Jump to content

New Virus for OSX found


enzomusic
 Share

14 posts in this topic

Recommended Posts

Hi folks,

a new Virus for OSX has been released. Reportedly it's a archive with screenshots of 10.5. But that is fake.

It's stored as latestpics.tgz.

(Take a look at: http://forums.macrumors.com/showthread.php?t=180066)

If you extract that file, it's show you an alias of an JPEG file, but in real it stores a file called ._latestpics to the folder /Library/InputManagers (as root) or in ~/Library/InputManagers (as normal user).

Be aware, cause if you get it, it'll start with every Task you open.

 

It's a worm or a Virus (probably keylogger), calles OSX/Leap.A, that will send information with iChat, I don't know exactly what.

 

If you not already got it, you can make:

 

sudo mkdir /Library/InputManagers

sudo chown root:wheel /Library/InputManagers

sudo chmod go-w /Library/InputManagers

 

I hope this information was a bit useful for you guys 'n girls of course. :dev:

 

Greetingz

enzo

Link to comment
Share on other sites

This is just bullsh**, sorry. It is a trojan of a sort, not a virus. And, it exists on every single platform (the way it works I mean).

 

Any platform can have an executable w/any icon they want. Plus, if you look at this in finder it does show up as name.jpg.app anyway.

 

I just don't want people to think it takes advantage of a vulnerability or anything.

Link to comment
Share on other sites

It does take advantage of a vulnerability - the ultimate vulnerability, present in every platform ever concieved, that has the potential to destroy any system no matter what security software is installed or ports are blocked. :dev:

 

 

(For the slower among you that would be user stupidity)

Link to comment
Share on other sites

:dev: As soon as I saw this thread title I knew it had to be bogus.

 

Edit: bogus as in nothing to worry about, not that some idiot didn't actually try to create this and other idiots actually fell for it...

 

"Totally Excellent" - Bill and Ted :)

"There's a sucker born every minute" - anonymous? :blink:

Link to comment
Share on other sites

It is a trojan of a sort, not a virus. And, it exists on every single platform (the way it works I mean).

For sure, it's could just be the stupidity of an user. But the fact is not, how the Virus/Trojan/Worm (whatever, I'm mostly doing music, not "hacking" *g*) is faked (by an image), it's the fact what the "whatever" does on your system.

E.g. If I make a virus and distribute it as an attached *.jpg.exe, a faked Windows Update on a W2k Server.

(D'Oh, I owned my self with this exe when I wasn't pychologic present :blink:).

 

It's the fact, that somebody has programmed a prog, that'll spy you. :)

 

uhm... it's unibin?

LOL!!! Good one! ;)

 

Greetz

enzo

 

PS: Hide (known) extensions on Mac and Windows is enabled by default. That sucks! When will they learn to disable it by default. :star_smile:

Link to comment
Share on other sites

As I said on a similar post:

 

This recent threats have been silly or just a prove of concept, they relly on user stupidty and most of them are PPC only.

 

Nevertheless as popularity of OS X continues to grow, expect more threats coming along, so is good to always keep your eyes open for suspicious software, for example a widget asking for an administrator's password, or an app sent by a IM Buddy with a vague message. So do minimum security efforts like not using administrator accounts for everyday use, turn the firewall on, etc (applicable to all platforms)

 

Lets not forget that OS X IS MORE SECURE than windows it is more secure by DESING, by DEFAULT (a lot to work in this one from apple needs to be done, like not encouraging users to use administrative accounts, have the built in firewall on, etc) and more secure in DEPLOYMENT

 

I know that many (if not most) of the members of this forum already know this, and probably better than me. I hope this cleared a bit the mind of those who didn’t.

Link to comment
Share on other sites

http://www.heise.de/english/newsticker/news/69919

 

Security hole in Mac OS X also affects Apple Mail

 

The weak point in Apple's Mac OS X operating system is apparently worse than originally thought. In addition to attacks via the Safari web browser, Apple Mail also executes scripts without asking in certain circumstances.

 

It suffices to disguise a script with the ending "jpg" and assign the Terminal application for opening it. If this script is then sent in the AppleDouble format as an attachment, the information is passed along so that the recipient's system also opens it with the Terminal. Apple Mail displays the attachment with a JPG file symbol, but when users click on it, the script executes within Terminal without further prompting. This has been tested on Apple Mail 2 and Mac OS X 10.4. Older versions display a warning.

 

Like the numerous Windows viruses, Mac OS X could also spread viruses via emails in this manner. The virus need only tempt users with a text to open the faked image file. You can use heise Security's Emailcheck to have a harmless e-mail sent to you that demonstrates the problem.

 

 

]http://www.denux.org/thom/osnews/mailappleflaw/proof.png

Link to comment
Share on other sites

 Share

×
×
  • Create New...