Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Mac OS X Virus?

Posted by ryuzaki0 on from the is-nothing-sacred dept.

bubba451 writes "MacRumors reports on what may be the first virus to affect Mac OS X, disguised as screenshots for the upcoming Mac OS X 10.5 Leopard. From the report: 'The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but was actually a compiled Unix executable in disguise. An initial disassembly reveals evidence that the application is a virus or was designed to give that impression.' The virus is said to also spread via Bonjour instant messaging." Update: 02/17 00:09 GMT by P : This is not a virus, it is a simple Trojan Horse: it requires manual user interaction to launch the executable. See Andrew Welch's dissection.

4 of 577 comments (clear)

  1. Trojan Man? by green+pizza · · Score: 4, Interesting

    Sounds more like a trojan to me. But the question is, how in the world did they get it to show up as a JPEG image and still be executable? And does this script do any damage beyond the user's home directory? I.E., does it have some sort of a rootkit? Or does it simply prompt the user for the root/admin/sudo password?

    Somebody better wake up Apple and fix this application-looks-like-a-pretty-JPEG icon bug!!

    1. Re:Trojan Man? by CastrTroy · · Score: 4, Interesting

      Maybe we should be able to override the OS so that no matter what icon the executable file says it wants to display, the OS always shows an icon clearly depicting the fact that the file is an executable.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Trojan Man? by Vicsun · · Score: 4, Interesting

      An honest question (I'm pretty ignorant):

      How can a user differentiate between an executable file with a pretty icon and a jpeg in OSX (or Linux for that matter)? In Windows there are file extensions so a trojan with an icon will still have to be called something.exe in order to do any damage. How can I tell the difference between a binary file with an icon and a file that doesn't execute any code with the absense of extensions?

      Please don't laugh :(

  2. Reminds me of old Applescript "hacks" by Anonymous Coward · · Score: 5, Interesting

    Back in high school we used to make little mean scripts in Applescript. Since there was no concept of security or multiple users in Mac OS 7 and 8, the script could do all sorts of nasty damage. All you had to do was compile/"save as" a standalone executable application from the Applescript Editor and paste an innocent icon on it. We liked to use the ClarisWorks icon to be extra mean.

    Another variant was useful on computers that were proteted with OnGuard or AtEase. Simply make a script that would pop up a dialog box asking for the password. An unknowning teacher would enter the password and the script would exit... leaving behind a log file with the password in it for later use.

    Nothing magical about these. Very basic trojan horses.