Slashdot Mirror


'Opener' Malware Targets OS X

the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."

5 of 400 comments (clear)

  1. FUD... by nordicfrost · · Score: 4, Interesting

    This is lame. A script! -this is Slashdot, you should know tthe possibilities of bash scripting. Besides, it doesn't even spread itself, don't hide its tracks...

  2. Re:I am not too concerned by j-pimp · · Score: 4, Interesting

    Root is disabled by default on all shipping Mac's and if anyone has physical access to your machine then you are in serious trouble anyway. Right, but the initial setup of every shipping mac out there has the user create an administrative account on there machine. This person can run sudo to execute a root command. The password prompt you get before installing most mac software runs sudo. So an install program effectively runs as root and if the install program silently added this script to your system then it would run.

    --
    --- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
  3. Re:All machines are vulnerable to this by asjk · · Score: 5, Interesting
    What about this assertion from the MacIntouch page?

    John C. Welch

    ...Using /Library/StartupItems/ for it shows some thought about Mac OS X. One of the problems with that directory is that, while items in it run as root prior to login, you don't have to be root to create startup items in that directory, nor do they have to be owned by root to run. Any admin user can use this directory to create startup items that will run as root. That's a weakness that hopefully will get fixed. ...

    Could a Trojan be written to trick the user into installing a StartUp Item?

  4. I looked up "virus for the Mac" by adzoox · · Score: 5, Interesting

    ... and came up with Intego and FUD.

    Make no doubt about it. There is a French company that writes Mac software called Intego.

    THEY ARE the ones spreading this new rumor, just as they spread the "trojan horse" myth a few months back.

    It's time to sell some more software - so it's time spread some more FUD.

    A previous story I had done on this

    --
    Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
  5. Similar to the "so-called" vulns. in WordPress by Laebshade · · Score: 4, Interesting

    As you already pointed out, you have to have root access to the machine then install a root kit. This is just a bunch of FUD similar to the ruckus the so-called WordPress vulernabilities that were reported last month. Yes, they allowed you to redirect to any url as part of a seemingly innocent url, but you have to be logged into WordPress to exploit them. Highly overrated as severe security vulnerability.