Apple Bluetooth worm Inqtana burrows wirelessly

Looks like there are more and more viruses for the mac each day...

*crickets*

...but I thought Apple's don't get viruses?

It begins...

Although it is only a proof of concept, once someone has created something that could do it, then maybe...

I often wonder if the virus companies aren't releasing these things. I mean, so far there have been two "threats" and both were crippled by the shoddy programming.

Anyhow, I'm running Sophos regardless (free for me @ me universitey).

These things depend on you putting in your root password for an unknown and untrusted software package.
Nothing to see here, move along.

This (and the previous one) are not viruses, they are not worms either, as they require user interaction. They are both forms of trojans. I think as long as there is human interaction with an OS, that it can fall prey to a trojan.

Ok, I use Linux primarily, but also Windows and OSX at times, and it seems to me that this is very much a non-issue. To be infected, you'd need a machine that was more than 9 months behind in updates to have its BT on and be within about 30 feet of a propogating machine, and then you'd need to accept/authorize the BT transmission from that mchine. Pretty darn unlikely, I'd say.

Ok, what now?

ok, so up until about 2 years ago i was a die hard linux and even windows guy. now i have a mac and im obsessed, ill be honest, but you 'i thought macs couldnt get viruses' people need to read a book.

first off, these arent VIRUSES, as stated in a previous post, they are trojan horses/worms.

second, there have been viruses for mac for years. they just arent 'in the wild' enough to worry, and most require this user interaction to do anything.

there are even worms for linux and bsd. IT HAPPENS!!! and no this doesnt mean its going to become as virus ridden as windows just because the news flocks to any word of a 'new security threat for the ever so popular mac' right now.

if you want to know why your windows world is always attacked, its because its soooo easy. google 'windows registry' and educate yourselves, eh?

ps, i think windows is great and microsoft is great at what it does. where the problem is, is that they have to stupify every program they do for all the uneducated and careless users, who really should be using calculators and t-squares.

-tim

1) this IS NoT a virus. A computer virus is a self-replicating program containing code that explicitly copies itself and can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a (possibly evolved) copy of the virus. So because it doesn't self-propagate externally this IS NOT A VIRUS!

2)You cannot be infected by this (trojan/worm) unless you do all of the following:
* Are somehow sent (via email, iChat also you must be using Bonjour iChat, not Internet-based iChat) or download the "latestpics.tgz" file.
it does not sent itself over the Internet, rather just to your local Bonjour user list. Even on a Bonjour network, you have to work a bit to get the file to send itself. It requires one (or more) status changes on either (or both?) of the Macs involved.
* Double-click on the file to decompress it
* Double-click on the resulting file to "open" it
...and then for most users, you must also enter your Admin password. (if you do all this to open a picture, sorry but you deserve what comes with it).

In the end, it doesn't appear to actually do anything other than try to propagate itself via iChat over your local Bonjour! buddy list (it cannot send itself over the Internet), and unintentionally prevent infected applications from running.

It seems that this is more of a "proof of concept" implementation that could be utilized to actually do something in the future. it was simply done to garner attention/press. Which it has gotten

also tim, there are "0" I repeat ZERO viruses for a Mac so far.
So your qoute of "second, there have been viruses for mac for years." is incorrect.

I too believe that this is Symantec/Intego/Sophos writing these little media buzz creators. they are not even proof of concept ... although some people at Sophos and Ambrosia are trying to get hits and media attention saying it is a worm, trojan, and proof of concept ... these are just lame misunderstood buzz words for areally lame attempts to get attention.

I've thought that ever since Jack Campbell of macMice fame designed that contest that one day soon there would be an onslaught of viruses or cheap attempts at writing them ... looks like we are starting to see the latter ... all egged on by these "Prove there's a Mac virus" contests.

sorry about that, when i said 'viruses' i meant viruses/worms/etc, which there have been. they have attacked applescript, office, etc.

A thing to note, there isn't anything 'Wild' out there.

I turned off bluetooth on my iBook. What now?

"Ok, I use Linux primarily, but also Windows and OSX at times, and it seems to me that this is very much a non-issue. To be infected, you'd need a machine that was more than 9 months behind in updates to have its BT on and be within about 30 feet of a propogating machine, and then you'd need to accept/authorize the BT transmission from that mchine. Pretty darn unlikely, I'd say. "

he he, on the contrary, those are the same 'barriers' that a Symbian s60 virus faces, and yet, it is spreading like hell, face it, people are as dumb as hell, speccially mac users.

Virus protection companies will trumpet any kind of malware as worst case scenario in order to sell more copies of their product.

Anyone can write a script that can do some damage to someone's computer. Social engineering malware has been around since the rm command. Simply tricking someone into running your piece of code by changing an icon or making them have to accept a file transfer is not the definition of virus. OSX has yet to have a truly definable virus. No malware has exploited an unknown/unpatched problem in the security of the OS. Is it possible.. DEFINITELY.. has it been done.. NO.

Technically viruses have been around on OS9, but none for OSX as of now.

Apple Rocks! Unless you've been living under a cave you have nothing to worry about, this means that Apple Developers are about 8 or 9 months ahead of the folks that are trying to do some kind of harm to OS X users. Emphasis on trying! All you hackers out there, OS X users for the most part are geeks or related to geeks, we love computers! Why go after us? That's my soapbox.

What the hell does "wirelesslessly" mean?

This trojan moves around by Bluetooth.... i have to hover my phone 2mm from my bluetooth reciever and only then will it (on occassion) make a connection - only to drop out every now and again for some unlikely reason...

Why'd they use bluetooth? Why be so specific? Is it because the rest of the OS is rock hard and 'they' got desperate.

Oh, and if you want to know who 'they' are - i'll tell you. Symantec, Sophos, the whole anti-virus crowd. If its not spin, its disgruntled ex-AV programmers.

Sorry, CG5addict, but tim is right. I remember getting viruses on my Mac classic back in '96. There have most certainly been viruses floating around for the Macs for quite a while, but most have been more annoying than destructive.

There are no viruses for Mac OS X. There used to be a few viruses for classic Mac OSes like System 7, OS 8, and OS 9. If you don't have Classic enabled in OS X *and* don't have it running, you are not at risk.

Since the new Intel-Macs don't support Classic at all, that further reduces the risk.

-Aaron-

Sorry pbase but CG5addict is right. The viruses you're referring to were pre OS X. There are still no viruses for OS X.

OS X is UNIX. No virus. Ever. Period.

Classic Mac OS was not UNIX, so yes, there were a few rare viruses, trojans, and worms. They still didn't have the gaping goatse-like security holes of every single Windows OS, though.

And I've never, ever gotten a virus, worm, trojan, or any malware on my Newton OS systems! (eMate, Newton pads, etc.)

i used to hate mac, like most people seem to when they havnt used one, it seems. anyway, ive been using a mac and macs since i started working in an apple computer store 3 years ago, and i have never had any problems with viruses, nor haave ANY of the computers brought in the be fixed over the last three years hade any virus infections, which says sumthing to me about OSX.

YOU DO NOT have to enter your Admin password for the Oompa/Leap-A Trojan to modify your files. Single user Mac OS X machines have Admin accounts setup as DEFAULT. This means that most Mac OS X installs have an Admin User account. These user accounts can modify application files WITHOUT A PASSWORD.

I think this is hilarious. Visited Symantec's Security Reponse Site and Norton AntiVirus now claims that my Safari cache is infected with OSX.Inqtana.A.

http://securityresponse.symantec.com/avcenter/venc/data/osx.inqtana.a.html

joek, that is entirely wrong. You still need to enter an admin password to modify system files, because an admin account on OS X is not root. Leap-A modifies system files, so you are required to authenticate as root before it can do anything.

Narrativium. You are wrong. It modifies APPLICATIONS, not system files. Applications are owned by the "Admin" group. Try this. Drag an Application into the trash and empty it. does it ask you for the admin password? No. Write a shell script "rm -Rf application.app" - does it ask for your admin password. NO. Try it. You are wrong.

nothing is safe.
thats the rules.
its just harder in ANY thing UNIX-ish
I forsee most of the bugs that will come out in the future will be at the application and presention level.

!. just make sure you have your updates.
2. make sure you create a master password for ROOT (its there).
3. think like a UNIX person....use a restricted user acoount for your eveyday day stuff.
4. dont use your admin acount unless you realy need it on a task by task basis.
5. create backups of your acoount folder to a external drive.
6. if you do get infected...
log out of you account login as admin....
delete the infected account....
then open a terminal and "rm -rv /the_path/to_the old_account"....
create the account again with the same login name as the last...
login to the new account....log out as soon as the machine stops making noise and blinking....
log out and into the admin account...
delete anything in the new accounts folder and replace it with the contents of the backup.
restart the computer and log back in with the normal account.
done
the account with be ready with the same features you had last because the backup was assoiated with the same UID and GID as last time.
remember this is based on UNIX.
reinstalls not needed.

Ok, my bad. I just looked at the details of the worm, and it installs files into the Library, not the system folder, for which you don't have to enter a password. I apologize, joek, for contradicting you when I had the facts wrong.

Inqtana is still a non-issue, though, because it was patched almost a year ago.

If something has been "patched 9 months ago", it means very little. Ok, it means maybe half of the users aren't vulnerable.

When I look at my companies web logs, 60% of Firefox users are using 1.07 and earlier. I still see version .9x hits in the log.

Well we've got Inqtana.B at work and it's modifying all sorts of stuff. I've got Sophos messages every 2 minutes on screen and many of my apps are effected. Currently, many Photoshop features are won't work.

Welcome to the real world Apple. I expect to see some media centric app called iDestroy that protects my Mac but in a darn pretty way.