[jmincey]

"sounds pretty easy to avoid. i'm not too worried."
Yes, now that news articles have let you know what file to watch out for, it's no problem, right? But suppose this had not hit the media before you encountered the file and thought it would be cool to see some Leopard screen shots?
It's foolish to let a smug attitude influence us into taking these things so lightly.

[JKT]

In the context of the issue at hand, this is an extremely bad piece of reporting. There is apparently a bug in its code that prevents if from using Mail to spread, but it will self-propogate through iChat. So it does work, but not as well as intended.
Also, if you are running in an Admin account (the default account on all OS X systems) this malware will execute without requiring you to input your password.
Read Andrew Welch's post at the Ambrosia forums and see what the people who were infected by it are saying to become better informed than just rely on the info in this article.

[jdb8167]

In reply to:

---

All but the most delusional and rabid Mac devotees have understood that OS X is developed by engineers who are human beings who are fallible and that there is no computer platform which is invulnerable or perfectly secure. Plus the vast majority of compromises to system integrity involve the human factor (and this is true on the Windows platform as well). Malware which does not rely on the co-operation of humans is rare on any platform, though it most certainly does exist.

---

As near as I can tell, this doesn't rely on any fault in OS X at all. It is purely a trojan/virus/worm (yes it is all three) that does its initial infection through social engineering. The Intego quote is quite astute. The only way this will spread is if users somehow think that a file coming from iChat is safe.

[Winski]

JMincey, I think you are wrong on a few issues. First, it is possible for humans to create a platform that cannot be hacked, and that viruses cannot affect. You simply make it so that there is no external entry into the system. No way to load software, no way for the user to make any mistakes, etc. This is called a calculator. Not too useful for many folks, but it does what it does very well.
Yes, humans make mistakes and those mistakes are taken advantage of by other humans. This particular piece of malware must be accepted onto your system and opened. Then, you must provide it with an admin password to continue. You can only go so far in protecting the users from themselves.
You also tout VMS as more secure than Mac OS X. I don't know that I'd agree with you on that. Yes, VMS is a very secure environment, but so is Mac OS X. I haven't seen any recent viruses come up for VMS, but that is also true for Mac OS X, since this particular malware is really NOT a virus. I remember a few VMS worms back in the day. In fact, some of the first virus work was done on an old VAX running Unix, and then they continued their research and made a few on VMS.

[jmincey]

"A worm's principal characteristic is that it spreads from one machine to another over the Internet or an intranet."
You left out one key point. A worm is self-propagating (i.e., it spreads from one computer/network to another on its own without the participation of users) and this is what makes it among the most dangerous and severe forms of malware. Worms also tend to attack network devices as well as computers.
While others report that this particular malware we are discussing is self-propagating under certain conditions (or via certain methods), I'm not entirely convinced of this yet.

[ckasper]

I would hope for the mac consumer level users that this is nothing to worry about. Those types of users are just not equipped to deal with the threat. The attitudes in those communuties remain too cavaleir regarding viruses and other malware. I blame Apple marketing and their outside sales group for this, mostly. It shouldnt be too difficult to get mac end users to trust the malware one writes for them. They just dont believe it could happen to them.
Hiding your head in the sand is no way to meet the problem. That being said, I really don't care what others do regarding this. I have the info and the tools. I can protect my users. Can you?

[Luke_Macwalker]

In reply to:

---

This is no worm since it requires a user to manually send it. It is not self propagating

---

This is not true: once installed, it is able to propagate thru iChat, so it is propagating without user action. Now, I don't think it means that the other systems are automatically infected. If I understand correctly, the users who get it through iChat should activate it themselves too so it can install itself on the new machines.

In reply to:

---

doesn't it say that the so-called virus doesn't even work b/c it has a bug in it?

---

No, it says that because of a bug, the infected applications does not launch properly. It also says that because of another bug, it fails to propagate through Mail.
What bothers me is that the description seems to imply that the classical alert about launching an application for the first time is not displayed when the user double click on this pseudo-picture file. /forums/ubbthreads/images/graemlins/confused.gif
There is also something to be told about the input managers that can be installed so easily. Very convenient (look at what SIMBL allows) but also dangerous for the same reasons.
Finally, I don't think any system can be more foolproof than its user... IMHO (even if the one discussed here is not really dangerous) denying that malware can exist on Mac OS X is rather a disservice to do to the less experimented users.

[jmincey]

"...the users who get it through iChat should activate it themselves too so it can install itself on the new machines."
Then it's not self-propagating. Otherwise, we might as well say that e-mail is "self-propagating" with the priviso that users have to open the e-mail and read it or run it.
A worm is a computer program that is self-propagating and self-executing and can move like wildfire through computer networks without intervention by humans.

[jdb8167]

There are quite a few posts here from people who seem to think this is a hoax or is being over-hyped by the security companies. You are wrong. This is just as real as the average windows worm.
idb wrote:

".. well of COURSE they do. They're preying on the weak-minded. "
[/list]No, not in this case. If you are running as admin and you open this file and ignore the "this might contain a program warning" you will be infected. That infection tries to spread via iChat which makes it a worm. The trojan also installs a virus so that every time you open an infected application, you get re-infected. A classic virus.
GoCats! wrote:
"This is no worm since it requires a user to manually send it. It is not self propogating. "
[/list]This is wrong. It is a worm and it tries to spread via iChat. It does require the recipient to open the file but so do most Windows worms.
DarkSith wrote:
"I wouldn't worry. How many other alleged 'virus/trojan horses' have materialized before, but amounted to nothing? "
[/list]This one was found in the wild. It is more sophisticated than anything before. It probably will amount to nothing but the attitude of "don't worry" isn't going to make that happen. Everyone should be made aware of this and then it truly will amount to nothing.
osotype wrote:
"While you might techically call this a virus or worm or trojan, unless it exploits some form of hole in an OS, I don't consider it a legitimate problem."
[/list]Why does it matter if it exploits some form of hole in the OS? If it spreads, it causes Apple's reputation to be diminished. Pretending it doesn't matter unless it exploits a hole in the OS makes it more likely to succeed. Please warn your Mac using friends about the details of this. Let's make sure nothing happens which will discourage future malware morons from bothering.
bwanderson wrote:
"Sweet zombie Jesus, what a load of crap! At BEST this is a trojan. Opportunistic jerks. "
[/list]Please take a few minutes to read about this. It is NOT a load of crap. It is real and potentially dangerous. The security companies are doing the responsible thing and warning the public. Believe me, I'm the last one to believe Sophos or Intego based on their reputation. But this one is real and should be disseminated as far and wide as possible. You can go here for more info. This guy knows what he is about. New MacOS X trojan/virus alert, developing...
fribhey wrote:
"too bad it isn't a virus. "
[/list]I don't know what your definition of a virus is, but mine is anything that alters an existing, legitimate application with a malicious or altered payload. This thing does exactly that. Luckily the programmer seems to be clueless so it doesn't work so well. But that isn't uncommon in virus code.
TripleC wrote:
"Really! Such defeatism!"
[/list]Who is being defeatist? The idea is to publicize this thing so that no one, not even the most naive user will fall for it. The idea is to spread the word and defeat the loser who wrote this.
Come one guys. Being in denial doesn't help anyone. Spread the word on how to prevent this and likely it will utterly fail. There is nothing Apple did wrong here. You can't stop this kind of attack from being started but we can stop it from causing wide spread damage and thus protect the reputation of OS X as being a secure OS. Pretending it is nothing hurts everyone.

[rlavere]

In reply to:

---

Sophos, Symantec, McAfee and Intego have all added the codes description to their Mac anti-virus software files, which can be downloaded from each publishers respective Web site.

---

Huh. I just ran an eUpdate on McAfee's Virex, and here's the message I received:
"Your virus definitions were last updated on January 18, 2006, and appear to be up to date."
Whatever.

[wageslave]

In reply to:

---

But suppose this had not hit the media before you encountered the file and thought it would be cool to see some Leopard screen shots?

---

Well, there'll be plenty of time for Leopard screen shots when oh, I don't know, Leopard is released. The chance of me looking for Leopard screen shots are exactly zero, because I honestly couldn't care less.
But let's say I was looking for Leopard screen shots. Let's say I downloaded this file and let's say that in my excitement to see those Leapard screen shots, I entered my admin password without thinking about it (none of which would I actually do) What then? Well, according to the Ambrosia Software forum post linked in the article,

In reply to:

---

It doesn't actually do anything other than attempt to propagate itself via iChat

---

I stand behind my initial statement.
Contrary to your assumption, my lack of concern does not stem from a smug attitude, but rather from the knowledge that this is not a significant threat.

[jdb8167]

In reply to:

---

A worm is a computer program that is self-propagating and self-executing and can move like wildfire through computer networks without intervention by humans.

---

While self propagating is far more dangerous, most Windows worms aren't self propagating either. This thing makes a connection with people in your buddy list and automatically sends a copy of itself. That is pretty damn self propagating. Who cares if it matches some academic definition of a worm. It makes it dangerous.

[rlavere]

In reply to:

---

Sophos, Symantec, McAfee and Intego have all added the codes description to their Mac anti-virus software files, which can be downloaded from each publishers respective Web site.

---

McAfee's is here:
http://www.mcafee.co...tes/default.asp
Trust me, I just saved you a lot of time. What a mess that site is...

[jmincey]

"Who cares if it matches some academic definition of a worm. It makes it dangerous."
It's easy in the Mac community to be complacent about such matters and I realize the issue of malware and security has become about bragging rights for those who enjoy the game of "My platform is better than your platform." But I agree that computer security should be taken seriously irrespective of one's platform, and I think it's only a matter of time before a bona fide virus/worm strikes the Mac and OS X -- and perhaps this one qualifies.
I'm not a fear-monger or naysayer, but people who dismiss this threat or laugh it off are being foolish in my opinion and they do so at their own peril.