'Opener' Malware Targets OS X

the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."

One Solution...

[myrdred]

One solution that I see with this, to prevent this to be installed unaware of the User, is to have an addition to the root password to be required to install in /Library/StartupItems/

Whenever a program tries to install an item there, even if it has root access (which btw _is_ needed to write to that directory, _even_ if you're running as Admin), the Operating System should give a dialog box to the user, prompting him or her to permit or deny this addition, so the User will always be aware when something like this is happening.

This would be a similar solution to how Apple dealt with File Associations in a recent security update - ie when an application is opened for the first time as a result of File Associations, OS X will prompt you "Are you sure you want to open foofoofoo for the first time which is associated with file barbarbar?" (the actual wording is different, but that's basically the idea).

Re:All machines are vulnerable to this

[hunterx11]

The user created during install does have admin priviledges, but that doesn't mean that he or she has root priviledges.

Cortana:/etc root# cat sudoers | grep admin
%admin ALL=(ALL) ALL

Close enough.