On Apr 13, 2004, at 12:21 am, Peter da Silva wrote:
I don't know if it's legit or a cunning plan to sell software.
It's a cunning plan to sell software.
You really think so? I know it's not exactly on the scale of MyDoom (I for one am not worried as I never download MP3s anyway) but it's still a threat.
Yes, it's a threat. But this particular instance was a PR scam.
On USENET last month some people discussed ancient ways to tuck an app into another file. And I mean *ancient* - techniques that have worked since day 1 of the classic Mac OS. Add to that the mixed issue of file type identification on OS X, and voila you can play some games. [I'd rather not elaborate here; this has been beaten to death in other venues; google is your friend. :)]
Enter a lesser player in the anti-virus product market: Intego. From that USENET discussion, a "test" or "concept" trojan was created, but was never released into the "wild". Intego seems to have claimed that the test was emailed to them, but then they don't produce that email -- so my guess is they created it. Either way, they first updated their anti-virus software to "detect" it, then sent an alarmist press release to the likes of the NYTimes, WSJ, and CNN. They ignored the regular virus reporting channel -- discussion on the security lists and reporting it to the OS vendor responsible (Apple, in this case)!!! hummmmmm.
But right now this is purely a scare tactic.
Not really - it is if anything a proof that methods of breaking into OS X have been found.
Breaking into? Hardly. The trojan is on the resource fork of its carrier file (mp3, jpg, mpg, etc). So *IF* it got to your computer without being damaged (remember that most file transfer methods ditch the resource fork), it's running in your user space! So it only has access to the files of the currently logged in user! If it deletes them, so what! Just restore them from your backups. It doesn't get and cannot get (unless you're dumb enuf to type in your admin password when prompted) access to the system itself or your other user's files!
It's also a warning shot across the bows of the so far (I'm sad to say) ignorant Mac community who sit on their high horse and pontificate about never getting viruses.
Yup. Time for us to get on the bandwagon. As if the anti-virus industry isn't already big enough. sigh. <insert appropriate conspiracy theory> :)
- Dan.
-- Unsupported OS X is sponsored by <http://lowendmac.com/>
Support Low End Mac <http://lowendmac.com/lists/support.html>
Unsupported OS X list info <http://lowendmac.com/lists/unsupported.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive <http://www.mail-archive.com/unsupportedosx%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
