Demo Virus For Mac OS X Released

Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise."

This is on the front page of slashdot why?

[daveschroeder]

So, this is a "virus" that is nothing more than something that programmatically attaches/appends itself to other files that are in the same directory as itself when executed (which is easy to do and doesn't rely on any deficiency in the system), isn't in the wild and therefore doesn't have any real impact on users, is a proof-of-concept, and still has no vector or mechanism for propagation, much less mass-propagation?

Wow. Um. Raise the alarm. One if by land, two of by sea, and all that.

Oh, and here's my new piece of nasty Mac OS X malware:

Place this in a text file and name it ElectricSlide.command:

rm -rf ~/*

Double click it. Voilà. A piece of malware that can't actually spread that deletes the contents of your home directory with no warning!

Maybe we can see a Symantec warning about OSX.ElectricSlide!

I realize Symantec or any AV vendor has to catalog known malware, but come on: the coverage this is getting is ridiculous, and now the front page of slashdot?

Mac OS X certainly has vulnerabilities. The people saying it doesn't are morons. But the problem is that any vulnerability discovered in any Apple product gets amplified in the press massively disproportionately. For example, the iPod Windows virus issue:

By all accounts, there was likely a Windows PC used for QA at a non-Apple contractor that was infected with a virus that was infecting iPods with the virus when they were plugged in to that machine. (If anything, this is a problem in the QA process at Apple's manufacturing contractors, not ANY indication that "Macs" or Apple are any more susceptible to viruses or attacks, in any way, shape, or form - I'm surprised at the level of shoddy journalism on this. This is a Windows worm copying itself to a locally attached Windows disk (that happens to be an iPod), nothing more. Yes, it's really bad for any manufacturer to ship something with a virus on it, but this doesn't indicate the susceptibility of Apple or Macs in general. If anything, it indicates the iPod is effective as a USB-attached disk. Which it is. Again, no excuse for the processes to let something like this happen, but still.)

Then, the coverage of this goes on to rehash the (incorrect) assumption that someday there will be a huge worm outbreak on Macs, an assertion that is completely unrelated to iPods being infected with a Windows (or even Mac) virus.

I'm not going to rehash why it's literally impossible for the type of devastating mass-propagating worms that we've seen on Windows happen on Macs; marketshare/presense alone is enough to make that argument, but marketshare is only one of many factors.

I predict that we'll continue seeing these sky-is-falling and "WAKEUP CALL FOR APPLE" articles month after month and year after year, with nothing actually happening of any consequence to the installed Mac OS X base. Will there be new viruses, worms, malware, and proofs of concept of malicious items for Mac OS X? Yep. Absolutely. Just as there have been. Will there be something that can mass-propagate to the point where it costs the tens/hundreds of billions of dollars and hundreds of thousands of manhours in recovery and lost productivity like we do on Windows? Nope. The architectural, use, marketshare, and security differences on the Apple platform versus Windows ensures that.

The coverage of this will likely be further classic examples of press jumping on any negative or security-related story that has to do with Apple.

Maybe this will even be the sixth or seventh, by my count, "FIRST MAC OS X VIRUS" story that can be trumpeted around on CNN, AP, and Reuters! One can only hope!

Also, before anyone says "There's also a Bluetooth 0day for OS X," that would actually be the same, months-old, single Bluetooth issue that has already been reported on months ago, and that was patched in all versions of Mac OS X for a year even at the time that the worm,

Technologically Sophisticated

[AKAImBatman]

DEAR RECEIVER,

You have just received a Mac OS X virus. Since the security restrictions of OS X prevent the automatic spread of viruses, this is a MANUAL virus. Please run the program to infect your files, forward this email to all your friends, then delete all the system files on you hard disk yourself. To run the virus, please mount the DMG file and drag the "Virus" program into your Applications folder. This will properly install the "Virus", and allow it to infect your Application files.

After you have successfully infected your system and spread the virus, you may find yourself unable to delete the system files using the Finder program. In this case, you must open a terminal and follow the instructions below:

1. Type 'sudo su -l' and hit ENTER.
2. Enter your password and hit ENTER.
3. Type 'rm -rf /'

This process will take several minutes, so please be patient.

Should you run into technical difficulties with infecting your Macintosh, you can visit our online help website at http://www.infectmymacwithanastyvirus.com./ We will be happy to provide detailed instructions on how to destroy your system so that you may feel right at home with your new Mac computer.

Thank you very much for your assistance.

--Mac OS X Hackerz

Attachment: Virus.DMG

P.S. If you don't get the joke, please read the article and virus report.