‘Macarena’ malware does not exploit Mac OS X bug

“OS.X Macarena poses no viable threat as currently conceived. Although we don’t have our hands on the virus source code, according to Symantec (who initially publicized the virus last week) OSX.Macarena can infect neither PowerPC-exclusive binaries, nor Universal binaries. It can only affect binaries that are Intel-specific. That would include various system files, but since OSX.Macarena can only infect files in its own directory and has no means of gaining the privileges necessary to escalate into directories where most system files are stored, the the threat level is mitigated,” MacFixIt reports.

MacFixIt reports, “Further, it can be reasonably said that this ‘virus’ is no more than a basic exploitation of the way in which UNIX permissions are designed to operate. By default, applications have permission to modify files that reside in their same directory. It’s somewhat akin to writing a shell script that deletes one or more (or all) files in the home user directory then distributing that script as a download: Running the script has a malicious outcome, but there would be no way to prevent its operation without changing the granularity of permissions in Mac OS X (assigning some applications tigher restrictions than the default user-level permissions allow) — something Apple may or may not enact in Mac OS X 10.5 (Leopard).”

MacFixIt reports, “Symantec admitted to MacFixIt: ‘I think the phrase ‘proof of concept’ which is used in the writeup may have caused some confusion. This is not a threat which is exploiting some bug, rather the concept that is being proven is that Mach-O files can be infected, and that Mac OSX file infecting viruses are therefore possible.'”

“Also, as has been the case with virtually all purported Mac OS X viruses documented by anti-virus firms thus far, there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur,” MacFixIt reports. “As a result of these considerations, the OSX.Macarena has served less as a ‘warning shot’ across the bow of Mac OS X than as a re-iteration of just how difficult it is to write an effective virus for the operating system.”

Full article here.

Related MacDailyNews articles:
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

50 Comments

  1. Everyone in the real IT world knows that, even though the Macarena variant may not contain the vehicle for propagation that a traditional code infection would contain, that it lays the groundwork for very real future infections. Once these start to arise, the facade of security that Mac users gloat about will crumble. Perhaps it is time that Mac users look to a more viable solution, and the far more robust security that Windows Vista will offer.

    ©

  2. Talked to a co-worker about Macs this morning. She doesn’t like Macs that much (but has a old iMac at home). However, her ears pricked up when she asked about viruses. Seems they had a problem with McAfee windows program causing their PC to grind to a halt. Then the inevitable yearly subscription fee. Told her I use a free solution (ClamXAV) which works okay, but hard to tell cos there are no real virus out there for Macs yet, though there probably will be some at some point.

    Then I told her about all the free software that comes with a new mac, showed her my website and how easy it is to organize photos etc and make DVDs.

    So that seed has been planted in her head. Hopeful, they will try out some macs soon…

    But that all started with the virus issue.

  3. Sputnik,

    OMG you can’t be serious.

    I, personally, will continute to gloat. Even after the first dozen REAL, EFFECTIVE OSX viruses, I will continute to gloat. Because then OSX will have 12 viruses, and Windows will have 90,000.

    Seriously man, don’t you think there are at least a few dozen coders out there that are so fed up with us Mac “gloaters” that they’re trying to create OSX viruses to shut us up and make us look like idiots? There should be at least ONE (if not thousands of) brilliant, pissed off, Windows-loving, Mac-despising 18-year-old with nothing but time that has successfully created an OSX virus.

    But no. Six years after OSX is introduced, NOTHING. Not a damned thing. Not one single real virus.

    LOL

  4. People,
    Please realize Sputnik is here for our (and his) amusement, and that he lays on the sarcasm more thickly than most of us realize or can grasp. Please be nice to him. I appreciate him.

  5. A quick explanation about OS X/Unix security for Sputnik and Topshot (cheapshot?):

    Mac OS X is a souped-up version of BSD Unix. It IS Unix. In Unix systems executables reside in the bin (short for binary) directory. Bin is owned by, and locked to, the admistrator, “root”. Root is never logged in except for administrative purposes. Applications run by users inherit ONLY the user’s security access. Users can’t modify the bin directory. Thus a “virus” on an OS X machine is confined to the directory in which it finds itself initially. It can’t run or modify processes or files that the user, its “owner”, does not have access to. This is totally different from Windows, where once a user or application gains access to any part of the machine it can execute or modify EVERYTHING. With Vista THAT SITUATION WILL NOT CHANGE! Vista will still have a registry and the same 1980’s file system that has made it an easy victim for every script-kiddy for 20 years.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.