[jdb8167]

In reply to:

---

Yes, it is.

---

Did you read the write up from Ambrosia? If you did and still think it is a load of crap then all I can say is I think you are mistaken and doing yourself and anyone who believes you disservice.
Let me repeat. Apple did nothing wrong here. There is no exploit based on a system flaw. This is just social engineering. To protect yourself you need to understand what happened because if you don't you are also vulnerable.
If you didn't read the write up do so. If you did and didn't understand why it is a big deal ask questions here.

[NeoX]

While I agree with what you say. This is a no biggie virus or worm or whatever you want to call it. Windows today though is not built on DOS. It is based on NT which was not built on DOS but a completely new OS. The last Windows OS to be based on DOS was Windows 9X and ME. ME was the least of the 9x series to be built with DOS. When you are running a DOS app from XP you are running it thew a VM.
As for the worm debate there are several worms that attacked certain windows vulnerabilities that required zero intervention on the part of the user. Simply having your computer on and attached to the internet without a firewall would put you at risk. I remember reading an article on a tech site about how long it took to catch a worm on an unpatched Windows XP system. Something like 20 minutes and they had been infected with zero intervention... Now that is a worm...
Regards,

[Grapho]

I agree with you. This kind of malware is nothing new and I think people are just getting a bit to nervous for nothing. The last virus/malware that I had to contend with was the Auto Start virus that propagated trough removable media and affected the classic OS. To my knowledge it was one of the most successful attempts against the Mac OS. All you needed to do was to insert an infected floppy disk or zip disk to get infected. It made sense back then to have anti virus software running. Even after learning of this threat, I don't see the imminent need to go and purchase such software, at least not yet and not because of this.

[lkrupp]

"There are quite a few posts here from people who seem to think this is a hoax or is being over-hyped by the security companies. You are wrong. This is just as real as the average windows worm."
And you, sir, are being overly melodramatic, very preachy and condescending.

[jxself]

In reply to:

---

his thing makes a connection with people in your buddy list and automatically sends a copy of itself. That is pretty damn self propagating.

---

But it ends there. The remote side is only infected if:
a) The person on the other end of the IM program is running a Mac (remember that not everyone appearing in your iChat buddy list is necessarily a Mac user and they are therefore immune.)
b) That remote IM program has file transfer ability present and enabled (most but not all do) - I refer to the "remote IM program", because not everyone will be using iChat on the remote side (for example: My normal IM program doesn't support file transfers.)
c) That same Mac user (with a file-transfer-enabled IM program) is also running OS X 10.4 (10.3.9 users and earlier are immune)
d) That same Mac user (with a file-transfer-enabled IM program) that's also on 10.4 also accepts the proposed file transfer
e) That same user then decompresses the file
f) They execute the file
g) The enter their password
Since the file's automated propagation officially ends after the inital transmission onto the recipient's desktop (or wherever they store file transfers), and requires the user to pickup where it left off, it's not a worm.
A true worm would be able to remotely infect the other computer with zero assistance (which this does not do.) And then after that be able to launch itself from the remote computer and infect a third computer (and so on) with no user assistance for anything at any time.
It would then continue this 100% automated "infect, spread" process until there are lots of infected computers... all the while with no user interaction for any part of the process to occur.

[tabasco_hot]

This isn't a Virus. It's an application. You have to actually install it, and then run it for that matter for anything to happen. I would call it more of a spoof than a virus. You have to be fooled in to downloading it first, and secondly you have to unzip it, and it's still harmless. You still have to install it, and then the 4th thing is you have to run the application I believe there is a 5th thing. You need to type in a password for it to attack anything crucial. They should have named it a "Hey Stupid!" /forums/ubbthreads/images/graemlins/shocked.gif
Couldn't I just write a disc utility application to erase a drive and label it with the .jpg extension and send it to some idiot to do the same thing? Because that is all it sounds like to me. And you really do have to be stupid to fall for something like that. /forums/ubbthreads/images/graemlins/tongue.gif

[hayesk]

You have it exactly right. Anyone with a little scripting or programming knowledge could write this - for any computing platform.
Simple way to protect yourself - whenever someone sends you an attachment, check what it is first. It's safe to decompress it. After that, all it would take is a simple "Get Info" on that "JPEG" file and people would see it is not a JPEG, but in fact, an application.

[jdb8167]

In reply to:

---

g) The enter their password

---

Unfortunately this is wrong and has been reported widely but it is incorrect. The trojan silently fails if it doesn't have write access to any applications. Also unfortunately, most OS X users are running their day-to-day accounts as admins which means that nearly all of their applications will be writable without a password. You can verify this with the Get Info window in the finder. If you are an admin and an application was installed by that admin account, there is a pretty good chance that the Get Info window will say the file is Read & Write.

In reply to:

---

Since the file's automated propagation officially ends after the inital transmission onto the recipient's desktop (or wherever they store file transfers), and requires the user to pickup where it left off, it's not a worm.

---

An academic discussion of what is a worm or a virus is pretty irrelevant. There is no exploit and as such the trojan can't infect other machines without a bit of social engineering. Without a doubt the most dangerous worms and viruses are the ones that have an exploit that allows them to be installed on remote machines. They are disastrous. But most worms on Windows are exactly the same as this one. And they can and do spread.
Lets look at what happens from a users point of view.
They get to their machine and their brother has sent them a file over iChat called latestpics.tgz. They download it and get a warning that it may be unsafe. I don't know the exact wording from iChat is but it is probably similar to Safari. It basically gives the same warning if there is or is not an application in the file.
Since the file seems to be about a picture, the user downloads it. Then the user looks at the file and it has an icon as a JPEG. Now, maybe the user is suspicious or maybe not. This whole operation takes only a few seconds, not much time to think. If the user double clicks the JPEG icon and is running as an admin account he is infected.
This trojan/worm is poorly written and not that dangerous but the technique is very dangerous. It is even worse when people discount it. I admit that on a bad day, I could easily be hit by this. It only takes a few seconds of not thinking.

[Grapho]

You may not have to downloade it, but the rest I concure.

[RFM]

Not worried. I don't use OS X or Windows /forums/ubbthreads/images/graemlins/smile.gif

[jdb8167]

In reply to:

---

You need to type in a password for it to attack anything crucial. They should have named it a "Hey Stupid!"

---

Do you run your day-to-day account from an admin account? If you do, no password is required. Apparently there is never a password dialog with this anyway.

[jmincey]

I agree with Jim that this represents more of a threat than most people in this thread appreciate. Sure, this particular example is feeble because of bugs, but as we take pains to list all the steps required in order to run this on our computers, let's be mindful of one thing: As Jim says, this entire multi-step procedure -- while impressive to see in print -- would typically take only several seconds.
Ask any technical writer and he (she) will tell you that if you deconstruct even the most simple task on a computer into its individual steps, you can make it look impressive. In fact, when I have written tutorials for my fellow staff, I have to caution them not to be intimidated by the volume of verbiage because at the end of the day the procedure it describes is actually very simple and quick to perform.
So, yes, in order for malware of this kind to cause a problem on our computers, we have to (1) place our hands on the keyboard, (2) move our hand to the mouse, (3) click on this, click on that, (4) put hand back on keyboard, etc... /forums/ubbthreads/images/graemlins/smile.gif
It's a wonder that after citing the need to decompress the file, people in this thread didn't say that the next step is then "to wait for the file to decompress..."
In practical terms, this malware type under discussion represents a danger, and, no, not only to "stupid" or naive users either. Anyone -- even the most brilliant software engineer -- can be caught off guard and click or double-click on something and press RETURN and then realize, "Oops."
We Mac users need to stop downplaying every possible threat to the Mac platform. While I don't believe in security through obscurity, that's not to say the Mac's relative obscurity plays NO role at all. Malware will happen on the Mac -- it's only a matter of time. And it's not fear-mongering or naysaying to point this out. Rather it's only to suggest we get off our high-horse and come clean -- and to illustrate, I will provide an itemized list of my own:
1. The Mac is a computer.
2. OS X is an operating system.
3. The computer and the operating system were designed and built by fallible humans.
4. The Mac platform is not perfect or impenetrable or invulnerable.
5. Most malware on the Windows platform depends on the user's co-operation too.

[mjreiland]

It really doesn't sound like it's a hoax to anyone on here. What it does sound like is that this isn't a true virus or worm. True, it can do some bad things, but it doesn't self-replicate. Just because it sends a file through iChat, doesn't mean it's self-replicating. The user on the other end has to accept and install it. I don't care if many Windows 'worms' are like this, many are not like this and can self-replicate without any intervention by the user. Those are the dangerous ones. ANYONE with any programming knowledge can create a program that deletes files. It's exremely easy. What they can't do on OS X or very easily on Windows is create one that does this without the user being involved. However, the key here is it's not easy on a Windows machine and, as of now, it can't be done on OS X (at least not that we know of ).
I don't want to pretend like OS X is impervious, because it's certainly not, but this is neither a true worm or a true virus. As you mentioned, like many (but not all) Windows malicious code, if you are smart you don't get infected. Yet, with OS X, that's all that it takes to be protected. On Windows, you can get infected without doing anything dumb.
Nothing can completely protect a user from being stupid. Otherwise the trash would be a virus. It deletes files, sure with a user's permission, but if you were stupid and didn't understand what it was doing, it would delete it anyway.

[mjreiland]

The admin account is not the default for OS X.
However, putting your password in for the Admin account anytime you do anything that requires it, instantly gives access to the code to run.
So, it's a problem, but not as much as you implied.
Still, it's neither a virus, nor a worm, in the true sense of either term. It requires an awful lot of user interaction to get it to infect your machine. So, it may be malware, but then that's extremely easy to write for any OS. Especially so if you depend upon stupid or ignorant user intervention to make it work.