Virus attacking Apple Macintosh PCs found-experts (OSX)

http://today.reuters.com/news/newsarticle.aspx?type=internetNews&storyid=2006-02-17T012934Z_01_N16227596_RTRUKOC_0_US-APPLE-VIRUS.xml&rpc=22

Virus attacking Apple Macintosh PCs found-experts
Thu Feb 16, 2006 8:29 PM ET

SAN FRANCISCO (Reuters) - A malicious computer worm has been found that targets Apple Computer Inc.'s Mac OS X operating system, believed to be the first such virus aimed specifically at the Mac platform.

The worm is called OSX/Leap-A, according to a posting on the Web site of antivirus software company Sophos, which said the worm is spread via instant messaging programs.

The worm attempts to spread via Apple's iChat instant messaging program, which is compatible with America Online's popular AIM instant messaging program, according to the Sophos Web site.

The worm sends itself to available contacts on the infected users' buddy list in a file called "latestpics.tgz," according to the Sophos Web site.

....

security issu--, oh wait, never mind.

Although, how many people who get a mac would then lower themselves to using AIM, an AOhell application?

once my son uses AOL even though I had begged him not to.

Yep, another mac user here. :)

So far the virus is only level 1/5

A small town is more secure than a big city. But that doesn't mean you won't ever get your car broken into in a small town. Just alot less frequently.

That, and they are a blue company, as opposed to Dell and some other top PC companies that are red.

However, if you're ever in the market for a PC again, or know someone who is, point them to Gateway which is very blue as well. http://www.buyblue.org

Alot more rare than virus's attacking PC's.

:rofl:

There goes the neighborhood!!

:rofl:

End of the Reuters article:

"The worm will not automatically infect Mac computers, but will ask users to accept the file, Weafer said."

Doesn't stop much. ~_^

launchable e-mail attachments.

Don't mis-mis-un-underestimate-missed the stupidity of people.

Unlike some other OS I could mention...

See how dumb that sounds?


:evilgrin:

can he even program?

they creat a virus and sell the program to stop it, government doesn't say anything because they implant the "Homeland Security" spyware and backdoors that are ignored by the so called "protection" programs - damn, just when I thought it was safe to take off the tin foil hat.... My guess is this is no big deal, just another propaganda tatic to keep the windows users in line, some may have been thinking about switching to the new macs to get away from the constant attacks on windows systems.

and claims them his property. Then builds and empire around it....

Gates didn't steal Q-DOS, he paid a whole $50,000 for it,
knowing full well that he was about to turn around and
sell it to IBM for millions.

Your typical rich-guy approach.

Tesha

How would have you done it? If it wasn't for Gates then the creators of Q-DOS most likely wouldn't have received any money for their work. Hey, I have lots of little projects like that and I would love for someone to come along and pay me $50,000 for them...

A partnership with the developer of Q-DOS might have been
the nice, ethical approach.

Tesha

You know, I probably would have done that too(at least I think I would have)... but that might be why I am not ever going to be the richest man in the world. ;)

> but that might be why I am not ever going to be the richest man in the world.

I hear you -- I realized that that was also true for me
quite a while ago, and precisely for this sort of reason.
I just haven't got that "go for the jugular" killer
instinct that makes people really rich.

Tesha

He was too busy to meet with the IBM PC guys and they decided to contact this young kid, Bill Gates, who also had a competing program that could run on PCs. Talk about roads not taken....

Dr.Dos' Mother: "Son, some guys from IBM are on the phone want to meet with you and discuss buying your OS for a few hundred million dollars"

Dos Boy: "Leave me alone Maaa' I'm playing D&D. Oh and knock for now on, I am 34yrs old... almost a grown man I need my privacy"






Oh wait, that's my story... Minus the IBM guys and the money.

At the time, the other guy's product was called "CP/M"
(Control Program for Microcomputers).

Tesha

I think the guy was flying his plane and couldn't be bothered to meet with them. Turned out to be one hell of an expensive decision....

Actually he bought it for for about $50,000 if I am correct. What they "stole" was the whole GUI, mouse type interface thing

it WAS the GUI from .... sheesh... i can't remember...

but thanks for the reminder.

Although if the guys at apple didn't "steal" it from PARC which lead to it being stolen from apple then chances are we wouldn't be where we are today when it comes to our operating systems. I am not saying that no one else would have came up with the idea, but the Xerox guys wanted nothing to do with it.

That'll happen...

...have the money, there are other options.

ported to the IBM Power PC CPU with an Apple GUI and lots of other eye candy.

Have fun!

With Mac OSX, you have to give your password before any software can be installed.

Mac OS can get a head cold once in a while with a bad file, but it's usually taken care of by just restarting the computer. In extreme cases, it can be remedied by inserting the start-up disk and running "Repair Permissions" from the Utility folder.

But i'm keeping my Mac's. Have a airport network. iMac,eMac and a iBook for wherever.

There's a bit more information about it here this morning:
http://www.macfixit.com/

(no permalink, so it will move)

You need to unpack it, then double click on it and enter your administrator password.

Here's more from yesterday:
http://www.macfixit.com/article.php?story=20060216075452766

A few important points

* This should probably be classified as a Trojan, not a virus, because it doesn't self-propagate externally
* It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system
* It requires the admin password if you're not running as an admin user
* It doesn't actually do anything other than attempt to propagate itself via iChat
* It has a bug in the code that prevents it from working as intended, and has the side-effect of preventing infected applications from launching
* It's not particularly sophisticated

Here's what it does if a user double-clicks on the file, or otherwise executes it:

1. It copies itself to /tmp as "latestpics"
2. It recreates its resource fork in /tmp (with the custom icon in it) from an internally stored gzip'd copy, then sets custom icon bit for the new file in /tmp
3. It then tar + gzips itself so a pristine copy of itself in .tgz format is left in /tmp
4. It renames itself from "latestpics.tar.gz" to "latestpics.tgz" then deletes the copied "latestpics" executable from /tmp (This gives it a pristine copy of itself, for later transmission)
5. It extracts an Input Manager called "apphook.bundle" that is embedded in the macho executable, and copies it to /tmp
6. If your uid = 0 (you're root), it creates /Library/InputManagers/ , deletes any existing "apphook" bundle in that folder, and copies "apphook" from /tmp to that folder; If your uid != 0 (you're not root), it creates ~/Library/InputManagers/ , deletes any existing "apphook" bundle in that folder, and copies "apphook" from /tmp to that folder
7. When any application is launched, Mac OS X loads the newly installed "apphook" Input Manager automatically into its address space (This allows it to have the code in the "apphook.bundle" injected into any subsequently launched application via the InputManager mechanism)
8. When an application is subsequently launched, the "apphook.bundle" Input Manager then appears to try to send the pristine "latestpics.tgz" file in /tmp to people on your buddy list via iChat (who will then presumably download the file, double-click on it, and the cycle repeats) (It looks like the author intended to get it to send the "latestpics.tgz" file out via eMail as well, but never got around to writing that code) -- This lets it send itself to people on your buddy list via iChat; this appears to be the only way it self-propagates externally
9. It then uses Spotlight to find the 4 most recently used applications on your machine that are not owned by root
10. In an apparent "Charlie and the Chocolate Factory" reference, it then checks to see if the xattr 'oompa' of the application executable is > 0... if so, it bails out, to prevent it from re-infecting an already infected application
11. If not, it sets the xattr 'oompa' of the application executable to be 'loompa' (this does nothing, it is just a marker that it has infected this app)
12. It then copies the application executable to its own resource fork, and replaces the executable with itself -- It has thus effectively injected its code in the host application
13. When an application is launched from then on, the trojan code is executed, and it tries to re-infect and re-propagate every time that application is launched
14. It then does an execv on the resource fork of the executable, which is the original application, so the application launches as it normally would (in theory... see below)

Not once have I installed virus protection. I have an original iMac. 233Mhz. 4GB drive. It runs like a champ. In fact I am using it right now.

Damn thing keeps going and going and going. It wont give me an excuse to buy a new one.

Still using my 400Mhz iMac, 20GB, after six and a half years. Alas, we have a newborn and have chosen to be geeky video parents. Actually, not so much of the time, but still. I may have to buy a new one, if I want to be able to edit video without spending entire days at the computer.

Still, it cracks me up to note how many non-Macs friends purchase during the lifetime of each Mac I own.

I've had my G4 450dp for a long time now, and it just keeps doing the job. When people talk about the high cost of Macs, they don't seem to factor this in. You just don't have to replace or repair as often.

We're still immune. We may not have throbbing buttons or stoplight-colored window controls, but nobody bothers us with worms or viruses either.

Redstone

So much smoother than 9. I have been using mac system software since 96, and can tell ya that OSX is solid compared to 9.

I need to be working within five minutes of going into my office.

And I have NO stability problems.

Redstone

And... I don't use iLife. You don't know what you are talking about.

Redstone

wow

And (whisper) there's a vintage Mac Plus in my spare room that has 6.0.3.

Reason why I won't upgrade from 10.3.

;)

hehehe...

Egads! A Mac Virus!

What a bunch of trash. We just can't keep it clean.

You guys are geniuses for keeping up with PCs.

At work (NASA) we spend millions of dollars keeping our machines clean, and we still get infected! And yet at home, I have absolutely no protection what so ever and we've never been hit.

It's like having unprotected computer relations.