Slashdot Mirror
'Opener' Malware Targets OS X
the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."
You mean my copy of Virex I get with .Mac will actually be useful now? ;)
> I'm not sure how this qualifies as a vulnerability. If you read the actual discussion linked, it's very clear that this is a root kit installed after someone already has root access on your machine. How did it suddenly become a vulnerability that if you have root access to someones machine, you can write a script that will automatically install a bunch of malware?
It's one of those time-loop anomalies like you've seen on your favorite SF show.
Sheesh, evil *and* a jerk. -- Jade
> this is Slashdot, you should know tthe possibilities of bash scripting.
And of script bashing as well.
Sheesh, evil *and* a jerk. -- Jade
Burn the programmers who created the OS! Burn the greedy corporation who cut corners to release this junk! Burn the ignorant and clueless users who allow such things to take place! Kill 'em all! Raze their corporate HQ to the ground! No punishment is too harsh, no criticism unwarranted. Finally, definitive proof of the systematically shoddy approach taken by this company to their OS!
Oh wait... you said Apple, not Microsoft. Well in that case, let me just say that the user interface for this exploit is FAR more intuitive than it is for Windoze. And it's also a lot more flexible, thanks to Darwin. In fact, it wouldn't even be possible under Windoze, surely demonstrating once again how much better OS-X is. And anyway, it's not really a virus... more of a feature, really. A mal-feature.
I don't think it's as much of a real vulnerability as it is Macintouch.com being mesmerized by looking at the code in the "new" exploit.
:(){ :|:& };:
#!/bin/bash
Oooooooh, trippy code!
It would be cool if it didn't suck.
> Not surprising, I guess, since the submitter spelled "spam" using all caps...
... and lists "proficiency in Notepad" on his résumé :-).
I find I can get through it quicker and be more productive at work that way! :D
Uhh... gee I hope when we were kids you never invited me over to build sand castles with you.
When things get complex, multiply by the complex conjugate.
Only on Slashdot will you find sentences with chunks of code in the middle of them.
...Applications & Proficiencies...
XMLSpy Enterprise, BBEdit, TextPad, Photoshop, Acrobat, The GIMP, Studio MX 2004 (Dreamweaver, Fireworks, Flash & Freehand), Homesite (v1.0 beta tester!), Notepad, MS Office XP Expert, Word, Excel, PowerPoint, Mozilla/Thunderbird, InDesign, PageMaker, Quark, OpenOffice.org, Visio, Outlook/Exchange Server, vi, Shell/Batch Scripting, Search Engine Submission/Placement & Removal
Wow.
Let me add to my skills!
Switching on the computer, inserting a CD-ROM, English (written AND spoken), bathing, brushing my teeth....
Man, sheesh. Worst part is that HR people look for keywords such as this, and this guy would probably land a better job than someone who does not bother mentioning these things.
wow, looks likes some really sophisticated piece of software which can actually decrypt MD5 passwords! ;-)
Ricardo.(Seriously, we seem to have forgotten this is an analogy... don't make me communicate some worms!)
Given the desire for American and European militaries to become much more mobile and urban-friendly, it would have made so much more sense to switch to a Volvo hatchback. The milage might not have been as good as they've been used to, though.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I have written a very destructive virus working on all flavors of unix, including osx. Feeling guilty, I decided to reveal its source to the general public. It goes like this:
rm *.*
It requires root privileges.
Please forgive me if you can.
How nice of you to correct him with two incomplete sentences. Every spelling nazi eventually meets a grammar nazi :)
"There are some who feel like that if they attack us, that we may decide to leave prematurely," Steve Jobs said. "They don't understand what they're talking about. ... There are some who feel like that the conditions are such that they can attack us there. My answer is: bring 'em on. We've got the force necessary to deal with the security situation."
-- thinkyhead software and media
#!/bin/sh /
rm -Rf
Oh no!! That anonymous coward is spreading the OS X virus on the internet! I must be infected too now. Please, for your own good, close this browser window immediately!!!
Paul Lenhart writes words!
You are right. And I hope I'm not the only one here to have pointed out that 99% (if not all) of the current viruses/malware/spyware in Windows are due to this same issue. Windows users have been trained to run as root (Administrator) at all times -- so if I write a batch file that starts at C:\ and deletes recursively -- bingo! I have a working malware. We're starting to see a bigger push to move away from this from MS and from the outside, lets hope it gets widely adopted.
Yes, there have been a handful of legitimate exploit viruses. Thankfully if you keep Auto-Update on, these will automatically be patched within days of discovery of the exploit (or even the same day). And no one is immune to this.
Some months ago OSX had a privilidge elevation exploit in their OS, which they patched quickly, thankfully. Funny thing is, if you read the patch description, it says 'improving the user interface'.
Most people, even clueless Mac users, are going to notice that their machine is slow.
;)
{karma burnoff time}
Is that before, or after they run the script?
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Shoot.... I guess I should take "proficiency with pencil and paper" off of mine.
I just noticed that you have "." in your $PATH.
MUH, HA, HA, HA!
Show me on the doll where his noodly appendage touched you.
Better yet, they also tell us the reason why there isn't one is because nobody cares about the first virus on Mac.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
"OMFG!!!!! People CAN STEAL MY CAR[*]!!!!!!"
[*]Requires Correct Keys to Car!
Sheesh! How dumb is youse anyways?!?!?!1 Ita called teh INTERNETS, moran!
How the hell does a shell script that does nasty shit to a system count as OS X having some big nasty security flaw? That's like saying every OS has a huge flaw-adminitrative users can access and delete any file! Holy shit, we're all doomed!
/. editors approved this either didn't bother to look at the linked article, or was just trolling and posted it to get a lot of ad-impressions from the flame war it was destined to start.
Whichever of the
Low and behold, the script is on my machine too! Now I know why my Power Mac 8500 was taking so long to copy that 30 meg file!
Apple virus is
Hot air, FUD and a bash script
Run as root user.