All The Horses Mac OS
Reports indicate that someone has let loose a “Trojan horse” or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple’s as-yet unannounced next major revision to Mac OS X. Whether it’s a Trojan horse or worm seems to vary depending on the source of the information. The code has also elicited a response from Apple, and a warning to its customers.
The package, called “latestpics.tgz,” first surfaced recently on a Mac rumors Web site. Independently verified by Ambrosia Software president Andrew Welch, he’s dubbed it the “Oompa-Loompa Trojan,” because the files in question check for the presence of an attribute called “oompa” — an apparent reference to the movie and book “Charlie and the Chocolate Factory.”
Welch provides extensive details on the Ambrosia Software discussion forums.
Redirecting to (308). Introducing the all-electric 2021 Mustang Mach-E SUV. Built from the Mustang heritage, the Mach-E has all the power & passion but zero emissions. See the future of exhilaration. Mac OS (All cursers) Cursors. Published on January 12th 2013 by yellowwinner. Released under the Release to Public Domain license. 4.7 out of 5 stars.
When unpacked, the archive includes an application that resembles a JPEG file. When it’s clicked on, the file executes and attempts to propagate itself via the buddy list of Apple’s instant messaging software iChat.
Welch is careful to point out that this should probably be considered a Trojan horse, rather than a virus, “because it doesn’t self-propagate externally.”
So-called Trojan horses are differentiated from viruses because they masquerade as a regular application or file and do not replicate themselves arbitrarily.
Anti-virus software maker Sophos takes issue with this description, claiming this is the “first ever virus for Mac OS X.”
“OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses,” said Sophos in a statement.
Symantec similarly classifies it as a worm, and classifies its threat containment and removal as “easy.” McAfee, makers of Virex, also call the code, which they refer to as “OSX/Leap,” as a worm.
Intego, makers of VirusBarrier, also confirmed the trojan horse’s existence. Because the code is distributed by iChat, Intego said, people are more likely to presume the file is legitimate. Intego advised users to update their virus definition files and “never open files received by e-mail or iChat unless they are sure that these files are safe.”
Sophos, Symantec, McAfee and Intego have all added the code’s description to their Mac anti-virus software files, which can be downloaded from each publisher’s respective Web site.
OSX/Leap-A, Oompa-Loompa, or whatever else you want to call it, also requires an admin password if you’re not running as an admin, said Ambrosia’s Welch.
Additionally, Ambrosia’s Welch said the software has a bug in its code that prevents it from working and prevents infected applications from launching. Still, he strongly advises users that find the “latestpics.tgz” file to avoid downloading or running it.
Apple also commented on the release of the code in a statement provided to Macworld .
List Of All Os
“Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file,” said Apple. “Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust. We have a guide to safely handling files received from the Internet at http://docs.info.apple.com/article.html?artnum=108009.”
Updated Feb. 16 2006 5:00 PM: Added comments from Apple.
Updated Feb. 16 2006 2:05 PM: Added comments from Intego.
A few weeks after the hullabaloo surrounding Intego’s press release about a technique that could be used to create a Trojan horse that looked like an MP3 file (see 'Mac OS X Trojan Technique: Beware Geeks Bearing Gifts' in TidBITS-726), a real Mac OS X Trojan horse has been reported to Macworld UK. The Trojan horse, which purports to be a Web installer for Microsoft Word 2004, does not use the technique previously revealed, but it’s decidedly malicious. If you are foolish enough to run it, it deletes your entire Home folder.
<https://tidbits.com/getbits.acgi?tbart=07636>
<http://www.macworld.co.uk/news/top_news_ item.cfm?NewsID=8664>
In the somewhat confused article, Macworld UK says that the reader who reported it to them downloaded it 'from LimeWire.' (LimeWire is actually client software for the Gnutella file sharing network.) This reader, proving that common sense isn’t as common as would be ideal, somehow thought that the file must have been a public beta of the next version of Microsoft Word, so he downloaded it, noticed that the icon 'looked genuine and trustworthy' and double-clicked it, only to discover that it had instead deleted his Home folder.
Our searches of the Gnutella network using Acquisition (a truly elegant Macintosh program, particularly in contrast to the brutish LimeWire, which we also used to search), came up empty. Since the IP numbers of those sharing files on the Gnutella network are readily available, it’s highly likely that whoever initially seeded the Gnutella network removed the Trojan horse to avoid further detection, and since detection is easy, it’s relatively unlikely that even bozos would knowingly share such a malicious program.
<http://www.acquisitionx.com/>
<http://www.limewire.com/>
What Is Mac Os X
Macworld UK initially chose not to reveal the technique used, but Intego, showing a continued extreme lack of judgment, promptly issued a press release linking to further information that explained almost exactly how to create a similar Trojan horse. Macworld UK then republished Intego’s information, and many other sites jumped on it as well. As best I can tell, the argument for publishing the technique is that if people know how it’s done, they can better identify and avoid such Trojan horses in the future. That’s specious at best, since a Trojan horse merely must deceive a user long enough for that person to double-click; knowing what language it’s written in is irrelevant. All that publicizing the technique does is increase the number of people (large though it may have already been in this case) who have the capability to create such a Trojan horse. The cynical are already wondering if Intego’s publicity of the previous Trojan technique may have played a role in the creation of this one. If Trojan horse reports continue to roll in, the fault will lie with Intego and everyone else who published the instructions.
All The Horses Mac Os 11
Suffice to say that the technique is extremely simple; this Trojan horse merely preys on gullibility and cupidity to sucker people into launching (arguably, it’s a bit of digital Darwinism at work). It’s worth noting that this Trojan also doesn’t exploit any weaknesses in Mac OS X; it’s just a deceptively named program that deletes files, and there’s no foolproof way to prevent deceptively named malicious software on any platform. No anti-virus software is necessary to detect this Trojan, and it does not replicate itself. As long as you don’t download applications from untrustworthy sources, you have nothing to worry about, particularly if you maintain regular backups.