OS X Trojan appears


Status
Not open for further replies.

Paul_Yeo

Senior Member
Feb 27, 2004
2,155
0
0
Sengkang
www.boo.sg
#1
A new Trojan for Apple's OS X computers has appeared. While neither a virus nor the first appearance of malicious code on Mac OS X, the incident is receiving major attention from the Apple community. Additionally, the Trojan has been neither widespread as a worm nor particularly effective, but should be an eye-opener to Apple users that no modern computer system is safe from the potential for viruses, worms and malicious code.
Source: http://www.securityfocus.com/brief/142

I dun have any anti virus or anti spyware in my comp :confused:
 

ortega

Moderator
Staff member
Nov 2, 2004
23,694
10
38
Singapore, Singapore, Singapor
#3
more info

Two versions of this Trojan horse exist, and the Intego Virus Monitoring Center immediately developed updated virus definitions, which it released on February 14, 2006, as soon as it discovered this threat, ensuring that VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan horse. All Intego VirusBarrier X and VirusBarrier X4 users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this Trojan horse, after being decompressed, appears to be a graphic file. When a user double-clicks it, expecting to see a picture, the program inserts a file called apphook.bundle in the user's InputManagers folder which then ensures that it is replicated in all other Cocoa applications the user launches. Using Spotlight, the Trojan horse searches for the four most recently used applications, then infects them. The apphook.bundle Input Manager attempts to send a copy of the original file, latestpics.tgz, to every person on a user's iChat buddy list. Since users see this file coming from friends and colleagues, they are inclined to assume that it is safe, and therefore double-clicks the file a first time to decompress it, and a second time to attempt to "view" it.
 

Paul_Yeo

Senior Member
Feb 27, 2004
2,155
0
0
Sengkang
www.boo.sg
#5
jsbn said:
I'm sure.... being a Mac user. U're IT security conscious enuff not to open any unknown attachments sent by anyone, familiar or not. :bsmilie:
if the attachment is named "chio bu", I may open uncontrollably :embrass:
 

zerofour

New Member
Mar 9, 2004
201
0
0
SG
#8
this kind of thing happen whenyou have too many pc users switch to mac users and also switch of intel mac.....
 

nightwolf75

Moderator
Staff member
Dec 18, 2003
17,857
14
38
really MORE diaper changes
#11
AReality said:
Oh no!
Mac is no more virus free!!!


Now it's getting more complicated...
.
popular myth - mac was never virus free in the first place. its just dat, compared to windoze, its relatively fewer virus and trojans floating ard.

if anyone has the time and patience, can read this. its just one of many documents published.
http://www.faqs.org/faqs/computer-virus/macintosh-faq/
 

kristian

New Member
Apr 15, 2002
70
0
0
Melbourne & Singapore
#12
OS X has been virus free. Still is. If any program that requires you to actively download, run and then enter an admin password to do its harm is considered, then that's a different story.
 

hwchoy

Senior Member
Jul 16, 2003
1,899
0
0
55
Tampines, Singapore.
www.hexazona.com
#14
alucard said:
macro shooting goes ok. :) I saw your pics from India. I have lived in Bangalore for quite sometime, nice shots. :)

The trojan seems to exploit a hole in the GUI frontend and not the underlying UNIX system. Tao of Mac[2] has this to say about the Trojan business[1], "I've yet to come across anything more dangerous than this, but user carelessness will damage any OS." :)

[1] http://www.ambrosiasw.com/forums/index.php?showtopic=102379
[2] http://the.taoofmac.com

oh didn't know you lived there. actually we went to Coorg.

as for the Trojan Horse, I worked on VAX/VMS for many years and have yet to know of a real architectural defect in such operating systems that make them vulnerable unless being compromised by the privileged user.
 

Status
Not open for further replies.
Top Bottom