February 16, 2006
Not the first malware
Posted Feb. 16, ’06, 9:10 PM PT by Derik DeLong
Category | Security
While the FUD machine churns about OSX/Oomp-A, there are a couple things I’d like to address before we all get ragingly out of control. I’m no self proclaimed security expert, but I think I can add some insight.
First, the nomenclature. Everyone has a different concept of how this piece of malware should be classified. Certainly, this is a trojan at least. It looks like one thing when in fact, it is another and does something bad. Ok. Is this a virus? If by virus, you mean it hacks at applications, making them into copies of the malware, sure. However, it renders the application in question completely impotent. It no longer runs. So really, the application isn’t so much “infected” as replaced. That leaves worm, which basically means the malware can propagate itself between hosts.
The argument for worm is weak at best. This malware uses iChat to try to initiate transfers of itself to people on the buddy list of the infected Mac. However, in order to be effective, the person on the other end must both accept the transfer and then run the contents of the transfer. That’s two layers of the user initiating the program, which then puts it back firmly into trojan behavior. It falls all the way back to social engineering and to be blunt, you can’t really save users from themselves when they’re determined to undermine their own machine.
Finally, some are calling this OS X’s first malware. It’s not. There has been a trojan floating around on peer to peer (P2P) networks that gives itself the icon for a Microsoft Word for Mac and is in reality a simple program that deletes your home directory. After that came SH.Renepo.B, aka Opener, which was basically a data collection script. Neither attempted to spread, but they were both most definitely malware. As such Leander Kahney is dead wrong.
The only thing that concerns me about this whole thing is the way in which the InputManager bundle API is being leveraged to do the malware’s dirty work without requiring a user’s interaction (as soon as that’s necessary, the problem is the thing touching the keyboard and mouse). What about you readers, is there a really big problem here or a hell of a lot of hype?
1 Comments
Leave a comment
Recent Entries
Ch-ch-ch-ch-changes afoot at MacUser
The Macalope Weekly: Leopards and monopolies and DRM! Oh, my!
Apple levels DMCA on iPodhash project
iPod touch users get second classed again with the omission of new Maps features
Apple Pro Applications Update 2008-004 makes your day
iTunes v8.0.2 comes riding on the coattails of iPhone firmware v2.2
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
- johnnydfred on iPod touch users get second classed again with the omission of new Maps features
- on iPod touch users get second classed again with the omission of new Maps features
- Neurotic Nomad on Apple levels DMCA on iPodhash project
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
- Me Again on iPod touch users get second classed again with the omission of new Maps features
Categories
- Apple (234)
- Advertising (162)
- Events (235)
- Huh? (182)
- Humor (259)
- News (148)
- People (258)
- Rivals (405)
- Speculation (167)
- Steve Jobs (172)
- Stores (206)
- Apple TV (58)
- Business (451)
- Games (143)
- Geekery (460)
- Hardware (935)
- Accessories (79)
- Intel Macs (162)
- Ihnatko (18)
- Internet (463)
- Legal (244)
- MacUser (94)
- Macalope (8)
- Money (177)
- Music (344)
- Podcasting (100)
- Photography (74)
- Security (246)
- Software (1544)
- Updates (538)
- Tips (352)
- Troubleshooting (189)
- Video (403)
- Windows (219)
- iPhone (199)
- iPod (602)
- iPod Accessories (96)
- iPod Software (61)
- iTunes (128)
- iTunes Store (443)
Archives
- November 2008 (91)
- October 2008 (138)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Derik,
It is definitely a lot of hype.
But that is what also helps the Mac community stay on top of "Malware" problems.
You never see this response from Windows users. There never was this type of re-action, even in the early days when viruses were lower in number.
Jim