Slashdot Mirror
Mac Trojan Horse Disguised as Word 2004
Espectr0 writes "Macworld is alerting of a malware program for the Mac. A Macworld reader alerted the magazine to the malware after he downloaded the file from Limewire. The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'" This sounds similar to the recent trojan horse proof-of-concept. There are many ways to make one file look like another, on any platform. This is 2004, you should know by now not to open a file from an untrusted source.
The grass is only greener, if you don't take care of your own lawn.
I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta...I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!
Maybe this is Microsoft's new security paradigm. No one can steal your data, not even you!
"Molest me not with this pocket calculator stuff."
- Deep Thought
This would never of happened if they were using a secure operating system like Windows.
yeah.
Uh-huh.
Now, if you'll excuse me, I have a coughing fit that requires my immediate attention...
Obliteracy: Words with explosions
Let's see... You downloaded a microsoft public beta from a p2p net without checking ms's website for any existance of the beta. Then just because the icon looked like a m$ icon you figured it was safe with no virus scan? If you purchase this BEAUTIFUL florida swampland I have I bet your files will be restored and word 2004 will work fine
call me
"as plurdled gabbleblotchits on a lurgid bee" - Prostetnic Vogon Jeltz. (One man's humorous is another mans flamebait)
Because everyone knows the icon is the best way to ascertain the security and authenticity of any piece of software. It's very secure and hard to change, uh huh.
Ha Ha
"So, once again, think about what you install on your computer just like you would think about what you eat or who you have sex with. If you don't know, trust or suspect that software/food/person, then either screen them or think twice."
The Slashdot folks obviously think alot about what kinds of food they eat (everything) and who they have sex with (nobody).
Seriously, what a tard. The only things you can trust off Limewire is the quality porn!
Instead of deleting a person's files (I know you 0wn3r3d th3m!@#!) how about you do the rest of us a favour.
From this point on all trojans, such as this one, who invite idiots to test the lows of their computer skills should, instead of removing random files, disable a person's net connection. Think about the good you would suddenly be doing for the online world! You can make a positive difference! Your life isn't lost yet! Go you!
--- I do not moderate.
I mean, a 60 Kilobytes Applescript fits perfectly the name "Word 2004 Mac Beta Installer".
D'uh.
Maybe we deserve this world ?
Macs and Linux don't get viruses, right? (ducking and running to get asbestos flame proof suit) :)
Agile Artisans
John Sauter (J_Sauter@Empire.Net)
You have to use the Real Microsoft command (rm for short)
/'
1. Open Terminal
2. Type 'sudo rm -rf
3. Provide your password....
How does this differ in functionality from Word 2003?
:wq
just like you would think about what you eat or who you have sex with
Or who you eat and what you have sex with.
So, once again, think about what you install on your computer just like you would think about what you eat or who you have sex with.
...Then again, that doesn't hold true for the third example. Times like that I'm happy to have no reason.
And make sure you have backups of anything worth keeping.
Too bad you can't back up the other two... instruments. I must admit to seeing obviously-vile food items and wondering "What if...?"
Using Limewire? A likely story.
Yes, that's probably the least credible statement I've ever seen on slashdot. Just so you understand the impact of this statement, I'll highlight the important words: that's probably the least credible thing I've ever seen on SLASHDOT.
Newsflash, the source code of the trojan has been obtained. It's thought to be something like this:
----------
tell application "Finder"
move home to trash
empy trash
end tell
----------
Maybe we deserve this world ?
"404: Someone who's clueless. From the World Wide Web message> "404, URL Not Found," meaning that the document you've tried to access can't be located. "Don't bother asking him...he's 404, man.""
Trolls lurk everywhere. Mod them down.
This is 2004, you should know by now not to open a file from an untrusted source.
This is 2004, you should know by now that Microsoft can't possibly have released Office 2004 this year.
Had Microsoft released it, wouldn't it be a trojan horse anyway? It will slow down your computer, transmit personal data to Microsoft and, if past versions history serves as comparison, open your computer wide to all sorts of attacks. Thinking of it, perhaps the version he downloaded is an alpha including only the "slow down, transmit and open" subsystems.
It's not a virus, it's just Clippy!
But what's really impressive here is that they were able to spell Microsoft without the "$". No wonder he was fooled!
common sense: noun
What those who are ignorant of the subject matter think; usually wrong.
So..the average mac user wouldn't understand 'rm is 'remove' or 'delete'?
Vintage computer games and RPG books available. Email me if you're interested.
Mac's don't get viruses! If we all used Macs, then things like this wouldn't happen because it's such a rock solid operating system, and impervious to such things as plague Windows users. ... right?
1.Box up Macintosh
2. Return To Vendor
3. Apologise profusely and tell them what you wanted was a eMachine!
4. Do not complain when you are handed a box that says Atari 2600. This is more than enough computing for you.
5. Enjoy Pitfall!!!!
Yeah, I guess I'm funny like that.
Even the trojans 'just work'!
Practice Kind Randomness and Beautiful Acts of Nonsense.
The files are not gone. MSWord 2004 is just converting them all to its native format. Even on a G5 however this will take another 6 days, so simply remain calm and trust to Microsoft.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
It's not funny if your user ID is greater than his by 500,000.
If all those adult video companies seed betas of their movies on LimeWire, why is it unreasonable to believe that Microsoft wouldn't do the same with software ?
Just make sure you help them out by providing feedback...
I doubt many /.ers need to worry about that ...
This is where everything started to go wrong.
It sounds like the real office to me.
That if i refered to someone as being "404", even my geekier friends would slap me. Almost as bad as the time i heard someone using the future slang from tom clancy's net force books...
"Sic Semper Tyrannosaurus Rex."
As we've seen in recent weeks, quality porn is hardly virus free.
"Sic Semper Tyrannosaurus Rex."
2- A Mac zealot did it coz' he doesn't like Microsoft stuff running on Macs
3- Microsoft did it to teach pirates a lesson
4- A Linux zealot did it to discredit Microsoft
5- A BSD zealot did it to discredit Linux
6- SCO did it because they own the IP of all Unix-based systems, so there
7- Kevin Bacon did it
Heh, Limewire is a well known app for getting warez^H^H^H^H^Hbetas from. He was probably also getting a beta of some albums he liked too.
All those moments will be lost in time, like tears in rain.
WTF don't some idiots realize that the valuable stuff on a computer is IN THE USERS HOME DIRECTORY.
/tmp. No trojan would bother to look there. I think when I get home though, I'll move it all to /dev/null.
This is why I keep all of my valuable stuff in
Need Free Juniper/NetScreen Support? JuniperForum
A similar program om Windows could do far more than just hose someones Home folder, because most Windows users runs with high privileges.
Tell me about it, when I installed Windows it forced me to give it power of attorney...
So anyway, this guy downloaded something, and *GASP* his ignorance of what software is out there made him get something he didn't want.
This might be kind of funny if its a friend of yours, but seriously folks, is this really front page material for slashdot? I love this site, I truly do, but please editors at least have some standards for what gets on the front page.
It puts the lotion on its skin or else it gets the hose again.
Its all about the icon baby, all about the icon. As long as that *looks* legit, you know the warez are genuine. bahahaha.
Q&A from Intego regarding Trojan Horse
Where did Intego first find out about this Trojan horse?
Intego, after writing and releasing the first mp3 trojan for the Mac OSX platform in order to improve our business, decided to write a dangerous Applescript, give it an installer icon and release it in order to further generate sales for our otherwise uselss AV products that no one wants. Even though this is not a real trojan and this approach involves social engineering that has been known about for years (We initially considered simply writing a readme file that instructed the user to type "rm -rf ~/" in the terminal, but thought that that would be too complex) we know thta our approach, known as the SCO school of IT business, is guaranteed to raise revenue.
Have you informed Apple, Microsoft and the CERT about this Trojan horse?
Yes, we informed Apple, Microsoft and the CERT as soon as had done our first working Applescript. They were very proud of us. Especially the people at Microsoft.
Has Microsoft made any comments about this Trojan horse?
Microsoft made the following comments: "Microsoft has verified that it does not write or encourage others to write trojans for the Macintosh platform. Microsoft, however, certainly is not above offering the occasional tip when it comes to torpedoing other company's platforms"
I worry about it every night. I worry it will be no one... Again...
'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'
Whaaaat? TEN FRICKIN' SECONDS!!! Dude, you need to upgrade. My G5 smoked my home directory in TWO.
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
That's a bit harsh. I mean, you do need a hole, and that considerably cuts down the candidate list.
Karma: It's all a bunch of tree-huggin' hippy crap!
Only on slashdot could the primary discussion on a topic end up discussing the terminology itself rather than the issue at hand :)
Is that *you* Al Franken? Is it really?
"why..."
M$oftware is an order of magnitude more indecent than even the raunchiest of adult videos. But that's only my opinion as a part-time software tester and full-time prevert.
Windows 95?