Symantec warns of Mac OS X trojan on the loose

[Spanky Deluxe]

http://www.tomshardware.co.uk/2006/06/30/symantec_macosx_trojanhorse/

Symantec has issued a warning to Mac owners about a new malware software that exploits a vulnerability in the "launchD" service. The software could let an attacker get administrator or root access on any Macintosh system running OS X version 10.4.6 or earlier. Apple released a patch in version 10.4.7 this Wednesday.

Symantec has initially called the program a trojan horse, but the code hasn't yet been seen spreading in the wild. Kevin Finisterre, a security researcher at Digital Munition, created and released the code. Earlier this year, he also released the Inqtana worm which also targets Mac OS X.

Just in case no one's seen this yet.

Edit: Sorry I didn't realise this was the same warning as this one. The article was dated a day later.

 

[thegreatluke]

Oh my gosh, the three people who still have 10.4.6 are at risk!!!

In a few days, expect a giant banner ad on CNET saying "MACS* now have more viruses than Windows!"

*Typo on purpose.

 

[mkrishnan]

Oh my gosh, the three people who still have 10.4.6 are at risk!!!

Only if someone breaks into their houses.

 

[Jovian9]

Now hurry and buy Symantec's products so you are protected. Hurry hurry hurry! Symantec cares about your security!

 

[mkrishnan]

OT, but this is the first time I realized ClamAV was integrated in Tiger Server. Was it like that from launch?

I wonder if the standard version of Leopard will have a front-end for the client / workstation version of ClamAV? Not that we really need it, but... support of open-source AV by a commercial company is interesting to me.

 

[Josias]

LOL. Symantec probably made it because they want to sell more products. It's good Apple made a patch after 3 days, including all sorts'a cool stuff. With 10.4.7, my MB boots in 18.8 seconds. In 10.4.6 the record was 21.3 seconds.

 

[Queso]

Ha! Like any Mac user is foolish enough to buy Symantec's crap after it was shown they actually make Macs less secure. I'll stick to ClamXav thanks!

 

[SC68Cal]

Network policy demands that Macs on our networks also have a license of Norton Anti-Virus. Mainly to ensure that windows viruses don't get into the system from a Mac.

 

[mkrishnan]

Network policy demands that Macs on our networks also have a license of Norton Anti-Virus. Mainly to ensure that windows viruses don't get into the system from a Mac.

Is this an edu or a business? Does it have to be Norton, or are others acceptable?

I read the O'Reilly article about the ClamXAV front end...it seems pretty nice. I might give it some thought at some point.

 

[thegreatluke]

Now hurry and buy Symantec's products so you are protected. Hurry hurry hurry! Symantec cares about your security!

Honestly, I'm sure there is a slight risk, but Symantec likes to blow Mac risks out of proporsion.

Like the Oomp-A virus or whatever... Remember all the requirements you had to have to pass it on? And a whopping 0-2 estimated people were affected and MR shut down the thread after like two days... and it barely did any damage to your apps... yet Symantec set the Mac's risk level to "high." Then Apple patched it after about a week.

If a really knowledgable Mac-hating Mac-OS-X-savvy hacker were out there, I'm sure he could come up with something in a matter of years. It's probably a really obscure setting with some really obscure and hard-to-write code needed to pull it off.

So... the moral of the story is... Don't download "Pronswatcher.app" from some poorly-translated fishy Mac-user-oriented porn site.
"Oh, yeah, Ron, show me your 13-inch MacBook and then we can install Shake together!"

 

[Arcus]

Oh my gosh, the three people who still have 10.4.6 are at risk!!!

In a few days, expect a giant banner ad on CNET saying "MACS* now have more viruses than Windows!"

*Typo on purpose.

Im running 10.3.9

 

[mkrishnan]

Im running 10.3.9

Well, then I repeat my comment... if someone with a launchd hack script *breaks into your home physically* and gets past whatever password protection you have on that mac, then yes, you might be vulnerable. But a good lock on your front door will probably help more than Symantec.

The launchd exploit is a LOCAL exploit.

P.S. Tiger really is the bomb.

 

[thegreatluke]

Im running 10.3.9

Oh right, I forgot "Mac OS X 10.4.7 and below" would include the four other OS X versions.

Oops, sorry.

 

[MisterMe]

Don't worry about MacOS X 10.3.9

Im running 10.3.9

The launchd vulnerability cannot possibly affect MacOS X 10.3.9 because launchd was introduced as a part of MacOS X 10.4.