Welcome to the MacNN Forums.

King Bob On The Cob · Apr 24, 2005, 09:31 PM

http://www.sophos.com/virusinfo/anal...ccowhanda.html

I love it.

"Allows others to access the computer

Installs itself in the Registry"

nredman · Apr 24, 2005, 09:34 PM

Originally Posted by King Bob On The Cob

http://www.sophos.com/virusinfo/anal...ccowhanda.html

I love it.

"Allows others to access the computer

Installs itself in the Registry"

must delete all files related to "The Registry"

ManOfSteal · Apr 24, 2005, 09:42 PM

Haha, that is awesome!

mdc · Apr 24, 2005, 09:49 PM

demograph68 · Apr 24, 2005, 09:51 PM

I'm worried. Not.

ManOfSteal · Apr 24, 2005, 09:54 PM

Originally Posted by demograph68

I'm worried. Not.

Nice new sig!

CharlesS · Apr 24, 2005, 09:58 PM

So is this a real Mac virus with a messed up description, or a Windows virus with an accurate description?

edit: hmm, looks like it might be the former. Here's what Sophos's site says if you click the "Advanced" button:

Mac/Cowhand-A is a proxy Trojan for the Mac OSX platform.

The Trojan may copy itself to the user's Preferences folder. In order to run itself on startup, the Trojan may add itself to the user's Startup Items.

This makes more sense. Anyone have any link to any source other than Sophos which is reporting this? I can't seem to find much with Google right now...

Eriamjh · Apr 24, 2005, 09:58 PM

Exactly what Operating system is "Macintosh"?

CharlesS · Apr 24, 2005, 10:06 PM

You know, if it's a trojan, it should be fairly easy to whip up a script which would search for and delete it. Well, it would be anyway if there were any information at all available about it...

willed · Apr 25, 2005, 03:42 AM

Originally Posted by Eriamjh

Exactly what Operating system is "Macintosh"?

The 'Macintosh OS' I'd guess. I hear they're about to release the 10.4th version

Xeo · Apr 25, 2005, 03:58 AM

Originally Posted by willed

The 'Macintosh OS' I'd guess. I hear they're about to release the 10.4th version

Isn't it officially "Mac OS" and not "Macintosh OS"?

Also, I could just as easily write up a page about the existence of a virus that deletes all files on the computer without authentication and e-mails itself to your friends and family immediately infecting them without any user interaction. That doesn't make it true.

I'd be interested to see 1) an actual report of someone having this and 2) the method one becomes infected by it. A program which does naughty things means nothing if it can't spread. rm can be dangerous too...

CharlesS · Apr 25, 2005, 02:04 PM

Also, I could just as easily write up a page about the existence of a virus that deletes all files on the computer without authentication and e-mails itself to your friends and family immediately infecting them without any user interaction. That doesn't make it true.

Well, it's posted at both Sophos and Secunia, so one would presume it to be accurate. It is strange, the minimal amount of information they give, though.

Millennium · Apr 25, 2005, 03:15 PM

Trojan horse. nothing new here, folks.

One day, a true virus (or possibly a worm) for OSX will be written, and it will get into the wild. This is, however, not it. Unless you're downloading warez or have particularly malicious friends, you stand little to no chance of getting this.

Mafia · Apr 25, 2005, 03:57 PM

Originally Posted by demograph68

I'm worried. Not.

Originally Posted by ManOfSteal

Nice new sig!

i like both the new sigs.

ManOfSteal · Apr 25, 2005, 04:40 PM

Originally Posted by Mafia

i like both the new sigs.

Thanks!

turtle777 · Apr 25, 2005, 04:51 PM

Again ?

-t

CharlesS · Apr 25, 2005, 07:19 PM

Originally Posted by Millennium

Trojan horse. nothing new here, folks.

One day, a true virus (or possibly a worm) for OSX will be written, and it will get into the wild. This is, however, not it. Unless you're downloading warez or have particularly malicious friends, you stand little to no chance of getting this.

Until we have some sort of information on what this thing actually does and whether it can reproduce or not, I don't think we can really say anything definitively.

Xeo · Apr 25, 2005, 07:24 PM

By definition, a trojan doesn't reproduce. That's why Millennium mentioned downloading stuff or having mean friends, because to get it on to your computer, you have to open the door for it.

That's also why I'm curious if anyone has ever gotten it and how they got it.

CharlesS · Apr 25, 2005, 08:28 PM

Originally Posted by Xeo

By definition, a trojan doesn't reproduce. That's why Millennium mentioned downloading stuff or having mean friends, because to get it on to your computer, you have to open the door for it.

That's also why I'm curious if anyone has ever gotten it and how they got it.

Well, a trojan can install a virus (sorry for the ancient example, but you get the point).

rozwado1 · Apr 25, 2005, 11:02 PM

I d/l alot of warez. I'll post back if I see anything sketchy.

demograph68 · Apr 25, 2005, 11:22 PM

^^^ Don't we all.

Superchicken · Apr 26, 2005, 01:25 AM

I don't...

That said... can anyone actually imagine having to run a virus checker on OS X? That'd be like... painful...

MilkmanDan · Apr 26, 2005, 01:35 AM

Thats it, I'm buying a PC. We all know those are safe.

Xeo · Apr 26, 2005, 03:01 AM

Originally Posted by CharlesS

Well, a trojan can install a virus (sorry for the ancient example, but you get the point).

Ah but there is no report of that virus. If it installed a virus, you'd think the trojan's definition would mention that and they'd also have a definition of that virus in a separate document .