Slashdot Mirror


Mac Trojan Horse Disguised as Word 2004

Espectr0 writes "Macworld is alerting of a malware program for the Mac. A Macworld reader alerted the magazine to the malware after he downloaded the file from Limewire. The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'" This sounds similar to the recent trojan horse proof-of-concept. There are many ways to make one file look like another, on any platform. This is 2004, you should know by now not to open a file from an untrusted source.

5 of 785 comments (clear)

  1. Think first by BWJones · · Score: 5, Insightful

    The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta.

    Using Limewire? A likely story.

    The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'"

    This is the risk you take when downloading stuff that you don't pay for. If you purchased Office 2004 from Microsoft (thus supporting the promotion and development of software for OS X), then you would have something to gripe about. As it stands, one might suggest you got what you paid for.....

    This is 2004, you should know by now not to open a file from an untrusted source.

    Well said. However, this does raise the possibility of other code that could be made to look like just about anything. So, once again, think about what you install on your computer just like you would think about what you eat or who you have sex with. If you don't know, trust or suspect that software/food/person, then either screen them or think twice.

    --
    Visit Jonesblog and say hello.
  2. Actually... by rtilghman · · Score: 5, Insightful


    If it was a windows installed you could check to make sure that various files were signed and authenticated by MS, information which I don't believe can actually be faked (dlls, exe, cab files, etc.).

    I don't know if Mac has a similar feature, and I don't know if some random moron like this guy would even have bothered to check. However, it would seem that MS' own security would indeed have offered a better chance of preventing such a Trojan. :)

    -rt

  3. Re:New paradigm? by Bonker · · Score: 5, Insightful

    Surrrrreeee they thought it was a beta. Uh huh. That's why they went to Limewire rather than the MS website. Sure. Yeah.

    Open Office porters take note. At my last check, Mac users are still stuck with a sucky x11 version of OOO1.1 rather than the spiffy version available for Windows users.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  4. How to write a OS X Trojan by heyitsme · · Score: 5, Insightful

    1) Create shell script with "rm -rf $home/*"
    2) Package script with Microsoft Icon
    3) Upload to P2P network
    4) ???
    5) Laugh as retarded Slashdot editors call it valid malware

    Come on guys... lets get serious.

  5. Re:"Darwin" - style award winner by SquadBoy · · Score: 5, Insightful

    This was a person who based a choice on whether or not to run an app based on how the ICON looked. They will repeat over and over and over again and wonder why the hell their shit keeps breaking.

    --

    Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.