Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

OS X "comes of age" (malware)]

From: Dave Farber <dave () farber net>
Date: Thu, 16 Feb 2006 18:11:38 -0500
When I said this was possible, even IPers yelled so...

Dave

-------- Original Message --------
Subject: OS X "comes of age" (malware)
Date: Thu, 16 Feb 2006 13:31:20 -0500
From: Steve Goldstein <steve.goldstein () cox net>
To: dewayne () warpspeed com (Dewayne Hendricks),        "David Farber
[IP]" <dave () farber net>

http://blog.washingtonpost.com/securityfix/?referrer=email

Brian Krebs on Computer Security

Posted at 10:05 AM ET, 02/16/2006
Apple Worm and More Mac Patches
The first piece of self-propagating malware targeting Apple's Mac OS
X operating system has been spotted online and appears to be
spreading disguised as a picture of the next version of the OS.
This is significant on many levels. I have been talking with security
experts over the past few weeks about the research community's
increased interest of late in Mac virus threats and exploits. The
general theory among some of the folks I spoke with at recent hacker
conferences was that 2006 was ripe to be the year of "Macsploitation"
(my term).
This kind of talk has never sat well with the Mac user community,
which tends to view these sorts of predictions as a type of jealous,
wishful thinking from users of another operating system that is
constantly under attack. (For an excellent illustration of this
dynamic, check out the "Castle OS X Stormed" posts over at the A Day
in the Life of an Information Security Investigator blog.)
Just yesterday in fact, I spoke with John Barnes, president of
Washington Apple Pi, a local Mac user group with a long history, and
he echoed those sentiments, noting that if Mac users are somewhat
smug when it comes to security ... well, they have a right to be.
Slashdot has now picked up on this, linking to the original thread
about this problem over at Mac Rumors. The anti-virus firm Sophos has
classified this thing as a worm, calling it OSX/Leap-A. Sophos
classifies it as an instant-messaging worm.
It's not clear to me at this point whether this is truly
self-propagating, as I'm fairly sure OS X is set up so that infecting
a machine and spreading malware would require some sort of user
interaction or approval. Imagine that: the first Mac OS X malware
worth noting and no one knows whether to call it a worm, a virus or a
Trojan horse. At any rate, I'm sure we'll hear more about this soon
(and see a slew of other names for this thing once the other
anti-virus companies jump on the bandwagon).
In other Mac news, Apple has issued an update to fix several problems
in OS X, but the company could be a little clearer about what exactly
those problems might entail.
In a somewhat spare advisory issued Tuesday (a few hours after
Microsoft released its bundle of patches) Apple advised OS X 10.4.4
users to upgrade to 10.4.5 to address a few "improvements" in the
operating system. Among the improvements Apple cited were "time zone
and daylight saving changes for 2006 and 2007"; a fix that addresses
"a potential crash which may occur when processing large amounts of
data in MySQL" databases; and an "issue with using and mounting
Windows-formatted storage devices."
Apple provides no other information or acknowledgment on its Web site
as to whether these are security problems or merely fixes to help
ensure smooth functioning. Mac users who have subscribed to Apple's
security mailing list received an e-mail detailing one
security-related fix in 10.4.5 (although this is not a particuarly
serious risk). Why not include that information in the advisory on
Apple's Web site?
If I'm a little sensitive to this, it's because I've spent the last
several weeks poring over Apple's security advisories going back
three years, and noticed a welcome trend from 2003 into 2004 (OS X
10.3.4 and prior versions) away from such vague disclosures where
security fixes were routinely called "improvements" with little
elaboration.
Mac OS X 10.4.4 users can upgrade in one of two ways: through the
standalone installer, available from Apple Downloads, or through
Software Update.
Update, 10:49 a.m. ET:This thread over at Ambrosia Software seems to
have the most coherent and rational explanation of what's going on
with this Mac OS X malware. From that post:
"You cannot be infected by this unless you do all of the following:
1) Are somehow sent (via email, iChat, etc.) or download the
"latestpics.tgz" file
2) Double-click on the file to decompress it
3) Double-click on the resulting file to "open" it
...and then for most users, you must also enter your Admin password.
You cannot simply "catch" the virus. Even if someone does send you
the "latestpics.tgz" file, you cannot be infected unless you
unarchive the file, and then open it."

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: