First Mac OS X Virus?

bubba451 writes "MacRumors reports on what may be the first virus to affect Mac OS X, disguised as screenshots for the upcoming Mac OS X 10.5 Leopard. From the report: 'The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but was actually a compiled Unix executable in disguise. An initial disassembly reveals evidence that the application is a virus or was designed to give that impression.' The virus is said to also spread via Bonjour instant messaging." Update: 02/17 00:09 GMT by P : This is not a virus, it is a simple Trojan Horse: it requires manual user interaction to launch the executable. See Andrew Welch's dissection.

Re:Hehehe

[iBod]

Is that a bit like Your Own Personal Jesus?

Re:I call Dupe

[RyuuzakiTetsuya]

A) New variant of that.
B) If this IS a dupe that means that the virus has duplicated and spread!

Re:Trojan Man?

[sootman]

Correct me if I'm wrong, but OS X, like RedHat Linux has for quite a while, uses single-user groups--that is, each user is the only member of a group which has the same name as the user's name. So the group bits are not entirely meaningful. Easy enough to test: can you
touch /Users/<someone else>/Library/test
? I can't. If you can't you shouldn't need to go from 775 to 755.

Each OS X system I have (10.3) shows the following ownerships in /Users/:
'Shared' owned by root:wheel
'admin' (first user created) owned by admin:staff
all other users--admins and non-admins:
'whatever' owned by whatever:whatever
10.0-10.2 made bigger use of the Staff and Wheel groups, IIRC, but since 10.3, it's been one user per group for all but the first user created. (And that's why the first account I create is a generic admin account named admin--because early versions of OS X went batshit if you deleted the first user ever created, and I've kept the habit ever since. And it's always nice to have a clean account to switch into for testing.)