Fascinating(?) virus

[Ron]

Just wanted to pass along this URI for a great play-by-play of investigating a new nasty trojan.

http://spamwatch.codefish.net.au/mod... ticle&sid=101

Just visiting a website.... sigh

[Brian77]

[Vin DSL]

Originally posted by Ron
...nasty trojan... Just visiting a website.... sigh

I ran across a trojan, a couple of months ago...

Some guy from Pakistan [deleted] came over to Nuke Cops, registered, and left a message saying something like, "My site has been hacked. Look and see what they did." Blah, blah, blah. So, of course, I clicked the link to see what 'they' did.

As soon as I hit the site, it opened up the 'Radio' sidebar in my browser. I thought, "Hrm... embedded music." But, no music! Odd! So, I closed the 'Radio' window.

The next thing you know, GetRight opened a window and wanted to know where I wanted to save 'trojan.exe' or whatever. I clicked cancel. Then another GetRight window asked me where I wanted to save 'run.exe' or whatever.

Hahaha! GetRight to the rescue!

Sometimes you discover Internet Security in the strangest programs...

[Spathiphyllum]

Originally posted by Vin DSL
I ran across a trojan, a couple of months ago...
Sometimes you discover Internet Security in the strangest programs...

Which is why I avoid MSIE like the plague, use caching firewalls, and employ proxy-filtering software to extricate these numerous invasions. Infallible? No. Improved? Yes.

The drag is everyone has to become a security expert just to browse. Obviously the punishment for these crimes is not severe enough.

[mattsiegman]

which crime, using MSIE or writing virii

[Vin DSL]

Originally posted by mattsiegman
which crime, using MSIE or writing virii

The only difference is virii work every time...

[Spathiphyllum]

Originally posted by mattsiegman
which crime, using MSIE or writing virii

Booya'

[Spathiphyllum]

Originally posted by Vin DSL
The only difference is virii work every time...

Keeping the theme...

Bada Bing!

[`elemnt]

are you saying that macs are better, or that no body can be arsed writing virii for them?

[Spathiphyllum]

Originally posted by `elemnt
are you saying that macs are better, or that no body can be arsed writing virii for them?

Who are you asking?

[jason]

Actually, now that OS X is starting to become more popular the writers are going after it now too:

The past few weeks have seen some press releases by Intego, an anti-virus vendor for the Macintosh platform, about Mac OS X trojan horses.

There was an earlier one that was a clever combination of an MP3 file with a payload that popped up a dialog box. Part of the cleverness of this was the interesting way that the various methods of file metadata were used to hide the nature of the file. However, since it relied on a resource fork, it wouldn't necessarily survive transfers across non-Mac file systems. The trojan was a proof of concept and did not cause any damage.

The latest one is apparently available via Gnutella et. al., and has an icon and name related to Microsoft Office 2004. (Office 2004 is not yet available to us on our Campus Agreement and I expect that it won't be until June 1, at the earliest. The volume version is not the same installer as the retail
version.) In some cases, people are reportedly thinking it's a demo or a "Web installer" that will download additional files when you run it. There is no current demo for any portion of Office 2004.

Instead, this trojan actually executes the UNIX command "rm -Rf ~" via AppleScript's "do shell script" command and promptly deletes the current user's entire home directory. (To do anything more would require greater privileges and/or authentication on OS X.) Obviously, running that UNIX command is not generally considered wise.

...

--Jason

[Vin DSL]

Originally posted by `elemnt
are you saying that macs are better, or that no body can be arsed writing virii for them?

LoL!

Fri May 21, 2004 08:34 PM ET

SEATTLE (Reuters) - Apple Computer Inc. (AAPL.O: Quote, Profile, Research) , long considered to be relatively immune to the security holes and viruses that plague longtime rival Microsoft Corp.'s Windows, said on Friday a security hole in its software leaves users' computers vulnerable to attack.

Apple, warning of a rare security hole in the company's OS X operating system for the second time this month, said in a release that a "theoretical vulnerability" in an application used to get help while browsing the Web could expose users to a malicious software code.

The specific nature of the security hole, such as whether it makes the computer vulnerable to outsiders or allows virus-like code to enter the operating system, was not made clear. Cupertino, California-based Apple's officials declined to provide specific comment beyond the release.

Mac, and its legion of enthusiastic users, have long touted the benefits of owning Apple's Macintosh personal computer, such as its ease of use and immunity from the computer viruses that plague users of PCs running Microsoft's Windows operating system.

Apple urged users to go to its Web site http://www.apple.com/support/downloads/ to download a free software update.

Microsoft (MSFT.O: Quote, Profile, Research) , whose Windows market share of over 90 percent makes it an attractive target for virus writers and attackers, has been plagued with crippling security holes and malicious software exploiting them.

"While no operating system can be completely immune from all security issues, Mac OS X's UNIX-based architecture has so far turned out to be much better than most," said Philip Schiller, Apple's senior vice president of Worldwide Product Marketing.

Apple says that OS X, which is based on a software system called Unix that is more than two decades old, is more robust because it is built with better permissioning tools and also draws upon the expertise of other software developers who write programs based on Unix.

Steve Jobs, Apple's co-founder and chief executive, likes to take the stage to tell loyal users of the company's "insanely great" products with "the best operating system in the world" but the message from company officials on Friday was markedly toned down.

"Apple takes security very seriously and works quickly to address potential threats as we learn of them-in this case, before there was any actual risk to our customers," said Schiller.

Source:Apple Says OS X Vulnerable to Security Breach