable comedian..what a tool!
Um…but Microsoft will charge you $49.99 a year for a service to protect the operating system that they made poorly which allows executable files to be run without the users knowledge. Big difference.
Not to mention that there have been many studies regarding Mac users — we are better educated, better paid, and smarter. That is why we choose Apple.
We really need to get this out to the MAC community.
As we are adding new users to the OSX base there are new users that aren’t as sophisticated as the core community.
Some “New” users will activate this Trojan and install it unknowingly.
We need to have some tool to remove for those that have installed.
We are at the cusp of growing our base and we need to be able to diffuse anything that might slow down or threaten our momentum.
It’s 2, 2, 2 morons in one!
Reality Check:
Are you really going to post that bit of inane logic here and not expect to get called on it?
I did actually get a laugh out of it though.
Sputnik:
What can I say. Where would we be without the goose-stepping retards like Sputnik.
In point of fact, this little file amounts to nothing more than a badly coded app. Apparently it can’t even do what it was written to do (which makes me think it was written by Microsoft) so it isn’t much of a danger.
The truth of the matter is this is just another scare we really don’t have to worry about.
“how does one run osx as ‘root’ anyway? and why would one do so?”
bscepter: You just have to enable the root account in NetInfo Manager, set a password for the root account, then log in as root. As to why? Not entirely sure why someone would need to do that anymore except maybe to apply some hack or something. In the early days of Mac OS X, before the majority of Mac users were Unix savvy (or Mac OS X savvy for that matter), it seemed like the easiest way to do certain things or fix certain problems, but I haven’t seen anyone recommending the use of root to accomplish anything for years.
It’s about time something like this came along.
Mac users have been giving their admin passwords to just any program they please and Apple (or anyone else it seems) doesn’t bother to try to educate the Mac public.
Although I don’t approve of malware, this program will hopefully bring some improvement in the security and warning factor of Mac OS X.
http://homepage.mac.com/hogfish/Personal21.html
Matrix3 has a good point.
and I know for sure sputnik was trying to make this point:
“At least Microsoft is dedicated to developing tools and resources for the migration of viruses”
Wouldn’t you find it strange if opening a jpeg asked you for your username/password? I know I would.
Sure the general public won’t get this, but for the professional mac community an image should not need authorization to open.
This “trojann” is a complete non-issue. If you give any program permission to install in your computer then you may have a problem.. What’s new?
“It requires the admin password if you’re not running as an admin user.”
Is this correct? Even admin users are prompted for passwords to make system-level changes. Should it say “if you’re not running as root”? Or is it correct in implying that admin users would not be prompted?
Listen people you are not getting this correct. (reality_check specifically)
There is a HUGE difference between Trojan and Virus.
A virus (windows biggest problem) is somethng that self installs and can run itself. You may visit a web site and “get infected”. The ONLY defense against this is active anti-virus software. Not only that, but the AV software nust “know” about the virus through daily updates over the internet.
Mac OS X doesnt have a single virus (yet, if ever) because it is just simply built more securely.
A trojan is malicious code hidden inside “clean” code. “Check out these pictures of a hot chick!” They trick you into d’loading and installing software unknowingly. This is definately a vulnerability for ANY (linux, wintel, mac, unix, solaris, palm, etc.) computer.
The way to beat this is to have a new class of software (mostly to change the name) Anti-Malware (or whatever) This would simply scan what you are installing and check it against a known database of “malware”. It would see that you are about to install “latestpics.tgz” and warn you that it may be bad code.
Unfortunately we would probably hear about it here before our AntiMalware app would “learn” to protect us against it.
How much do you all want to bet that all the typical PC tech “news” web sites are going to be blowing this WAAAAAAY out of proportion. Kind of like our much beloved Reality Check and Spitnik are attempting to do?
Fear
Uncertainly
Doubt
FUD
Mac Rumors has, for some unknown reason, headlined their article “The First Mac OS X Virus?”
Can you say “need to increase hit count time?”
MacRumors has been kinda slow on the material lately, the Apple rumor mill has been hampered lately with Steve closing up the leaks.
Also other rumor sites have popped up to take the attention away from the forum sites so they don’t get shutdown in case Apple retailiates legally.
MacRumors is filled with a bunch of kids, who have found a happier home at machacking.net
Trojan? The Mac condom broke?
Blank Kludge, what point was that again? Mac OS X is about as secure as humanly possible. You sound like the sort of person who leaves his keys in the car with the engine running while stopping at convenience stores. If the car got stolen, you’d blame it on the manufacturer.
sputnik, I luv you & your infinite wisdom. Pretty please, write more, much more! Your posts are the funniest sh*t, ever!
Besto,
R/G
Wow MDN is not up to speed on this one. This thing is spreading over networks AND AIM. There have been reports of it infecting machines (when run) WITHOUT a password. I thought this to be impossible, but I beleive the reports I have been hearing. This is really not a funny little virus that we are all safe from. Be careful! And don’t be stupid!
every time reality check or sputnik posts here, i feel my IQ falling a few points when I read it.
I thought Orson Wells was dead.
As far as I’m concerned, ANYONW entering their password to view and image DESERVES whatever they get. In fact, that they SHOULD get is a Dell!
First sucker to be taken in:
http://www.theregister.co.uk/2006/02/16/mac_os-x_virus/