Interesting People mailing list archives
OS X "comes of age" (malware)]]
From: Dave Farber <dave () farber net>
Date: Fri, 17 Feb 2006 06:07:15 -0500
-------- Original Message -------- Subject: Re: [IP] OS X "comes of age" (malware)] Date: Thu, 16 Feb 2006 20:50:21 -0500 From: Irwin Lazar <ilazar () burtongroup com> To: dave () farber net Dave, there's a lot of spreading of FUD around this. For this "Mac Virus" to work, a user must download and attempt to open a software package (latestpics.tgz) which poses as screenshots of the rumored Jaguar version of OS X. During the install process, the user will be prompted for their administrator user name and password. If they enter it, the application will run on their machine where it attempts to propagate itself via iChat (assuming you are running iChat). There's the key. This file is harmless unless one tries to open it, and when prompted gives logs in as an administrator. No operating system is immune to users manually installing malicious software. Not Linux, not Windows, and certainly not Mac OS X. I would hope most Mac users would express some immediate concern if they were trying to view what they thought was a JPEG file and it asked them for their system password. Irwin
From: Dave Farber <dave () farber net> Reply-To: <dave () farber net> Date: Thu, 16 Feb 2006 18:11:38 -0500 To: <ip () v2 listbox com> Subject: [IP] OS X "comes of age" (malware)] When I said this was possible, even IPers yelled so... Dave -------- Original Message -------- Subject: OS X "comes of age" (malware) Date: Thu, 16 Feb 2006 13:31:20 -0500 From: Steve Goldstein <steve.goldstein () cox net> To: dewayne () warpspeed com (Dewayne Hendricks), "David Farber [IP]" <dave () farber net> http://blog.washingtonpost.com/securityfix/?referrer=email Brian Krebs on Computer Security Posted at 10:05 AM ET, 02/16/2006 Apple Worm and More Mac Patches The first piece of self-propagating malware targeting Apple's Mac OS X operating system has been spotted online and appears to be spreading disguised as a picture of the next version of the OS. This is significant on many levels. I have been talking with security experts over the past few weeks about the research community's increased interest of late in Mac virus threats and exploits. The general theory among some of the folks I spoke with at recent hacker conferences was that 2006 was ripe to be the year of "Macsploitation" (my term). This kind of talk has never sat well with the Mac user community, which tends to view these sorts of predictions as a type of jealous, wishful thinking from users of another operating system that is constantly under attack. (For an excellent illustration of this dynamic, check out the "Castle OS X Stormed" posts over at the A Day in the Life of an Information Security Investigator blog.) Just yesterday in fact, I spoke with John Barnes, president of Washington Apple Pi, a local Mac user group with a long history, and he echoed those sentiments, noting that if Mac users are somewhat smug when it comes to security ... well, they have a right to be. Slashdot has now picked up on this, linking to the original thread about this problem over at Mac Rumors. The anti-virus firm Sophos has classified this thing as a worm, calling it OSX/Leap-A. Sophos classifies it as an instant-messaging worm. It's not clear to me at this point whether this is truly self-propagating, as I'm fairly sure OS X is set up so that infecting a machine and spreading malware would require some sort of user interaction or approval. Imagine that: the first Mac OS X malware worth noting and no one knows whether to call it a worm, a virus or a Trojan horse. At any rate, I'm sure we'll hear more about this soon (and see a slew of other names for this thing once the other anti-virus companies jump on the bandwagon). In other Mac news, Apple has issued an update to fix several problems in OS X, but the company could be a little clearer about what exactly those problems might entail. In a somewhat spare advisory issued Tuesday (a few hours after Microsoft released its bundle of patches) Apple advised OS X 10.4.4 users to upgrade to 10.4.5 to address a few "improvements" in the operating system. Among the improvements Apple cited were "time zone and daylight saving changes for 2006 and 2007"; a fix that addresses "a potential crash which may occur when processing large amounts of data in MySQL" databases; and an "issue with using and mounting Windows-formatted storage devices." Apple provides no other information or acknowledgment on its Web site as to whether these are security problems or merely fixes to help ensure smooth functioning. Mac users who have subscribed to Apple's security mailing list received an e-mail detailing one security-related fix in 10.4.5 (although this is not a particuarly serious risk). Why not include that information in the advisory on Apple's Web site? If I'm a little sensitive to this, it's because I've spent the last several weeks poring over Apple's security advisories going back three years, and noticed a welcome trend from 2003 into 2004 (OS X 10.3.4 and prior versions) away from such vague disclosures where security fixes were routinely called "improvements" with little elaboration. Mac OS X 10.4.4 users can upgrade in one of two ways: through the standalone installer, available from Apple Downloads, or through Software Update. Update, 10:49 a.m. ET:This thread over at Ambrosia Software seems to have the most coherent and rational explanation of what's going on with this Mac OS X malware. From that post: "You cannot be infected by this unless you do all of the following: 1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file 2) Double-click on the file to decompress it 3) Double-click on the resulting file to "open" it ...and then for most users, you must also enter your Admin password. You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it."
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- OS X "comes of age" (malware)]] Dave Farber (Feb 17)