OS X Trojan appears
- Thread starter Paul_Yeo
- Start date
- Status
more info
Two versions of this Trojan horse exist, and the Intego Virus Monitoring Center immediately developed updated virus definitions, which it released on February 14, 2006, as soon as it discovered this threat, ensuring that VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan horse. All Intego VirusBarrier X and VirusBarrier X4 users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this Trojan horse, after being decompressed, appears to be a graphic file. When a user double-clicks it, expecting to see a picture, the program inserts a file called apphook.bundle in the user's InputManagers folder which then ensures that it is replicated in all other Cocoa applications the user launches. Using Spotlight, the Trojan horse searches for the four most recently used applications, then infects them. The apphook.bundle Input Manager attempts to send a copy of the original file, latestpics.tgz, to every person on a user's iChat buddy list. Since users see this file coming from friends and colleagues, they are inclined to assume that it is safe, and therefore double-clicks the file a first time to decompress it, and a second time to attempt to "view" it.
Two versions of this Trojan horse exist, and the Intego Virus Monitoring Center immediately developed updated virus definitions, which it released on February 14, 2006, as soon as it discovered this threat, ensuring that VirusBarrier X and VirusBarrier X4 eradicate the Oompa-Loompa Trojan horse. All Intego VirusBarrier X and VirusBarrier X4 users should make sure that their virus definitions are up to date by using the NetUpdate preference pane in the Mac OS X System Preferences.
Initially appearing in a compressed file called latestpics.tgz, this Trojan horse, after being decompressed, appears to be a graphic file. When a user double-clicks it, expecting to see a picture, the program inserts a file called apphook.bundle in the user's InputManagers folder which then ensures that it is replicated in all other Cocoa applications the user launches. Using Spotlight, the Trojan horse searches for the four most recently used applications, then infects them. The apphook.bundle Input Manager attempts to send a copy of the original file, latestpics.tgz, to every person on a user's iChat buddy list. Since users see this file coming from friends and colleagues, they are inclined to assume that it is safe, and therefore double-clicks the file a first time to decompress it, and a second time to attempt to "view" it.
I'm sure.... being a Mac user. U're IT security conscious enuff not to open any unknown attachments sent by anyone, familiar or not. :bsmilie:Paul_Yeo said:
I don't understand, isn't user processes running with basic user privileges? how can it infect installed apps?
Sion
Senior Member
Paul_Yeo said:I dun have any anti virus or anti spyware in my comp
Go and install AVG anitvirus fast fast. You can download the free edition to try out.
AReality said:
popular myth - mac was never virus free in the first place. its just dat, compared to windoze, its relatively fewer virus and trojans floating ard.
if anyone has the time and patience, can read this. its just one of many documents published.
http://www.faqs.org/faqs/computer-virus/macintosh-faq/
OS X has been virus free. Still is. If any program that requires you to actively download, run and then enter an admin password to do its harm is considered, then that's a different story.
alucard (hey man, how's the macro shooting ) that's precisely what I expect from a UNIX-style OS.
) that's precisely what I expect from a UNIX-style OS.alucard said:macro shooting goes ok.
The trojan seems to exploit a hole in the GUI frontend and not the underlying UNIX system. Tao of Mac[2] has this to say about the Trojan business[1], "I've yet to come across anything more dangerous than this, but user carelessness will damage any OS."
[1] http://www.ambrosiasw.com/forums/index.php?showtopic=102379
[2] http://the.taoofmac.com
oh didn't know you lived there. actually we went to Coorg.
as for the Trojan Horse, I worked on VAX/VMS for many years and have yet to know of a real architectural defect in such operating systems that make them vulnerable unless being compromised by the privileged user.
- Status