Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Trojan Horse Disguised as Word 2004

Posted by pudge on from the caveat-pirator dept.

Espectr0 writes "Macworld is alerting of a malware program for the Mac. A Macworld reader alerted the magazine to the malware after he downloaded the file from Limewire. The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'" This sounds similar to the recent trojan horse proof-of-concept. There are many ways to make one file look like another, on any platform. This is 2004, you should know by now not to open a file from an untrusted source.

3 of 785 comments (clear)

  1. Hopes by aliens · · Score: 1, Redundant

    I downloaded the file [off Limewire] in the hope that perhaps Microsoft had released some sort of public beta

    Yeah I'm sure he was thinking that the file he got off LimeWire was some sort of legit public beta from MS. I mean that's the first place MS would release something like that. Not official MS sites, but a P2P network with no announcement.

    --
    -- taking over the world, we are.
  2. Re:The Icon Looked Trustworthy! by LostCluster · · Score: 0, Redundant

    Because everyone knows the icon is the best way to ascertain the security and authenticity of any piece of software. It's very secure and hard to change, uh huh.

    Yep. On absolutely all platforms, the icon from one program is very easy to grab and apply to another. This is about as far away from a certificate or a signature as you can get. Only the trademark lawyer can protect against icon theft.

  3. Let me get this straight by DiscordOfFive · · Score: 1, Redundant

    You find a file, supposedly MS word. On a P2P network (let's just spontaneously forget all the worms, trojans, and malware that spread over these things). You don't do any research as to whether or not MS *actually* released *anything* of that nature (or even if something like it is in development). You obviously decided it was a good idea to run this program. IMHO, you got what you deserved.

    I always liked to think that the general computer security paradigm changed. Unfortunately, I have been proven wrong yet again.

    --


    Only the purest of souls seek enlightenment. Everyone else just wants power.