New OS X Trojan affects 10.4.6 and lower.

Aptmunich · Jul 3, 2006

According to Techweb, a new trojan has been found, that takes advantage of a security hole in launchd that Apple fixed in their recent 10.4.7 update.

Upon successful installation (it's not clear whether the users password is required), the flaw gives the attacker root access to the system.

Users of 10.4.7 are not affected by this issue, as Apple fixed the issue with the update. All other users are urged to update their systems!

http://www.techweb.com/wire/security/189800241;jsessionid=DYDXM4DJXFYTSQSNDLPSKHSCJUNN2JVN

Badger · Jul 3, 2006

Isn't wonderful how the companies that want to sell us anti-virus stuff are the ones who announce the new viruses? There is nothing about this on the CERT site (http://www.us-cert.gov/current/current_activity.html). Most reports point out that this is a proof-of-concept piece of coding that was posted on a hacker website after Apple publicized the flaw. There has been no report of it being found in the wild.

Aptmunich · Jul 3, 2006

Yeah, I was sceptical when I saw 'Symantec' as well...

But I do find it interesting that the malicious coders are now taking the approach that they've been using with Microsoft for a while now, waiting for patches and then releasing code to take advantage of the flaw on unpatched systems.

Kar98 · Jul 3, 2006

Interesting that the article at Symantec was written by "Costin Ionescu", who's otherwise known to work for BitDefender, a Romanian competitor of Symantec.

Keep it up, you SOBs, keep proving my point*

*point being, viruses are written by the sellers of anti-virus software. How else would one explain how they are taken utterly by surprise when some rogue _does_ write an actual, un-expected virus?

Mr Bobbins · Jul 3, 2006

Urr Viruses.

Caught one myself last week and still have a bit of a runny nose from it. Those summer viruses are the worse.

mrfu · Jul 3, 2006

I'll be happy if Apple stays as the premiere brand with less customers. That way we can continue to live our happy lives without trojans, viruses and spyware....

Kar98 · Jul 3, 2006

By Victor Mihailescu, Apple News Editor

Another month, another so called OS X exploit/security attack, these incidents are becoming a common occurrence, the only thing that does not change is the fact that is it all FUD.

This latest threat comes in the form of code that makes use of a locally exploitable vulnerability in the "launched" portion of the system, that handles the start-up items. Of course, Symantec was all over it, and issued a security alert that warned “attackers may exploit this issue to execute arbitrary code with elevated privileges."

As usual, once you actually get down to looking at the actual facts, this vulnerability is downright hilarious. While the vulnerability was there, it was fixed in the latest system update from Apple, which was released last Tuesday. However, the actual exploit for this vulnerability, the code that could potentially use it, was released last Wednesday by Kevin Finisterre, a security researcher at Digital Munition.

Basically, what we’re looking at here is an exploit that was created in a lab, to take advantage of a flaw that was fixed before the exploit was created… scary.

Since this exploit is not, nor has it ever been in the wild, the chances of it affecting anyone are minimal. If the user has upgraded to the latest version of the OS, then the risk of being affected is non-existent.

baggss · Jul 3, 2006

Why do I not find this surprising. The fact that there was an extreme lack of details, like the requirement for a password to install the malicious code, made me immediately skeptical.

yogi · Jul 3, 2006

OSX will never reach the dangerous levels of Windows. Even Microsoft learns, and I bet we will see a pretty solid release with Vista, at least on the security level.

OS X is pretty safe, and Apple is quick, I mean, this virus was "launched" after Apple already had the hole fixed - something impossible to date with Windows (talk SP2 release date).

OS X will stay safe. And Apple will try get more customers, but they're consumer base will stick to a special kind of people who can afford these things. Common john is not going to buy a mac from 5th avenue.
Rather common upeer-middle-class john.

Apple doesn't target putting computers in little schools in Ghana or India - that's not what they do. Unfortunate, but we can't all be angels of welfare like Bill Gates.

mraya · Jul 3, 2006

yogi said:
OSX will never reach the dangerous levels of Windows. Even Microsoft learns, and I bet we will see a pretty solid release with Vista, at least on the security level.

I agree with you, a big problem with Windows is Microsoft policies. Apple has a different behavior towards its costumers. BTW, i'm not so optimistic about Vista.

yogi said:
OS X is pretty safe, and Apple is quick, I mean, this virus was "launched" after Apple already had the hole fixed - something impossible to date with Windows (talk SP2 release date).

As it was noted on the first post, this is how problems started with Windows, attacking the repaired holes. However, since it is a lot easier to update OSX, i don't think this is a major threat.

yogi said:
OS X will stay safe. And Apple will try get more customers, but they're consumer base will stick to a special kind of people who can afford these things. Common john is not going to buy a mac from 5th avenue. Rather common upeer-middle-class john.

Here i disagree with you, anyone can get an old Mac Mini, "get" Tiger and start messing with the code. Or even worse, just turn your old Dell or similar and "get" the Tiger developer version, no money involved. This is just a matter of time, not money.

yogi said:
Apple doesn't target putting computers in little schools in Ghana or India - that's not what they do. Unfortunate, but we can't all be angels of welfare like Bill Gates.

Gates doesn't give away computers, he invests in future costumers.

Just one question, this is suposed to affect 10.4.6 and lower versions, does this inlcudes Panther?

technologist · Jul 3, 2006

Kar98 said:
Interesting that the article at Symantec was written by "Costin Ionescu", who's otherwise known to work for BitDefender, a Romanian competitor of Symantec.

Keep it up, you SOBs, keep proving my point*

*point being, viruses are written by the sellers of anti-virus software. How else would one explain how they are taken utterly by surprise when some rogue _does_ write an actual, un-expected virus?

There's nothing surprising or conspiratorial about this. Symantec and the like employ "security researchers" whose job is to find vulnerabilities in software. If nobody did this, then many of the bugs would never be fixed, until some hacker exploited them.

The two possibilities are

1. Researcher finds problem
2. Researcher reports problem to vendor
3. Vendor fixes problem
4. Problem is announced to public

or

1. Hacker finds problem
2. Hacker exploits problem
3. General public is at risk, systems are compromised, and all **** breaks loose
4. Vendor races to patch problem
5. Vendor fixes problem, but damage is done.

Sooner or later, the vulnerabilities are going to be discovered. It's better that a "friendly" security researcher finds a vulnerability than some hacker. Yes, of course the security researchers have an interest in finding them. Otherwise, nobody but the criminally-minded ever would.

Badger · Jul 3, 2006

Or...
1. Vendor finds problem
2. Vendor fixes problem
3. Vendor publicises problem and releases update
4. Hacker creates an exploitation of problem
5. Security companies use situation to spread FUD and promote products
At least it was not announced by Symantec's marketing director the way McCaffee did with the last scare.

BlindingLights · Jul 3, 2006

another reason to stay updated

baggss · Jul 4, 2006

Tis is like standing up in a movie theater and yelling "FIRE". Except that everyone in the theater is a firefighter and the only fire we see is from the cigarette lighter in the yellers hand

technologist · Jul 4, 2006

Badger said:
Or...
1. Vendor finds problem
2. Vendor fixes problem
3. Vendor publicises problem and releases update
4. Hacker creates an exploitation of problem
5. Security companies use situation to spread FUD and promote products
At least it was not announced by Symantec's marketing director the way McCaffee did with the last scare.

In this case, it was an outside researcher.

Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

If you look at Apple's Security Updates page, and click any random update, you'll find half or more of them give "credit" to some outside person for reporting the issue to Apple.

johnnyluu · Jul 4, 2006

It's quite simple, don't look at nasty porn sites and your computer won't get aids!

yogi · Jul 4, 2006

johnnyluu said:
It's quite simple, don't look at nasty porn sites and your computer won't get aids!

I doubt I will get this trojan by looking at stupid porn sites.

Btw, my line about Bill Gates and Angel of welfare should be read with a flavour of irony and sarcasm

. But you get a kudo for your excellent reply post.

Cole 505 · Jul 22, 2006

baggss said:
Tis is like standing up in a movie theater and yelling "FIRE". Except that everyone in the theater is a firefighter and the only fire we see is from the cigarette lighter in the yellers hand

OMG :closed: lmao heh heh....

I guess because I'm a fire medic I find it especially humorous!

But that is quite a visual Baggss;
If I shared what we'd all do(firefighters) :doctor:
to the person with that lighter after the word "fire"
was spoken....well I suppose either every citizen would
feel shocked

or some may begin to utter a few bwaahaa's giddily
to themselves?!!

--- thanks for a laugh to start my day

christm · Jul 22, 2006

Aptmunich said:
According to Techweb, a new trojan has been found, that takes advantage of a security hole in launchd that Apple fixed in their recent 10.4.7 update.

Upon successful installation (it's not clear whether the users password is required), the flaw gives the attacker root access to the system.

Users of 10.4.7 are not affected by this issue, as Apple fixed the issue with the update. All other users are urged to update their systems!

http://www.techweb.com/wire/security/189800241;jsessionid=DYDXM4DJXFYTSQSNDLPSKHSCJUNN2JVN

thanks for the info. i updated as soon as the 10.4.7 came out so i am 99% sure i wont be affected. i dont look at bad sites anyway.

cheers

JoshuaGGS · Jul 22, 2006

I'll take my chances...
Its still a lot safer than a PC

New OS X Trojan affects 10.4.6 and lower.

Aptmunich

Badger

Guest

Aptmunich

Kar98

Mr Bobbins

mrfu

Guest

Kar98

baggss

yogi

mraya

technologist

Badger

Guest

BlindingLights

baggss

technologist

johnnyluu

yogi

Cole 505

Guest

christm

JoshuaGGS

Guest

Shop Amazon