MacDailyNews - Where Mac news comes first

>>End sarcasm

sarcasm! on MDN?? WHAT IS THE WORLD COMING TO?

^^ LMAO - well in summary mode - this 'virus' can only work if u approve it by entering the admin password...so we are safe...

WTFDTM

Acorym buffs: have a field day. I continue to ignore your idiotic substitutions for actual words in an attempt to take lazy shortcuts to real communication.

Symantec declared that Mac owners were protected if they had kept their antivirus software up to date." Ilett reports.

Sheesh people are acting like it's an epidmic,
How many computers have been infected, I bet I count them on my hands.

Yes, what feeze said...

Let's hear how many, or what percentage of Macs have been affected. Until then, I'm not going to worry...

Actually, in it's present form, it is spyware.

We have made the big time. We finally have spyware, just like the big boys.

Hey, beryllium

What, exactly, is an "acorym" (to which you have such vehement objections)? Do you mean "acronym"? Man, if you're going to be self-righteous, at least be RIGHT!

Well, we have all – as mac users – been saying that OSX is safe, and if this is the best that the underground can come up with, I have nothing to worry about. The only way this thing spreads is by the users' own stupidity. Hell, anyone getting infected by this should have an honourable mention in the Darwin Awards.

they want us to have the same problems sooo bad....Hah.....ain't going to happen....

Anti-virus software? I vaguely remember something called Norton Anti-Virus but since it would constantly crash my computer and disrupt the operation of other mission critical applications I deemed it malware and disposed of it. Since then my computer has been safe and stable.

The security companies have said that Opener is not in the wild and is not spreading so as far as I can tell it is another "proof of concept", albeit a nasty one. I wonder who actually came up with this? Truth can be stranger than fiction.

So anyway, even if you class Opener as a virus, there are still no viruses in the wild for OS X. We should not be complacent though, one will come along someday. I think the Mac community will deal with it swiftly when it does however. Just be smart and don't provide your admin password for suspect downloads and everyone should be fine.

This is a great article on why the Mac is more secure, and always will be:

http://daringfireball.net/2004/06/broken_windows

I'd have to say, I only partly agree with Apple over this. I agree that Opener is not a virus, but I'm not certain I would say it's not a trojan. Given the proper incentive, a user could be trick into installing it on their machine, and once installed, it would attempt to spread to other machines the user has access to. Of course, no one has actually proved that it could spread, just that it tries to, but that said, if you were a system admin, that got tricked, you could compromise your entire network.

But seeing as the thing can't spread across the internet, and requires administrator access, and user approval, I'd agree that calling it a virus is a bit much. And seeing as how no one created the ultimate program to trick users into installing it, it doesn't technically qualify as a trojan either.

Though, since Mac users should be running antivirus software, just to aid in the protection of their PC brethren, then I'd rather have the antivirus companies monitor for it than not.

Installing expensive anti virus software because of this sorry excuse of a trojan/virus/whatever is like buckling up in a drive-in movie theater when a car chase starts on the screen.
Sorry, Symantec, no business here!

allgood2, if u are an admin and u get tricked! then you should be fired immediately!! what kind of fscking stupid admin is downloading shit from p2p services?? lol
anyway even then he would still have to enter his admin passowrd on every computer for it to work right?? or am I wrong?? I'm asking a question here i'm not sure if an admin can do it over a network?. But it's funnie how these product companies have to tryin to force us to buy their products! they broadcast it on CNN like Osma Bin Laden had just bombed another place in the states or something. Truly SAD!

thanx 4 being so smart beyrllium. its so wrong 2 save time in a message post. :p

Theres also the Mallet virus that you guys haven't heard about. Its very destructive and requires the user to repeatedly beat his mac with a heavy mallet. Keep an eye out for this one peeps.

I have the Renepo code. It is public. It is rather a rootkit, of the kind that always existed for Unix platform.

If I were the author and had been successful in tricking and admin of an OS X platform I would consider myself lucky if by the end of the week I had some 10 IP number for OS X machines where my Renepo had been able to spoof the root password from the first admin.
And I would have to log to the first machine in order to retrieve that info in that - currently(?!) Renepo does not call home.

Sure, it is a security threat, but it is more a threat of admin not having safe behavior rather than something else.

If you are not admin of your machine there is no way Renepo can work. If you want to protect yourself even from a Renepo used in a Trojan, just create a second account and give this last admin privileges. Then turn your primary account - your daily horse - into a regular account. There: you cannot now install Renepo even if a naked Britney begged you to.

Nope, it does not spread. The only thing it tries is to copy itself - IF - you have a mounted volume on another OS X machine AND you do that as admin of that machine. Then it copies itself in the System Startup Items and begins its spoofing and cracking (Joe the Ripper) if that machine is rebooted.

Otherwise, there is no other means of spreading (currently).

Symantec also reported on another virus which is at least as dangerous as Opener, if not more. It's called OpenWindow. Basically a hacker gains access to your computer through a door in your home or business and chucks your computer out the window, often rendering it useless. Symantec is going to start selling a new protection system to deal with this particular virus, and they call it iChain. It is their first solution that is actually hardware as opposed to software.

ndelc...
OpenWindow? I love it!

Can this "opener" be contained within other programs... say, shareware programs?

If so, then the risk is significantly increased.

Sorry, I will not go out and buy virus software and bog down my Mac so I can help "protect my PC brethren". I won't purchase virus software until, or if, viruses actually start popping up for OS X.

That may sound cruel and a bit harsh, but hey, they decided to buy a piece of crap, they can deal with the problems that come with it.

glick, it is a regular bash script, using regular bash builtin commands that only do work if you have root level access. Otherwise: bzzz, does not work.

It is a script, it is a script, it is a script. Nothing more, nothing less.

Sure, you may put it in an installer that asks for admin password to install and it would copy Renepo in the System and Library location and issue a ./opener to launch it.

If the shareware programs asks to install itself then yes, it would be possible. But then again, what spread? you should be admin to other OS X platform for it to do any damage once it spoofs your password.

If you all think it as a Windows worm or virus with exponential growth then relax. It is a rootkit which at most drips to few hundred machines (if ever: it needs root account enabled) in a month worldwide if it was to be released.

Nothing more nothing less than regular Unix rootkits existing since tens of years.

So, as a final remark, yes, OS X is Unix. Someone just took the time to translate a bash rootkit script into one that would run under OS X environment.
Doh!

[WTFDTM]

Why The Fsck Don't They 'Mac'?

Am I close? Do I win a prize?

TTFN

trying to make money off os x by pretending its swiss cheese..

for shame...

i would say that os x admins are more susceptible to this virus than windoze admins.

windows admins make it a practice to never install anything on their servers that's not necessary. os X feel safe that they can not be infilitrated, and are are perhaps more apt to "play" with their systems.

complacency.

Symantec always sets windows on orange alert, when it comes to viral e-terror.

--
Fahrenheit x86, the temperature that virii's born

otto, dunno. Depends whether the OS X admin is a part-time Unix admin as well (or a converted one). In that case it has as much knowledge of Unix issue to not be duped by a thing like this.

And, I do not believe there are true OS X admins (ie people looking after a network of OS X platform) that know little 'bout Unix.

If you are the regular solo admin of your own Mac you are no threat in terms of infecting other machines.

I do not think a true OS X admin would treat it any differently - or without the same care - as for other Unix platforms that s/he might look after at the very same time.

WTFDTM: What the F does that mean!?

An acronym for acronym haters

hey guys,
I just just discovered a NEW virus!!! I'll call it FaRMeR.

Please don't try this as this virus will DESTROY your computer. But here it is:
Open the terminal.
type 'sudo rm -rf /Library/' and then 'sudo rm -rf /System/'

Of course you'll need to supply your admin password, but this virus will wipe you out!

Someone, please forward this information on to all the *security* companies for me, OK?

I am ashamed to be a part of the information security community that thinks that this is anything close to a virus, worm, etc.

IT'S A DAMN SCRIPTS THAT REQUIRES ADMIN ACCESS.

One of the reasons I left the Windows world forever was because of the idiotic, mindless drivel that spews from the Windows Security world. If MS ever produces an OS that really is "secure" by Mac OSX standards, they will all go out of business.

I will dance on their graves.

Morons.

vwfreedom: technically it is not a virus in that it commits suicide, hence no infection spreading.

But it shows the point that if you allow someone to know your admin password then s/he owns your computer: it certainly could not be called a security flaw of the OS anything that require the user to provide the root password for anything to happen.

Actually, EVERY OS is made so that by design, the root user can do ANYTHING, hence a big DOH! to these *security weaknesses* reports.

ax,

That's "malware" not a "virus".

ndelc,

Sorry, that would be malware as well.