[muglo] Re: virus

• From: "Eric D" <hideme666@xxxxxxxxxxx>
• To: muglo@xxxxxxxxxxxxx
• Date: Tue, 26 Oct 2004 15:33:56 -0400

You're correct. It seems it is a *NIX script that allows an already 
compromised machine to be taken over, and for that same hacker (or someone 
else who knows of the compromised machine) to acquire a user's password (and 
do whatever they wish/see what the person is doing -- the VNCServer).

It's a shame that it's being reported the way it is (e.g. Macintouch) 
because it's a false alarm.

It requires a *lot* of effort to be installed on a computer. Essentially, if 
you have the where-with-all (sp?) to install the script, you could also do a 
lot of those things manually (because either (a) you have physical access to 
the computer, or (b) the account was already compromised. There is a (c) and 
that would happen if someone were to incorporate it into another application 
as a trojan... though, no one has found evidence to this effect by the looks 
of it... or else it'd be a much bigger story).

You _must_ have administrator access to install it and that can only come 
two ways: (1) a person enters an administrator password (e.g. for an 
install), or (2) someone with PHYSICAL access to the computer boots the 
computer in OS 9, with a Linux boot CD, a modified OS X boot CD, or a 
bootable FireWire/SCSI (USB isn't bootable, is it?) HD.

It can only done with explicit permission of the user, or by someone with 
physical access to the computer.

That's the beauty of UNIX... this is about as nasty as it gets although 
this'll take Apple quite a bit of effort to fix (and, to be blunt, it's in 
Apple's best interest to prevent any mal-ware from being successful on OS X 
if they want to play the security card!!! This is not a case where any press 
is good press)! If it were automated it'd be a lot worse, but here it 
essentially boils down to the stupidity of the user/completely illegal 
activities to get the script working without the consent of the user).

Eric.

>From: Gerhard Kuhn <gerhardk@xxxxxxx>
>Reply-To: muglo@xxxxxxxxxxxxx
>To: muglo@xxxxxxxxxxxxx
>Subject: [muglo] Re: virus on the mac?
>Date: Mon, 25 Oct 2004 23:46:10 -0400
>
>Having read a large part of the linked articles it doesn't sound like a
>virus at all.  A virus will spread it self this program has to be
>installed by the admin of the computer and does not have the ability to
>propagate itself.
>
>Gerhard
>
>On Oct 25, 2004, at 11:00 PM, prantzer wrote:
>
> > Has anyone heard of the latest virus for mac? Here is a link for macnn
> > to find out more about it if interested.  script-based virus for Mac OS
> > X


_________________________________________________

For information concerning the MUGLO List just click on

           http://muglo.on.ca/Pages/joinus.html

Our Archives can be viewed at 

         http://www.freelists.org/archives/muglo

Don't forget to periodically check our web site at:

                 http://muglo.on.ca/

• » [muglo] virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] Re: virus
• » [muglo] virus
• » [muglo] Re: virus

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription