Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Trojan Horse Disguised as Word 2004

Posted by pudge on from the caveat-pirator dept.

Espectr0 writes "Macworld is alerting of a malware program for the Mac. A Macworld reader alerted the magazine to the malware after he downloaded the file from Limewire. The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'" This sounds similar to the recent trojan horse proof-of-concept. There are many ways to make one file look like another, on any platform. This is 2004, you should know by now not to open a file from an untrusted source.

8 of 785 comments (clear)

  1. Not like the recent warning by Anixamander · · Score: 5, Informative

    This sounds similar to the recent trojan horse proof-of-concept

    This is nothing of the sort. The recent warning was for mp3 or other non-executable looking files carrying a trojan horse payload...that is far sneakier than this. This is simply a program that doesn't do what it claims to do. He expected an executable, he got an executable. An if he really thought that Microsoft would relase a public beta through limewire...well, caveat emptor and all.

    Since it only deleted his home directory, it probably wasn't that sophisticated. I'm surprised it didn't attempt to escalate privilieges under the guise of an installer and do even more damage.

    I suppose I should make a clippy joke here (I'm really tempted), but I actually like office X and am looking forward to the next version.

    --
    Do not taunt Happy Fun Ball(TM)
  2. Re:Fast User Switching Rules... by Bullet-Dodger · · Score: 5, Informative

    Little Snitch is good for preventing anything from phoning home. Does have slightly annoying behavior unless it's registered, however. Anyone know of an OSS program to do this?

  3. Re:Windows by aristotle-dude · · Score: 4, Informative

    I know this is meant to be a joke but this would happen on any platform with a stupid user at the helm. This is nothing like the proof of concept Trojan. It is a classic trojan (malware program claiming to be some useful program). Fortunately, the OSX security model prevented the damage from spreading outside of the home folder. An admin account (default on Home and Pro XP) would have the ability to totally destroy a system whereas Admin accounts on OS X are not root accounts.

    --
    Jesus was a compassionate social conservative who called individuals to sin no more.
  4. Re:Only home folder was hosed by trojan.... by HeghmoH · · Score: 4, Informative

    Yes, but the home folder is all that matters. The way UNIX protects system files is very nice, but the reality is that for most users, the stuff in /home or /Users or /users or whatever your flavor of UNIX uses is what counts. If you trashed my entire computer but left /Users alone, I'd be annoyed and reinstall. If you trashed /Users, I'd be annoyed and restore from backup... but most people don't keep anything resembling decent backups. Especially on a Mac, where it takes twenty minutes to reinstall the OS, the difference between trashing /Users or trashing the entire system is miniscule. Of course, if it's a multi-user Mac, a trojan can only trash the current user's files.

    --
    Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
  5. Re:"Darwin" - style award winner by bamf · · Score: 5, Informative

    Actually I think you'll find that it fits the defintion of Trojan Horse perfectly.

  6. Like in biology, viruses have hosts by Theatetus · · Score: 5, Informative

    Just to clear things up for you:

    • A virus is a program that runs in the memory space of another executable and replicates itself to other instances of that executable; essentially, it's an unwanted plug-in.
    • A worm is a program that replicates itself against the user's wishes without requiring another executable as a host.
    • A Trojan horse is a program that masquerades as a desired program in order to gain access to the user's system. Trojan horses may or may not replicate themselves.

    This is pretty clearly a Trojan horse: it advertised itself to the lUser as a copy of Microsoft Word in order to gain access to his system. The payload of the unwanted software (be it virus, worm, Trojan, or something else) is irrelevant to its classification.

    --
    All's true that is mistrusted
    1. Re:Like in biology, viruses have hosts by darco · · Score: 4, Informative

      You are pretty close about the trojan, but your virus/worm definition is a bit off.

      The ONLY difference between a worm and a virus is that a worm actively spreads over a network. A virus needs a human to spread it, either by downloading infected files or swapping disks containing infected files. A worm can spread automaticly, requiring zero (or very little, in the case of viewing your mail) human contact. This is why they are so much more dangerous.

      --
      — darco
  7. Well, you're close... by Theatetus · · Score: 4, Informative

    I'll quote wikipedia...

    A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; a worm is self-contained and does not need to be part of another program to propagate itself.

    So, to reiterate: a virus requires another executable as a host, a worm does not. That is the difference between the two.

    The concept of a "trojan horse" is somewhat orthogonal to that of "virus" or "worm", though I think it is a distinct enough phenomenon to warrant its own designation.

    --
    All's true that is mistrusted