TG Daily: First recorded Mac OS X worm meets a well-prepared

SMFulton3

Distinguished
Feb 8, 2006
3
0
18,510
If you found this message, then you should be congratulated for that feat alone.

Anyway, here's the story we're talking about today: If Macintosh users worldwide have one more thing to congratulate themselves for today, it's for not panicking in the face of a potential threat that may just serve as one more indication of the platform's resurgent strength. An instant messaging worm, code-named OSX/Leap-A by security engineers, that poses as a JPEG image being shared on the iChat service, is being recognized for what it is by thousands of Mac users: not a major threat, specifically because Mac users recognize it. Here's the story on TG Daily.

So how do you distinguish between the different categories of malware in your mind? And perhaps even more importantly, should that distinction matter?

Scott M. Fulton, III
 

mforce2

Distinguished
Feb 12, 2006
14
0
18,560
I'm not going to get into all of this but it's obvious you're in trouble if you give your root password like that . No OS can protect you if you're a .... let's say naive user . The only flaw seems to be in an app and OS X is still a hard nut to crack because it is after all Unix as is Linux 8) .
 

Maco

Distinguished
Feb 18, 2006
1
0
18,510
Hmmm, let me recap. The user has to download this, doubleclick to unpack it and doubleclick to run it. Then type in name and the admin password. And afterall it doesnt really do anything harmful. Wow, doesnt anybody know where I could get this? 8O
 

halprin

Distinguished
Feb 18, 2006
2
0
18,510
Hmmm, let me recap. The user has to download this, doubleclick to unpack it and doubleclick to run it. Then type in name and the admin password. And afterall it doesnt really do anything harmful. Wow, doesnt anybody know where I could get this? 8O
The only thing that it does harmful is is that it "cripples" the latest 5 programs used so that they do not execute. So that is something harmful.
As for where one can get their hands on it, it has basically been eradicated from the internet because of the fast response from the Macintosh community.
 

benjamin

Distinguished
Apr 4, 2004
18
0
18,560
Hmmm, let me recap. The user has to download this, doubleclick to unpack it and doubleclick to run it. Then type in name and the admin password.
Nope. If your account is set with the option "Allow user to administer this computer", it apparently doesn't require a password, due to the default permissions set. Inherent fault of the OS? That's a marginal one.

Eitherway it's not a virus, it's social engineering. No computer user is ever completely safe from themselves... quite how this is news, I'm not sure.
 

smittyhotep

Distinguished
Jan 28, 2006
8
0
18,510
you know, im a unix sysadmin, and now that i think about it, i dont remember any unix viruses before now. well worms but you get my meaning.
 

mi1400

Distinguished
Dec 14, 2005
12
0
18,560
I believe, to classify this whether to virus, trojan, worm.... the very easy out of this is to compare its characteristics with the viruses, Trojans and Worms for Windows... which category in characteristics most satisfies be awarded to this Mac threat. Calling it Malware will be like just calling it only a "bad thing".

I personally believe this is a "Virus".....
Its not trogan cuz of classic old definitions (not current/recent defs by every tom/dickle/harry) trojan when infecting gives some sort of remote admin control. It remains stealth and harms are tasks asociated to remote-controler's operations.
Its also not a Worm cuz worm doesnot damages the PC. Worm is similar to Trojan.. yes and not virus cuz Worm is also leaks perosnal info but it lacks the controlability of remote admin. Worm just keep broadcasting preprogrammed valuable information like all email addresses on the PC for bulk mailers buisness etc.
It is Virus.... cuz it was only damaging the PC it was broadcasting personal info. and it was also not a remot-admin software.

Regards

Muhammad Imran
Islamabad, Pakistan.
 

mi1400

Distinguished
Dec 14, 2005
12
0
18,560
CORRECTION (added word "NOT" in last para): Admin please delete the earlier post. Thanks.

---------------------
I believe, to classify this whether to virus, trojan, worm.... the very easy out of this is to compare its characteristics with the viruses, Trojans and Worms for Windows... which category in characteristics most satisfies be awarded to this Mac threat. Calling it Malware will be like just calling it only a "bad thing".

I personally believe this is a "Virus".....
Its not trogan cuz of classic old definitions (not current/recent defs by every tom/dickle/harry) trojan when infecting gives some sort of remote admin control. It remains stealth and harms are tasks asociated to remote-controler's operations.
Its also not a Worm cuz worm doesnot damages the PC. Worm is similar to Trojan.. yes and not virus cuz Worm is also leaks perosnal info but it lacks the controlability of remote admin. Worm just keep broadcasting preprogrammed valuable information like all email addresses on the PC for bulk mailers buisness etc.
It is Virus.... cuz it was only damaging the PC it was NOT broadcasting personal info. and it was also not a remot-admin software.

Regards

Muhammad Imran
Islamabad, Pakistan.
 

pgstormblade

Distinguished
Jul 5, 2002
1
0
18,510
After reading the first few responses - where does this "thing" qualify to be a virus or trojan? It qualifies as malware and that is about it.

Has everyone forgot the fact that the way this thing moves about is by iChat - iChat for gods sake, who uses iChat?.......

This is FUD plain and simple - the last poster basically said as much and I agree.
 

pwnage

Distinguished
Dec 13, 2005
7
0
18,510
If Mac users want to stay away from this, USE ADIUM. besides its much better any way.

as we all no people who write viruses and such go after the largest population possible ( PC's ) this guy just got a bug up his a** and desided that it would be fun to write a malisious program that would affect 2% of the worlds computer population. it's cool that he took the time and effort to do this but it wasn't really worth it, that and it didn't work. i'd like to get it and see the code that he wrote. be interesting to see.

And if he/she is in this forum. congrats. not many people outside of cupertino can write code for unix.
 

mi1400

Distinguished
Dec 14, 2005
12
0
18,560
Very grateful, pgstormblade ...
Tomorow i was also wondering about Mac/Steve Jobs' confusion what to call this threat. there are two points hidden in this confusion

1. The frustruation/rhetoric Mac has with Windows/Bill gates of just-not-to-follow or learn, take good free advice from them.

2. Steve Jobs was perhaps despirately looking fpr a glorious market name for it. perhaps the names before in consideration for "Malware" were MalNano, Then Virus likes threats in future to be called MalMini and reserved name for Trojans be PowerMal..... Common on Steve the virus world is not glorious but its cruel killer world... Please stop using HarryPotter-ious names every where. OS threats are no like Harmless-Wizards/Witches of Harry potter dealing with him while behaving strickly inside british-manners. The OS threats make people cry and companies Bankrupt.

3. The over tiddy dressed and skill-less MAC-OS is perhaps the proof that Mac remained so far behined that when it comes t just identify a hurdel it takes first the Mac marketting people to invent term for it and then to Mac Engineers start written solution using those terms.

Muhammad Imran
Islamabad, Pakistan.
 

pwnage

Distinguished
Dec 13, 2005
7
0
18,510
we can all tell your a PC user. : )


dood sorry to say but Apple has beaten Microsoft to the punch many times.

Apple had the first 64 bit OS, Microsoft has yet to relaese a STABLE version of a true 64 bit OS.

OH and dont forget where the original consept of windows came from.

Steve Jobs and Steve Wozniak. Yes it may be a surprise to you but its TRUE. Gates just stole it and marketed it at the right time. besides i predict that Microsofts market share will decress. only because the are so gay about their user licensing i can see them burnning their bridges because of it.

also you might want to watch the CES keynote from Gates. you'll see that gates has once again stolen an idea that someone else came up with and tried miserably to make it his own (Windows Vista)

You know i tend to think that people who talk smack about Apple have never used one. so im going to make a challange to those people. go to an Apple store or online, buy a Mac, and become familliar with it. i can asure you that you wont want to go back to windows. i sure haven't.

OH one last thing Micosoft + Licensing = Microshaft
 

mi1400

Distinguished
Dec 14, 2005
12
0
18,560
Dear Pwnage, i agree with you and M$ will keep cheating for ever.. does that pleased.... but dilema is why the "pioneers" are crying fowl when they are left behind. XBOX is cheated version of PS, WindowsCE is perhaps of Symbian, Billgates car whells are cheated from the person who invented Wheel....

Lets assume that MAC was first for 64bit http://www.theregister.co.uk/2003/07/07/mac_os_x/ .... saying this i must tell... that when there a new software lets say wine .. will propagate that it runs faster eventhan the actual companies own software.. thing is the new software lacks their own documented features. i.e. Naked man will run faster than one in soldier gear. So when u see Discovery channel etc and F1 racing or Science Programs what will u see... yes Windows running their engineering softwares. Swedish Navy's new stealth fregates run Windows-2000 as Ships central OS....

I have used Mac and Mini aswell... but in brief using there were two tings.. most of the world doesnt even knw there is a root like user for mac and Apple has not even documented that their is and they even dont tell its default password. Mac mini the propagated compact pc cant eject dvd when off with even inserting pin. no mic socket, no battery. it is a 3 times expensinve system than the hardware in it. When u pay for a machine with no screen/keyboard/mouse and equal to a NoteBook's price why not just buy a NoteBook.

The vista delay u r talking is because MS not developing an OS to run iTunes and sincronise iPodNano with it. It is to continue serving/evolving the trillion dollar corporates, Engineers and all the world to migrate to new horizons. It is New space shuttle in development, not yet another flying vehicle.

Yes i am feared of MS licencing. But we atleast not have to fear for the World not following the Moore's law. But still being religious i dont like this too hurry in technology progress.....

Muhammad Imran
Islamabad, Pakistan
 

pwnage

Distinguished
Dec 13, 2005
7
0
18,510
im not entirely sure what you're trying to say. but i'll address the points i could make out.

i wasnt talking about panther, i ment tiger. and yes tiger is 64 Bit

yes there is a root user and there is no default password. just leave it blank. you can enable it in the net info manager.

the reason apple doesn't document it is because most people dont need to know. for most standard admiin access is fine. the only people, out side of cupertino, who would want to use the root or su account, are people who like to fidel with things that they shouldn't.

really i counldn't care less about vista being able to run itunes and sincronise with my ipod. that what my mac is for. :D

the only reason corperations still use window is because its not cost effective to change the way there net work runs.

i cant see why being religious has to do with hurring into technology. im religious too and i love the latest and greatest.
 

Zoron

Distinguished
Jan 11, 2002
104
0
18,630
OH and dont forget where the original consept of windows came from.

Steve Jobs and Steve Wozniak. Yes it may be a surprise to you but its TRUE.

Actually, it's NOT.

Doug Engelbart's Augmentation of Human Intellect project at SRI in the 1960s developed the On-Line System (NLS), which incorporated a mouse-driven cursor and multiple windows. Engelbart had been inspired, in part, by the memex desk based information machine suggested by Vannevar Bush in 1945. Much of the early research was based on how young humans learn.

Engelbart's work directly led to the advances at Xerox PARC. Several people went from SRI to Xerox PARC in the early 1970's. The Xerox PARC team with Merzouga Wilberts, codified the WIMP (windows, icons, menus and pointers) paradigm, first pioneered on the Xerox Alto experimental computer, but which eventually appeared commercially in the Xerox 8010 ('Star') system in 1981.

Beginning in 1979, started by Steve Jobs and led by Jef Raskin, the Lisa and Macintosh teams at Apple Computer (which included former members of the Xerox PARC group) continued to develop such ideas. The Macintosh, released in 1984, was the first commercially successful product to use a GUI. A desktop metaphor was used, in which files looked like pieces of paper; directories looked like file folders; there were a set of desk accessories like a calculator, notepad, and alarm clock that the user could place around the screen as desired; and the user could delete files and folders by dragging them to a trash can on the screen. Drop down menus were also introduced.

There is still some controversy over the amount of influence that Xerox's PARC work, as opposed to previous academic research, had on the GUIs of Apple's Lisa and Macintosh, but it is clear that the influence was extensive, because first versions of Lisa GUIs even lacked icons. These prototype GUIs are at least mouse driven, but ignored completely WIMP concept. Rare screenshots of first GUIs of Apple Lisa prototypes are shown here. Note also that Apple was invited by PARC to view their research, and a number of PARC employees subsequently moved to Apple to work on the Lisa and Macintosh GUI. However, the Apple work extended PARC's considerably, adding windows that can be overlapped, manipulable icons and a fixed menu bar and direct manipulation of objects in the file system (see Macintosh Finder) for example. The modern GUI as we know it owes as much or more to Apple as it does to PARC - it is incorrect to claim that Apple "copied" or "stole" PARC's work. A good article pointing out many of the significant improvements that Apple brought to the GUI over PARC's implementation can be read here (folklore.org)

Now while this article claims that it's incorrect to say that Apple copied PARC... it's quite clear that the original concept for a GUI did NOT come from Apple. They changed and improved on PARC's concepts, but those concepts were conceived before Apple.

:p

Apple had the first 64 bit OS, Microsoft has yet to relaese a STABLE version of a true 64 bit OS.

Win XP x86-64 is perfectly stable. It lacks the wide driver support of 32-bit XP, but those issues aside, it is a perfectly stable OS.

As for being the first, you're wrong yet again:

* 1991: MIPS Technologies produced the first 64-bit CPU, as the third revision of their MIPS RISC architecture, the R4000. The CPU was commercially available in 1991 and used in SGI graphics workstations starting with the Crimson, running the 64-bit version of the IRIX operating system.

* 1992: Digital Equipment Corporation introduced the DEC Alpha architecture which was born from the PRISM project.

* 1994: Intel announced plans for the 64-bit IA-64 architecture (jointly developed with HP) as a successor to its 32-bit IA-32 processors. A 1998-1999 launch date was targeted.

* 1995: Fujitsu-owned HAL Computer Systems launched workstations based on a 64-bit CPU, HAL's independently designed first generation SPARC64. IBM released 64-bit AS/400 systems, with the upgrade able to convert the operating system, database and applications.

* 1996: Sun and HP released their 64-bit processors, the UltraSPARC and the PA-8000. Sun Solaris, IRIX, and other variants of Unix continued to be common 64-bit operating systems.

* 1997: IBM released their RS64 full 64-bit PowerPC processors.

* 1998: IBM released their POWER3 full 64-bit PowerPC/POWER processors.

* 1999: Intel released the instruction set for the IA-64 architecture. First public disclosure of AMD's set of 64-bit extensions to IA-32 called x86-64.

* 2000: IBM shipped its first 64-bit mainframe, the zSeries z900, and its new z/OS operating system — culminating history's biggest 64-bit processor development investment and instantly wiping out 31-bit plug-compatible competitors Fujitsu/Amdahl and Hitachi. 64-bit Linux on zSeries followed almost immediately.

* 2001: Intel finally shipped its 64-bit processor line, now branded Itanium, targeting high-end servers. It fails to meet expectations due to the repeated delays getting IA-64 to market, and becomes a flop. Linux was the first operating system to run on the processor at its release.

* 2002: Intel introduced the Itanium 2 as a successor to the Itanium.

* 2003: AMD brought out its 64-bit Opteron and Athlon 64 processor lines. Apple also shipped 64-bit PowerPC chips courtesy of IBM and Motorola, along with an update to its Mac OS X operating system. Several Linux distributions released with support for x86-64. Microsoft announced that it would create a version of its Windows operating system for the AMD chips. Intel maintained that its Itanium chips would remain its only 64-bit processors.

First 64-bit OS? Hmmmmmmmmmmmm. Linux beat Apple to the punch here... and so did IBM. If you're going to make outrageous claims to paint Apple in a positive light, you should at least have some facts behind those claims.

:p

You remind me of Apple's ads... when they were running PowerPC chips, they were supposedly 83% faster than PCs... now that they are running Intel x86 chips... well suddenly those Intel chips are 63% faster than their PowerPC chips.

People complain about Intel's misleading marketing all the time... yet few people look at Apple's downright outrageous marketing BS.
 

Zoron

Distinguished
Jan 11, 2002
104
0
18,630
Finally, we will look at a worm called OSX/Oomp.A. This malicious code is developed for the MacOS/X operating system, which replaces other programs in the copy with a copy of itself which includes the original program among its resources.

When it is run, this replacement file runs the malicious code and then tries to execute the original program. However, due to programming errors, the original program is not launched correctly. This worm spreads via instant messaging in a file called 'latestpics.tgz'.

Panda is calling it a worm because of the way it spreads. The fact that the program has errors in it probably has more to do with it not causing much of any damage, rather than Mac users "being aware of it".

Please.
 

pwnage

Distinguished
Dec 13, 2005
7
0
18,510
Dude if your getting your info from Wikipedia I feel sorry for you.

No one knows every thing and if you think you do, then your sadly mistaken.

Wikipedia can be a great source of info but the fact that any one can go in and change things is somewhat disturbing. Sure I'm probably wrong but who the hell cares. My point is Apple is a great company. And if you look at the stocks they’re doing a lot better than Microsoft. AND YES GATES DID STEAL FROM JOBS. No one wants to admit it though. And I'm sure Jobs stole from others. I think he did from Xerox, not sure though. Have you also considered the fact that Jobs could have been working on the same concept at the same time? One source shouldn’t be all of you proof. Try looking at some respected sources.

As for Windows XP 64 Bit. The whole concept of a stable OS is having drivers for it. With out them what’s the use? That’s why I say that it’s an unstable OS. It's not some thing to go and build your new computer off of. And I hope you realize that Linux is virtually the same as the apple OS. Also it seems, after a quick skim, that this talks more about 64 bit processors and not operating systems. I would like to see a source that talked more about the OS factor rather than processors.

And sorry to say Macs are faster. Have you had the chance to use a new Intel Mac yet? Probably not. I did a little test of my own, nothing scientific. I put an Intel Mac, with 2GB or ram, up against one of my machines, a P4 3.0 64 bit (HT enabled), 2GB ram, and a raptor HD. now you probably think that the PC has one up on the Mac, WRONG.


The Intel Mac smoked the PC in start up; I was something on the lines of a 20 sec difference. I tried opening apps. Photo Shop CS2, Dream Weaver, and Microsoft Office. The Mac was still faster. Even opening Microsoft’s own program it was faster. And it has to use rosette to open it. So I’m opening two programs at once and it’s faster. You can’t tell me that apples claim isn't justified.

Just to let you know, they only tested the floating-point unit. Not real world, sure I would have preferred real world testing but you can’t always get what you want. Apple doesn’t mislead it just leads. Apple has released I think 4 or 5 operating systems to Microsoft’s 2 or 3. That should tell you something. And what’s even worse is that Apple sells that OS cheaper that Microsoft’s. I'm sorry but in my mind Microsoft is pathetic.

Quite honestly I think you're just another piece on Microsoft’s chessboard, waiting to get played.
 

mi1400

Distinguished
Dec 14, 2005
12
0
18,560
Man please stop copy pasting the lame crap from inernet's Mac-World and illuding ur own self. You all ready wrote over lengthy meaningless stuff in urlast port.
You talk about MAC leading rather missleading.. aeh... in 25+ years Mac couldnt develop its Office software still feeding on MS-Office for Mac, InternetExplorer for MAC. If MS pulls plug on you Mac wil starve to death big time. Photoshop you are talking about. Most extreme plugins are not yet written for Mac.
You again gave crap of Mac faster than Windows. why dont u just read my prev 2 replies, Pwnage and Zoron replied carefully. What does it achieve running faster??? hide from shame!!!???... Can u install Oracle8i/9i, Developer6i/9i, 3DMax, AutoCAD...No No No.. Games are ported from PC to Mac not Mac to PC. and Games are technlogy on test bed.
And u know switching to Intel will make Mac death more quicker as IBM has been annoyed and if u would have allianced with IBM in software field you would be more benefitial. Perhaps a preinstalled DB2 or things like would give some breath to Mac.
Thing is with Windows so much evolved the Mac people are falling more and more in the inferiority complex. and in frusatration they beating about with IBM annoyed and Incompitent Mac developer to further evolve the Mac i.e. Mac has reached its saturation level and the days are not far that as they have sold themselves to Intel they will also sell theiself to IBM software department.

Muhammad Imran.
Islamabad, Pakistan

P.S:
About Panda calling it Worm. We should look to FSecure www.f-secure.com most promonent and respected in virus tracking & classifying etc
 

pwnage

Distinguished
Dec 13, 2005
7
0
18,510
dont be so iggnorant.
I don't give crap AND I dont read Mac World. I don't pay for stuff that I will never read.

Have you ever heard of Apple Works. The only reason people use MS office for mac is because it's easier. Not because they have to. Apple Works is almost the same as Office and can be used in cunjunction with. Why does every one get up in arms about Apple? I have yet to understand that. They make some of the best computers out on the market and have almost always been attentive to their customer base. You guys probably think Dell is hot stuff.

Mac's were never designed to play games. Thats what PC are for. the only reason I choose those programs is because they are cross platform. i used normal installs of all the programs and i made sure every thing was exactly the same.

The resent switch from PPC to Intel will not kill apple, it will make them stronger. They had one reason for the switch, that was to get a better power:watt ratio. The PPC is unable to support Apples future designs. What about the switch from the Mottorolla chips to the PPC ones that didn't hurt apple. If anything this is helping. With every one on one set standard processor things will be made easier. That is a fact that cannot be denied.

Calling me and other Mac users "inferior" isn't going to get you any where. As a matter of fact we are not.

You and that other guy that pulls stuff out of Wikipedia are just afraid of change. you guys are unwilling to adapt and change as the markets change. This is what is needed to survive in this arena.


This is gona go no where fast so let drop the subject and go our seperate ways. I do hope you change your mind some day.