Posted  by  admin

Tored A Lame Email Worm For Mac

Tored A Lame Email Worm For Mac Average ratng: 10,0/10 2824 votes

Worm:OSX/Tored.A is a worm that propagates through infected emails and is capable of functioning as a backdoor and keylogger. A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple's OS X.

Mac OS X certainly has vulnerabilities. The people saying it doesn't are morons.

But the problem is that any vulnerability discovered in any Apple product gets amplified in the press massively disproportionately. The truth of this argument is, as inherently insecure as Windows may be, the argument shouldn't be about vulnerabilities. It should be about time from vulnerability acknowledgment until correction. That being said, Mac didn't take this stance. They took the 'we don't get viruses' high road.

What I said has nothing to do with whether something needs privilege escalation or not. In fact, my own little 'rm -rf /.' joke doesn't require any privilege escalation at all and can delete the contents of your home directory with no further warning. Something as simple as that can be bundled up with Platypus by anyone who can click a mouse as a little trojan that looks like any other Mac OS X application.

Think that's 'stupid'? It's just as stupid as this 'virus' proof-of-concept that does nothing more than show that it can be appended to a file. It doesn't spread, and has no vector for propagation. Before you say 'well, all someone has to do is find a vector!' That's the hard part, 'nitwit'. This 'virus' proof-of-concept that does nothing more than show that it can be appended to a file.

It doesn't spread, and has no vector for propagation. No vector for automatic propagation, perhaps. I'm old enough to remember viruses back in the days before the Internet and email, though, when they were spread via infected floppies. Hell, just the other week there were stories here about a McDonalds flash-based mp3 player that shipped with a virus, and another about an infected batch of iPods. No vector for pr. Your rambling about iPods, perhaps? It was an example of how something utterly technically unrelated is used as an excuse to push Apple into the security spotlight again, claiming that because a QA machine infected with a.Windows.

virus at one of its contractors means 'Apple' is being targeted more by 'hackers'. (???) Your turn, please describe, specifically, why you felt compelled to post such an enormous amount of text in the first place? For accuracy and a comprehensive analysis of the situation. I'll make you a deal - I'll stop being interested in them when you stop feeling compelled to tell me they aren't of interest. Witty, but how exactly is this interesting?

The point wasn't, 'This isn't a virus,' it's, 'Why is this on the front page of slashdot?' This isn't like someone trying to say 'nothing to see here, move along' to cover up a story; rather, there really is nothing here. Sure, it's a 'virus', technically, with no means of propagation that doesn't do anything particularly new or interesting in. This isn't the 'first' proof-of-concept for OS X that meets the definition of a 'virus'. This doesn't even meet the definition of a virus at all. A virus has to not only attach itself to some other file, but also to spread.

As you said in another post, there is no vector with which this thing can spread (aside from direct user intervention). At best, this is proof of concept for a very primitive trojan: please download me, make me executable, then execute me. Pretty please? I'll do great things for you, I. Both viruses and worms require automatic propagation. The distinction lies in what code performs the propagation. Viruses take advantage of weak spots in other executable code.

Macro viruses exploit a word processor's macro system. Boot sector viruses exploit the computer's boot loader.

In every case, though, the virus takes advantage of some piece of already-existing piece of software that executes code automatically, usually without direct control or knowledge from the user. A worm OTOH, is its own executable. It's essentially a self-replicating daemon. It does exploit weaknesses in a system's remote-execution code to propagate, but it doesn't require an interpreter. All it has to do is write its executable text to a block of memory, then trigger a fault which causes that block of memory to be treated as an executable. Automatic propagation is the hallmark of a worm or virus, though. If Macarena can propagate every time someone opens an infected file, it's a virus.

If you have to run a specific infection program to attach the payload to other files, it's not a virus, it's just a program that appends unwanted crap to other files. #!/bin/sh for file in.; do echo 'cat $0 $file' done exit Ooooh noooo, a virus! Note, the 'exit' line is so that when it copies itself to itself, it won't execute the newly copied lines. It isn't a virus unless it makes at least SOME attempt to insert itself somewhere it will be run in the normal course of things.

For instance, in earlier versions of OS X, there were a lot of directories and files that were writable by group 'admin', which anyone who is marked as an administrator is in (withou. DEAR RECEIVER, You have just received a Mac OS X virus. Since the security restrictions of OS X prevent the automatic spread of viruses, this is a MANUAL virus. Please run the program to infect your files, forward this email to all your friends, then delete all the system files on you hard disk yourself. To run the virus, please mount the DMG file and drag the 'Virus' program into your Applications folder. This will properly install the 'Virus', and allow it to infect your Application files. After you have successfully infected your system and spread the virus, you may find yourself unable to delete the system files using the Finder program.

In this case, you must open a terminal and follow the instructions below: 1. Type 'sudo su -l' and hit ENTER. Enter your password and hit ENTER. Type 'rm -rf /' This process will take several minutes, so please be patient. Should you run into technical difficulties with infecting your Macintosh, you can visit our online help website at www.infect.yvirus.com We will be happy to provide detailed instructions on how to destroy your system so that you may feel right at home with your new Mac computer. Thank you very much for your assistance.Mac OS X Hackerz Attachment: Virus.DMG P.S. If you don't get the joke, please read the article and virus report.

It is not possible to run an application directly from an email. It must be either dearchived to a.APP folder, or marked as executable. You can only modify your own files.

The system files are protected against user modification. Programs looking to modify the OS need a user marked as administrator to enter his password.

The password is sent directly to SUDO to give the temporary permissions required. The Mac has no open ports by default. Which means no Web Server worms, no buffer overflows, no pass. All you need to do is convince the user to save an archive attachment. Extract it and run the contents. You missed a few steps.

In order to simply run the attachment, you need to: 1. Save the archive attachment. Ignore the warning about an 'unsafe application' given by Safari or Mail.app. Mount the DMG file or unzip the ZIP file. Still not realize that the dearchived file is not a document despite looking exactly like an application. Run the application. Okay, so now the user has infected their system.

Their documents may be infected, but those are useless to the virus. They can't be executed, and the user isn't likely to pack up his.APP folders and share them with all his friends. Effectively, the virus has stopped spreading. So what is a virus to do? Under a Windows system, it would get ahold of the Outlook address book and mail itself to everyone.

Alternatively, it would want to stay resident after reboots and/or collect information about the user's activities. Under a Mac, these things need elevated privileges to do. So the virus would have to: 6. Invoke the SUDO app to request elevated privledges. User would need to fill their password into the prompt. Virus would infect the necessary files to do its dirty work of spreading. At this point, however, the user is so stupid he belongs in a mental facility.

He's already ignored half a dozen explicit and implied warnings that something is wrong, just to ensure that this virus can take over his system! That's one determined user! Some people may believe that Mac users are really that dumb, but if that were the case then viruses would already run rampant. Instead, we get an impotent 'proof of concept' that can't actually spread itself. All it can do is damage your files. For a proof of concept, that's pretty pathetic. From there the worm can easily spread on OSX, and no, root would not be required to do so.

As I've mentioned twice now, that's blatently incorrect. It can 'infect' your documents, but system files require elevated privileges. 'Infecting' your documents does nothing more than damage your files, and the virus can't even stay resident (or stop the user from killing it on the Dock!) without a password.

So it's effective impotent and contained unless it can trick the user into giving it his/her password. Anybody can create a virus for OS X, and it can run perfectly.

Tored A Lame Email Worm For Macbook

Worm

The biggest problem would be how it can be able to spread to other machines. On Windows, it isn't viruses that plague Windows, but it is worms, spyware, and adware that affects that platform. All it takes to be infected with a computer virus on any platform is to not be vigilant about the data that you download. Being infected by spyware and adware, however, relies on the security of the browser, and being infected with a worm relies on the security of the operating system's Internet connectivity.

OS X remains relatively secure because its browser does not have hooks to the shell (unlike older versions of Internet Explorer, although I've read that Internet Explorer 7 has been decoupled from the shell), and because its Unix core isn't susceptible to worms (Unix has come a long way since the worm of 1988). OS X also has a firewall, although I just learned that it isn't enabled by default (but turning it on is easy; they should change the default in OS X 10.5). A demo virus for OS X or Linux isn't news. No operating system can block the execution of a virus unless the operating system has a list of trusted applications that it knows are virus-free. An operating system can prevent worms with better security, and spyware can be prevented by using a secure browser, but viruses cannot be blocked from execution. I believe he is referring to the way that Windows Explorer (the shell) handles 'executable' files. Faced with a.PIF,.EXE, and a.BAT, Explorer treats them all the same.

This allows for theoretically non-executable file (e.g.PIF) to be executables in disguise. As for the coupling with Internet Explorer, several URL pass-thrus have been exploited on Windows to force Windows Explorer into executing files passed by Internet Explorer. Thus the coupling between the browser and the 'shell' is bad. Finder is a b.

Being infected by spyware and adware, however, relies on the security of the browser, and being infected with a worm relies on the security of the operating system's Internet connectivity. This is true only if you assume that every single malware and worm infection has been caused by a vulnerability in the browser, which is clearly not the case. I think that the vast majority of infections occur because people are simply naive and careless.

Most of the fastest-spreading Windows worms in history have requir. I think that the vast majority of infections occur because people are simply naive and careless.

Most of the fastest-spreading Windows worms in history have required significant user interaction to be successful. I think you are factually incorrect. The studies I've seen all indicate while there are more malware programs that require user interaction than there are automated ones, there are more infections and they spread faster when they require no interaction. The majority of infections to date are the.

How about the tiny fact that under windows if you execute an app it is not hard for it to infect system files SILENTLY in such a way that it is utter hell to get it removed again. Yet I cant see a way of doing this under OSX. OSX pops up a 'gimmie your administrator password' box when it runs and every Mac owner I know is paranoid when they see it because it does not happen very often. Under windows, users are so used to warning windows and windows asking permission popping up every 30 seconds during an. Being infected by spyware and adware, however, relies on the security of the browser No it doesn't; plenty of trojans install spyware and/or adware, no exploits required.

(Remember Kazaa?) I've read that Internet Explorer 7 has been decoupled from the shell I don't know all the details, but certainly if you type a URL into Windows Explorer after installing IE 7, rather than handling it itself (and morphing into IE), it launches the system default browser to handle it. So if I type 'into Wi. Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. The wording implies that the virus itself was written by 'AV vendor Symantec,' where I'm bloody sure that the intent was to say that the report was by Symantec.

Tored A Lame Email Worm For Mac Pro

Many commenters have fallen into this trap and have lambasted Symantec for authoring proof-of-concept viruses in order to boost sales of their AV product. That's not to say that they don't engage in FUD, or that it's not possible.

Those of us following malware in general and OS X malware in particular already heard about the new info-pull.com for OS X exploit released recently that supposedly exploit an unpatched hole in the wireless drivers that shipped with some powerbooks an imacs. It has a lot more potential as a real security issue than this reported proof of concept, since this one has no automated mechanism to spread and no remote vulnerability or any vulnerability for that matter.

It is simply code running as it is supposed to with the privileges it is supposed to have. It is no more the result of a flaw in the system than 'rm' is. As for this 'virus' it is a demonstration of a problem, but one that is so widespread and common it will be dismissed by the majority of the security community out of hand. The problem is, this code (when run) has permission, by default, to do too much and the user is not notified by the OS of what it is doing. The same can be said of most any desktop OS these days.

The granularity of permission is basically: none, everything the user can do, or anything. That is insufficient to deal with software that may or may not be trusted. Interestingly enough, Apple has announced the inclusion of application signing and Mandatory Access Controls in OS X 10.5. Theoretically, unsigned applications like this could be placed in a very limited trust level by default and as such, would not have permission to edit random user files because the MAC ACL would stop it. Viruses and trojans would have a big roadblock. Imagine downloading some random program like this, double clicking it, and OS X informing you not only that it is a new application, but also pulling up a dialogue that says something like 'The application 'macarena.sh' wants to modify 122 applications in your Applications folder. This behavior is characteristic of a virus.

(stop it from changing them)(let it change them)(view advanced options/details).' I'm keeping my fingers crossed that Apple is the first to bring SELinux's granularity of security to grandmother's everywhere in a usable way. Seems like Apple packages by default contain all the libraries and things they need to run - an offshoot of the NeXT packaging system. Shared libraries don't seem to be as heavily used on OSX. So why not by default chroot installed applications and possibly setuid them to 'nobody'?

Possibly even drop a strong capability model in there so that the application has to request permission to do stuff like open network connections or listen on sockets. The regular end user might still just blindly accept everyth. So why not by default chroot installed applications and possibly setuid them to 'nobody'? Possibly even drop a strong capability model in there so that the application has to request permission to do stuff like open network connections or listen on sockets.

The regular end user might still just blindly accept everything but it'd make it a lot harder for an executable to do any damage in the default sandbox. For Leopard, Apple has ported TrustedBSD's mandatory access controls, so even if Apple doesn't do t.

Tored A Lame Email Worm For Mac Free

lowendmac.com was not really noticed that much either. It only could infect 7 to 8 million OSX based Macs. Still it shows that AppleScript and Safari are weak links in the OSX armor that can be exploited by someone if they try really hard enough to make it work with newer versions of OSX.

Mac Users are like the old Amiga users, thinking that their platform is so secure that no virus is written for it, so there is no need for antivirus programs. The Amiga users figured this, because MS-DOS was targeted by virus. Switchback was not really noticed that much either. It only could infect 7 to 8 million OSX based Macs. Umm, the exploit was released after it was patched, three years ago, if I recall. Given automatic update, not much of an issue. I don't think I've ever seen it and I have a signature running against a class A and then some.

Still it shows that AppleScript and Safari are weak links in the OSX armor Of course the browser will always be a weak spot, it's going on to the Web and constantly downloading unt. Symantec said that it will release an edition of Norton Anti-Virus for OSX which detects viruses for Windows.

That is exactly what the current OS X anti-virus solutions do. Like the anti-virus software that Microsoft requested for FreeBSD (back when Hotmail was running on non-windows OSes), the primary purpose of the OS X solutions is to contain threats that might target Windows. A Mac might not be able to be infected, but it could be an accidental carrier. Having solutions like mcafee.com available g. So, you've been waiting for this day. And if you RTFA, the day isn't here yet. The first commenter gets mod'd troll and he brings up the very topical point that Apple news gets blown out of proportion.

I hope he gets mod'd back because it's a perfect non-trolly response to this troll. I was about to type up why OSX is better as a consumer.nix desktop OS but I don't care anymore. I give up on prejudice OSist people.

Some people just don't want to try something out for themselves, for fear of switching. Of more concern are exploits in the UNIX level of the operating system. Not speaking to your specific issues, but OS X and most Linux distros are in the same boat when it comes to general security.

It's hard to make a worm for them, the average script kiddie won't cause you any problems, but a dedicated hacker or security expert can get in if you leave any openings (like sshd without a firewall). This could be just a dictionary attack on a weak password or it could be an unpublished exploit in some other.