‘Macarena’ malware does not exploit Mac OS X bug

“OS.X Macarena poses no viable threat as currently conceived. Although we don’t have our hands on the virus source code, according to Symantec (who initially publicized the virus last week) OSX.Macarena can infect neither PowerPC-exclusive binaries, nor Universal binaries. It can only affect binaries that are Intel-specific. That would include various system files, but since OSX.Macarena can only infect files in its own directory and has no means of gaining the privileges necessary to escalate into directories where most system files are stored, the the threat level is mitigated,” MacFixIt reports.

MacFixIt reports, “Further, it can be reasonably said that this ‘virus’ is no more than a basic exploitation of the way in which UNIX permissions are designed to operate. By default, applications have permission to modify files that reside in their same directory. It’s somewhat akin to writing a shell script that deletes one or more (or all) files in the home user directory then distributing that script as a download: Running the script has a malicious outcome, but there would be no way to prevent its operation without changing the granularity of permissions in Mac OS X (assigning some applications tigher restrictions than the default user-level permissions allow) — something Apple may or may not enact in Mac OS X 10.5 (Leopard).”

MacFixIt reports, “Symantec admitted to MacFixIt: ‘I think the phrase ‘proof of concept’ which is used in the writeup may have caused some confusion. This is not a threat which is exploiting some bug, rather the concept that is being proven is that Mach-O files can be infected, and that Mac OSX file infecting viruses are therefore possible.'”

“Also, as has been the case with virtually all purported Mac OS X viruses documented by anti-virus firms thus far, there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur,” MacFixIt reports. “As a result of these considerations, the OSX.Macarena has served less as a ‘warning shot’ across the bow of Mac OS X than as a re-iteration of just how difficult it is to write an effective virus for the operating system.”

Full article here.

Related MacDailyNews articles:
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

50 Comments

  1. Everyone in the real IT world knows that, even though the Macarena variant may not contain the vehicle for propagation that a traditional code infection would contain, that it lays the groundwork for very real future infections. Once these start to arise, the facade of security that Mac users gloat about will crumble. Perhaps it is time that Mac users look to a more viable solution, and the far more robust security that Windows Vista will offer.

    ©

  2. Talked to a co-worker about Macs this morning. She doesn’t like Macs that much (but has a old iMac at home). However, her ears pricked up when she asked about viruses. Seems they had a problem with McAfee windows program causing their PC to grind to a halt. Then the inevitable yearly subscription fee. Told her I use a free solution (ClamXAV) which works okay, but hard to tell cos there are no real virus out there for Macs yet, though there probably will be some at some point.

    Then I told her about all the free software that comes with a new mac, showed her my website and how easy it is to organize photos etc and make DVDs.

    So that seed has been planted in her head. Hopeful, they will try out some macs soon…

    But that all started with the virus issue.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.