Mac FUD? Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 07/24/2008 10:22:07 PM PDT by Swordmaker
Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability.
Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction. With absolutely no technical information to go on, the antivirus maker is treating the announcement with caution.
Based on the rate and type of vulnerabilities identified by projects like the Month of Apple Bugs it isn't too far fetched to expect that there are dozens or even hundreds of OS X specific viruses/malware creations that are sitting on the systems of their developers but which do not have many opportunities for widespread distribution.
Some of the more successful OS X-specific pieces of malware have been distributed through file sharing sites and P2P applications, usually claiming to be for highly desirable software. A 5-10MB download for an application suite that should be 500-600MB generally leaves clues as to something not being quite right. More common, though, are exploit attempts against QuickTime and popular OS X web browsers, with US developer Sunbelt Software having identified and tracked a number of these types of vulnerability, though their effectiveness at infecting OS X targets in the wild isn't known. The exploits used in these types of attack will compromise a victim's system, but there aren't any readily available figures as to how many victims have actually been affected by them.
From Intego's posting, it appears that the enterprising auctioneer seems determined to make sure that his name is one that is not forgotten when it comes to Apple security, claiming that his exploit is a poisoned ZIP archive that will "KO the system and Hard Drive" when unarchived. He may not be operating on the scale of David Maynor, Tom Ferris, or Kevin Finisterre, and there might not even be the kernel of truth that InfoSec Sellout had with their claimed OS X malware, but it is feasible that there is something in the OS X Archive Utility that lends itself to exploitation and system control like the recent ARDAgent vulnerability did.
From appearing on July 21, to disappearing soon after Intego's post, there is more mystery than substance about the hacker, the claimed vulnerability and the site itself. There are plenty of ways to take an OS X system to its knees by manually launching malicious software or content, there just aren't very many that have demonstrated a capability of being set up for malicious use (despite their potential) and there are even fewer that demonstrate any sort of viability for (semi-)autonomous spreading.
Time will tell, but it's possible that Intego has stumbled across something that could cause as much interest as last year's InfoSec Sellout soap opera.
If you want on or off the Mac Ping List, Freepmail me.
Mac Virus for Sale?
UPDATE: About 8 hours after posting the information below, the site is off-line. It is likely to remain so.
A curious web site has popped up: Miguel García Carmen’s site selling a Mac OS X virus. This person seems a bit megalomaniacal, writing, “MIGUEL GARCÍA CARMEN, this is the name APPLE will have to engrave in stone and STEVE JOBS will never forget, since this man has been the first to ever make such a file that when you uncompress it, it KO’s the system and Hard Drive. ” (The site in question is in Spanish; we have translated the text to present it here. Also, the site was created on July 21, the day the domain hosting it was registered.)
This person claims to have created a system virus that affects Mac OS X. “The goal of this file is to demonstrate after so many hours of work that it is actually possible to harm the latest Leopard 10.5.4 operating system.” But rather than give this information to Apple, or to other security researchers, Carmen is auctioning it off. (As of this writing, the highest bid is EUR 4,778, or $7,606.) Like something out of a bad spy novel, he claims that, “The file will be delivered in person and a test will be performed in front of the buyer so he can verify it is not a fraud.” Hmm… We wonder.
Carmen includes a video on the site, which shows something happening after he extracts a Zip archive. The hard disk icons on the desktop of his Mac flash; what that means, we don’t know, but we’ll stay on top of this in case Carmen is telling the truth.
(FWIW, we made PDFs of the web pages on the site, and copies of the site’s whois records, in the case that the site would go off-line…)
Posted by Peter on July 22, 2008 in Apple, Security
Auctioning it on EBay to be paid for through PayPal?
Oh stop teasing, we all know macs are infallible.
bookmark
Kind of what I was wondering. Sounds like a bunch of BS to me.
> "... a file that when you uncompress it, it KO’s the system and Hard Drive..."
Anybody can write software that, executed with admin privilege, will scrog ANY system...
"You have received the new Unix virus.C'mon you guys, A VIRUS REPLICATES AND SPREADS.Please open a shell and execute:
cd /Enter your password when prompted. Thank you."
sudo rm -rf *
This ZIP does not do so. It is simply a piece of static malware. Does the author of this alleged "virus" claim it spreads by itself??? If so, I missed that...
Might be worthy of a tech ping, even if it is a pile of crap.
Yeah, this isn't something to worry about.
The LSM pimping for Bill again. (Actually they’re so dumb they don’t even realize when they are being hosed. Effing tools.)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.