It's not a virus.

This is an old trick. Paste an icon on some malign file. There was a trojan app masquerading as a cracked version of Office X a couple of years back.

However, if you are using a normal OS X account, as you should be, it won't work, since it will either prompt you for an admin password when it tries to modify the app files or it will be denied permissions to do so.

Nice try Asher, but you make yourself look like an idiot with this one. It surprises me that someone with a degree in computer science would purvey such an obvious falsehood.

Aggie is already pwned... now to sit back and let Asher tear him a new one .

I didn't say it was a virus. The OP contains quotes saying it's not a virus.

It is a malware/worm, as I clearly indicate in the title.

It trashes the user's account who runs it, and then asks for the password which it can use to spread. The first part is "malware", the second is "worm".

You just demonstrated your completely lacking skills in reading comprehension. Again.

I would say "nice try", but it really was terrible. As I've said before, this is a hugely popular technique for most malware in Windows as well. This is why we have programs like Antivirus and Antispyware, it's not just for exploiting vulnerabilities, it's to stop stupid people from doing stupid things. That's why people who are skilled with computers simply don't get viruses and malware on their computers.

This is why I find your whole attitude towards Macs so dangerous -- whenever someone has a virus with spyware or malware, you post a link to www.apple.com like it solves the problem. It doesn't. Period.

This is not much different from someone sending an email saying "nekkid pics of Britney" and giving the following instructions.

To access the naked pics

1. Forward this email to all your friends.

2. Open the Terminal and type sudo rm -rf etc.

3. Profit!!!

Or how some of the most widespread Windows worms spread... anna-kornokova-naked.jpg.vbs files that people open and have it send to their contact list with the same thing.

Which is the point. You've got a higher concentration of computer idiots on MacOS X, especially people who are overconfident ("there is no malware on Macs!") which makes these even more dangerous.

Re: The impossible has happened: MacOS X worm/malware spreads via iChat

I never said that Macs were IMMUNE to viruses, but us macheads have always pointed out that one advantage comes with smallness - there's not much attention from hackers. So know, what's the score of viruses, how many pc viruses to mac's 1?

Don't be ridiculous Asher, this is obviously not a good thing, but it's not a particularly killer virus it seems - most people have the sense not to go opening up mysterious files. I know that if I got offered a file like that, I'd definitely ask the person on the other end what it was about before opening it or even downloading it.

We never complained that our OS was "magic" - simply that it isn't targeted. Now it's been targeted once - big deal.

Except that you are conveniently overlooking the fact that this trojan cannot execute unless you are using an admin account. If you are not, it will request a password. Of course, if you type an admin password it will work, but there isn't really a way to idiot proof a computer more than that.

Moreover, IIRC, if you download this with Safari, it will identify itself as an application and prompt you to accept the download before you can access the file (they fixed this in a hurry because Dashboard widgets could install themselves through your browser). This doesn't work with third party browsers, but you cannot blame Apple for that.

If you want to criticize Apple, then you should echo the complaint I have had for years - that the initial user account is admin by default. I have thought for a long time that each new mac should prompt the first user to separate the admin account from his everyday user account. But I imagine they think this will just annoy most users. That's actually a legitimate complaint.

But of course, you are content to repeat the same crap you did last time this topic came up. This is not news - it has been possible to create spoof files by pasting icons on them and proof of concepts based on this principle were demonstrated a long time ago. You posted a thread about a "Mac OS X virus" based on this a couple of years back.

Re: Re: The impossible has happened: MacOS X worm/malware spreads via iChat

It's been targeted many times. However, the fact remains that you have to do the following things in order for this thing to actually work.

1. Not be using Safari (which will tell you flat out it's a spoof file).

2. Not be using a standard user account (which will deny the trojan permission to install itself)

3. Enter an admin password at the prompt you get IIRC if you persist in trying to open it.

Not true. Aggie has claimed on numerous occasions that Mac doesn't get hit by malware because of its security and not just because of smallness. Which is why Asher posted this. It's because of smallness, not because of better OS security.

It can and does execute without admin privledges. It trashes the user account, and then it tries to infect Bonjour and filetransfer services, which prompts the user for admin password. Surprisingly, people do this kind of thing. People are stupid.

This is news -- it's malware in the wild spreading via iChat. Most of the victims don't download it from the web, their "friend" on iChat sends it to them after their computer has been infected.

Malware in the wild that could easily be stopped by basic antivirus software on a platform where 99% of people don't have antivirus protection is a big deal. It should be treated as a wakeup call -- MacOS X isn't the solution to spyware, adware, and viruses. It's vulnerable to them too, it's just not big enough to be a main target. I remember you talking repeatedly about how secure by design MacOS X is, and that's why Windows is being exploited instead. My point is, you're full of sh*t. Marketshare is the reason, not design.

A "secure by design" OS would not have Admin accounts be the default, nor would it hide file extensions from the user. That's the main problem here -- by default file extensions are hidden and the file icon can be overridden. The result is an executable file that has an image icon and no visible executable extension.

And finally, your ignore list is obviously broken once again.

Re: Re: Re: The impossible has happened: MacOS X worm/malware spreads via iChat

You are completely wrong, again.

1. Most people are being infected by file transfers from their friends on iChat, not by downloading the file (although people clearly are being infected by that way, too, that's just how it started).

2. The install is only part of it, the first part of it trashes the user account (which does not require admin passwords), the second part (the worm part), does.

3. See above.

I have claimed no such thing. Why don't you try reading my posts instead of posting this ****?

I have in the past claimed that I have no solid idea about why OS X doesn't get hit by malware. I imagine it is a combination of things (one being the extra hoops you have to jump through to get it to work). Asher has repeatedly stated that it is solely down to marketshare, a claim for which he has no proof (his "proof" in the past has consisted of repeating the claim that "it must be true").

As usual he just talks out of his ass. Nice to see you joining him.

*opens up ichat to see if anything funky is going on*

Of course you have. The fact everyone except you thinks this is quite an indicator.

Sorry Asher, you will have to do better than that.

Bye now.