News

{categories show_group="1"} {category_name} {/categories}

{title}

{entry_date format="%F %j, %Y"}

{body}

<< Previous | {weblog} | Next >>


thinkback

1.

Tracked: Eeek. Gasp.

This is sure to make the top news in the Mac world today: First Mac Virus Discovered. Technically speaking, the headline's wrong -- the malware in question is a script that tries to pass itself off as an image. According to Deep Thought, when a user clic

Tracked on: Electric-Escape.net at 16-Feb-06 10:02 AM

2.

I don’t understand. They specifically state that there is a bug in it and it doesn’t propagate itself. It looks like it’s designed to propagate itself, but it doesn’t work.

I guess OS X has become common now? smile

3.

comon, it opens a terminal asking for admin rights…

how many jpegs do that?
basically you could classify any executable with custom icon as a virus.

paste a custom jpeg icon on itunes - “hey, it’s no picture, it’s a virus that plays music!”
duh

4.

Except if this thing does propagate itself to your Address Book (this one doesn’t) or your iChat Buddy List (this one supposedly does), I would call it a virus.

It does require quite a bit of interaction by the end user, as you point out, but I would definitely call this the first virus if it propagates itself.

I noticed that it requires OS 10.4, so I’m guessing that whatever mechanism this is using to attach itself to an IM and send it to your buddies is new to OS 10.4, which fully supports my position that there weren’t any viruses on OS X because of the OS design and not the fact that it’s not as common as Windows.

BTW, if you double-click on a .app that you think is a .JPEG, OS X always comes up with a dialog to tell you that you are about to launch a new application and whether or not you want to continue.

5.

comon, it opens a terminal asking for admin rights…

“It requires the admin password if you’re not running as an admin user” --Andrew Welch

BTW, if you double-click on a .app that you think is a .JPEG, OS X always comes up with a dialog to tell you that you are about to launch a new application and whether or not you want to continue.

From what I’ve seen over at MacRumors, it doesn’t sound like this is the case; it seems like it just runs without that dialog. Most of the regular posters on MacRumors--including some who opened this trojan--are tech-saavy people and would have caught that.

And it requires 10.4. because it uses Spotlight, apperently.

If you haven’t already, be sure to read this:
http://www.ambrosiasw.com/forums/index.php? showtopic=102379
It sums everything up nicely.

Page 1 of 1 pages