PDA

View Full Version : Malware for OS X :(



kaidomac
02-16-2006, 10:41 PM
Article (http://www.macworld.com/news/2006/02/16/leapafaq/index.php)

Bummer!

D3v1L80Y
02-16-2006, 10:49 PM
Big deal...

The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself. You might receive a file from a buddy in iChat, or download something from the Internet, or open an attachment to an e-mail message. The program code is presently hiding in what claims to be pictures of OS X 10.5, Apple’s next major OS X upgrade. To get Leap-A on your machine, you must (a) receive the file, which is compressed; (b) expand the archive; and (c) double-click what appears to be an image file to execute the code. You cannot get the malware by simply browsing the Internet, reading e-mail, or chatting with friends in iChat.
Even if one were to go through all the steps and install it, it won't do any real damage..

In its current incarnation, the code doesn’t really do anything malicious, such as deleting files, changing permissions, or moving around applications. However, due to a bug in its code, Leap-A will prevent infected applications from running. The only solution to this problem is to install clean copies of the original applications. So your data isn’t at risk, at least as of now.
If one were unfortunate to have it "infect" your system, then all you have to do is a backup and a clean install. Nothing too terribly time consuming or complicated... surely nothing near as time-consuming or hassle ridden like trying to clear something off a Windows system.

Discerptor
02-16-2006, 10:57 PM
Article (http://www.macworld.com/news/2006/02/16/leapafaq/index.php)

Bummer!
Malware has existed for OS X for a long time. In fact, one of the last things an Apple technician is supposed to do as a test is fix problems caused by a malicious AppleScript. The difference between these and viruses is that viruses don't ask to be installed. To be affected by that thing, you have to download it yourself, then proceed to expand the compressed file and double-click the icon and enter your password (on a non-admin account). This is absolutely nothing new or threatening, unless someone is dumb enough to actually do all that.

Benjamindaines
02-16-2006, 11:00 PM
I was around when the prick (lasthope was his user name on MacRumors) and my iBook got it, it doesn't do much except send it's self around and cause the apps its hiding in not to run.

But that being said, I reinstalled everything to get rid of it. Symantec also has a patch out for it.

technologist
02-16-2006, 11:21 PM
This is a tricky little thing, though. It resembles a JPEG closely enough to trick many people into running it.

Apple needs to add a warning to iChat, like the one in Safari, that notifies the user when an attachment is an archive that could contain an application.

macEfan
02-16-2006, 11:31 PM
wow, thats a good trick there.... great, one of the first virus programs for Os X... I bet Steve Jobs is in a jam now..... but luckily apple usually posts udates for things like these ASAP. The way I think of it is hey, every great company makes a few mistakes, apple incuded. If apple wants to secure its OS more, in my opinon, it should not release OS X for PC's... It would let a lot of hackers crack the OS. Good luck apple!

Discerptor
02-16-2006, 11:32 PM
This is a tricky little thing, though. It resembles a JPEG closely enough to trick many people into running it.

Apple needs to add a warning to iChat, like the one in Safari, that notifies the user when an attachment is an archive that could contain an application.
Or people could just have file extensions enabled so as to see what kind of files things really are. I know I do for the occasional website that messes up naming it compressed file downloads.

PowerBookG4
02-16-2006, 11:36 PM
Yeah but as long as you download files you know are safe and even if you download this file you don't run it.. you will be fine... its not a virus and does not show any holes in osx.. just shows holes in peoples minds... why would you need a password to open a image file any way?


EDIT: wow i open the link.. read it all the way through.. read the post on the other forums about it.. make my post and put submit.. to see that I am all the way down here on the page in the amount of time that it took me to read that.

Avid6eek
02-17-2006, 01:55 AM
all you have to do is a backup and a clean install. Nothing too terribly time consuming or complicated... surely nothing near as time-consuming or hassle ridden like trying to clear something off a Windows system.How is a backup and clean install any different on a Windows system? Total fanboy comment.

iWonder
02-17-2006, 02:11 AM
maybe, backup the program and install it cleanly as in delete the files associated with it? Anyway, this is completely preventable by just monitor your downloads.

Discerptor
02-17-2006, 03:57 AM
How is a backup and clean install any different on a Windows system? Total fanboy comment.
Gotta love the ignoring of everything else said in this thread. ;)
That said, a clean wipe and install IS pretty much the most extreme step you can take on either a Mac or a Windows system, so you're right in calling what you did.

sluzniak
02-17-2006, 11:36 AM
Granted this worm is weak and an annoyance at best. but the fact remains that people are starting to look at more Mac exploits now. and as one other poster mentioned Apple does release very timely updates and security fixes, thank gods, but in the mind of a hacker it will only egg them on to write better ones quicker.

I just read a report of another exploit that spreads over bluetooth. This was just a proof of concept, but the hole is there. I just hope that all the Mac users spread the word to their non-techie mac friends to keep their OS updated and start looking at some anti virus software.

On a windows PC virus prevention is just as easy as watch what you download, don't open files from people you don't know, and keep your system updated. but they don't listen.. Sigh.

I really hope this is not a new era for the mac. otherwise mac security techs will be in demand soon

dan828
02-17-2006, 01:06 PM
The exposure is there though. Most Mac people feel entirely safe from any type of exploit (and this one is similar to most PC infections, in that the path of infection is through getting the user to install it himself, not by using a sophisticated exploit).

Avid6eek
02-17-2006, 02:47 PM
Well, right now you got a world of hacks trying to find cracks to OSX to get it running on their PC, or trying to get Windows on a Mac. Now that these hacks are going through the operating system like never before, they are bound to find holes and exploit them.

Benjamindaines
02-17-2006, 02:52 PM
Well, right now you got a world of hacks trying to find cracks to OSX to get it running on their PC, or trying to get Windows on a Mac. Now that these hacks are going through the operating system like never before, they are bound to find holes and exploit them.
Yes that is a very good point but luckily Apple is very good about patches in a short about of time.