'Opener' Malware Targets OS X
the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."
This is lame. A script! -this is Slashdot, you should know tthe possibilities of bash scripting. Besides, it doesn't even spread itself, don't hide its tracks...
Root is disabled by default on all shipping Mac's and if anyone has physical access to your machine then you are in serious trouble anyway. Right, but the initial setup of every shipping mac out there has the user create an administrative account on there machine. This person can run sudo to execute a root command. The password prompt you get before installing most mac software runs sudo. So an install program effectively runs as root and if the install program silently added this script to your system then it would run.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
I agree with everyone else. This is nothing more than a Trojan Horse - and in order to do anything meaningful it needs lots of privileges, like becoming root. There's nothing seriously worrying in this (Mac OS X is STILL without a virus), because, as mentioned in the article, all the stuff it does can be reversed easily (even more easily if you clone your HD daily like I do).
Could a Trojan be written to trick the user into installing a StartUp Item?
... and came up with Intego and FUD.
Make no doubt about it. There is a French company that writes Mac software called Intego.
THEY ARE the ones spreading this new rumor, just as they spread the "trojan horse" myth a few months back.
It's time to sell some more software - so it's time spread some more FUD.
A previous story I had done on this
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
As you already pointed out, you have to have root access to the machine then install a root kit. This is just a bunch of FUD similar to the ruckus the so-called WordPress vulernabilities that were reported last month. Yes, they allowed you to redirect to any url as part of a seemingly innocent url, but you have to be logged into WordPress to exploit them. Highly overrated as severe security vulnerability.
By default sudo (on all *nix systems) is configured to only request a password once within a set time period. (Read the man page for details.) It would be possible for a piece of smart malware to wait for the user to issue a sudo command. After the sudo ticket has been issued the malware could use sudo to gain root access without a password.
I do not know how this affects OSX. Some preference controls and updates require a password similar to sudo, but I do not know if sudo is used.