Well duh!

Apple's right it's not a virus. Until someone can prove otherwise which I still have not seen to date.

It attempts to inject new code into existing applications which makes it a virus in my book. The fact that the programmer was incompetent makes the virus code not work but the theory is sound.

I don't think there is much Apple can do about this except warn people not to use their admin accounts for day-to-day usage but to say it isn't a virus is a stretch.

Quote

jdb1867 wrote:
It attempts to inject new code into existing applications which makes it a virus in my book.

... and it requires the user to run the file before it can do damage, which makes it a trojan in any book (other than yours, that is).

It's a virus. It does nto take advantage of security holes, that much is true. It relies on social engineering to trick the user into executing it, but it is a virus, and the first for OS X.

I would suspect that this news of a Trojan would get provoke people to start writing such programs for OS X. Furthermore, this may kick start attempts for someone to try to write the first virus for OS X

http://switchtoamac.com

I'm sorry Apple, your wrong on this one... It IS a virus since it attaches to other programs and self replicates

Is anyone stupid enough to type in their password when they thought they were viewing a JPEG? Either you must be drunk or stupid.

BTW, this is a Trojan Horse not a virus people. A Trojan Horse (remember the story from Troy) tricks people into thinking it's something it's not. A virus takes advantage of security flaws in operating systems and applications and attaches to other documents.

First! Who in there right mind would download images in a compressed file and then unpack them to view them in a browser?

Second if you open an image and it ask for your password then you know something is wrong.

Third, what is the percentage of users who run using their admin accounts.

Finally this was done years ago on Windows 98 using pif files! (it was also backwards compatible with Win 95). I don't have a windows xp PC around but it might even work with XP. Later on another Trojan was able to install itself via PIF files.

Quote

ericl wrote:
Is anyone stupid enough to type in their password when they thought they were viewing a JPEG? Either you must be drunk or stupid.

Never underestimate the stupidity of the public. Or words to that effect.

It's a Trojan, though, no doubt about it.

Quote

Guest wrote:
I'm sorry Apple, your wrong on this one... It IS a virus since it attaches to other programs and self replicates

Sorry but YOU are wrong. This does not infect any application it adds an extension to the "Input Manager". It also doesn't self replicate it sends itself via bonjour and then the user at the other end must run the app and type in his password to give it access.

First I don't share any of my drives (that is the default). If this came via IM from one of my buddies, I open it and it tell me to enter my password I will mostly like kill the app and trash it.

None of you know what you are talking about. Yes it is a VIRUS it duplicates itself and attaches itself to applications. Yest it is a Trojan as it requires the user to launch it, and Yes it is a worm becuase it passes itself to other machine via iChat/Bonjour (The users must then launch it to get infected).

Secondly most users are NOT ASKED FOR A PASSWORD! You are aked for a password if you are a standard user. If you are loged in as an administrator, which MOST people are because that is the default user account you are not asked for a password.

A Good clarification can be found here.

http://www.macrumors.com/pages/2006/02/20060216234239.shtml

Quote

jdb1867 wrote:
It attempts to inject new code into existing applications which makes it a virus in my book.

Attempts, but fails, therefore not a virus.

Quote

jdb1867 wrote:
The fact that the programmer was incompetent makes the virus code not work but the theory is sound.

Sound? Not from a virus standpoint, but it is from a Trojan standpoint. This is social engineering, not a virus vector.

Quote

jdb1867 wrote:
I don't think there is much Apple can do about this except warn people not to use their admin accounts for day-to-day usage but to say it isn't a virus is a stretch.

Actually, Apple does tell people not to run as Admin. But people are lazy and do it anyhow because the default account is an Admin account. I think Apple could do a better job in discouraging people from using the Admin account for everyday use.

First I would like to clarify something even Apple got wrong... Leap.A is a VIRUS not a Trojan and not a Worm, let me explain..

There are three MAIN malwares in the computing world, with the ones above overriding the lower types based on function. (If it has worm qualities then it's a worm even if it has other qualities)

1. Worm (worse than a virus or trojan) (spreads over a network without any user interaction usually by exploiting a vulnerability)

2. Virus (worse than a trojan) (infects programs, files, and usually self propagates by user action)

3. Trojan (a program that acts like something that it's not, usually what the user wants, but instead has malicious intent)

Leap.A fits the bottom two (Which means it is a Virus), it fools the user into opening it by pretending to be something else like a trojan, and then self propagates and "infect" other programs like a virus (Which by the way does so without ANY prompts as soon as you open it if you are like most people and are logged in as an administrator).


This is what Apple can do to fix this problem...

Show the user (regardles of the icon) that the file is an executable, a glow would be very good... Require admin password if an application/process/script is trying to modify ANY FILE OR FOLDER on the system that is not allready known to be modifiable by it. (maybe a database where every user that is created is added and ANY known processes/programs/scripts... Any NEW processes/programs/scripts(ANYTHING executable) should be able to modify the given files/folders AFTER you give it the authority to do so via admin password and then it is added to the database and it can THEN modify THOSE files etc.)

Quote

Guest wrote:
None of you know what you are talking about. Yes it is a VIRUS it duplicates itself and attaches itself to applications. Yest it is a Trojan as it requires the user to launch it, and Yes it is a worm becuase it passes itself to other machine via iChat/Bonjour (The users must then launch it to get infected).

Actually, it is you who do not know what you are talking about. It is NOT a virus. It requires the user to run it first! It is social engineering. It is a Trojan. But it is not a virus.

Quote

Guest wrote:
Secondly most users are NOT ASKED FOR A PASSWORD! You are aked for a password if you are a standard user. If you are loged in as an administrator, which MOST people are because that is the default user account you are not asked for a password.

Hope you have learned a lesson here: Don’t run as an Admin!

That's the thing, Rainy Day -- this is an important thing the OS X-using public needs to know. Here's hoping the Mac sites (somewhat less hopeful about the rest of the news media) will inform the public about the (apparently) very simple fix for preexisting Admin accounts -- which I found is as simple as going to System Prefs, Accounts, creating a new "dummy" admin, logging in as the new admin, going back to Accounts, and "revoking" the admin privileges of the old admin account. I say "apparently" because I don't know if I'm now as protected as I would be if I'd started using my Mac as a non-Admin from the get-go.

I recieved two emails today with atachments from somone I didn't know with titles refering to a post I made here yesterday. I deleted them unread.

Quote

Mav wrote:
which I found is as simple as going to System Prefs, Accounts, creating a new "dummy" admin, logging in as the new admin, going back to Accounts, and "revoking" the admin privileges of the old admin account.

I created a new admin account (with a nice, obscure name, and a lovely, secure password), then changed my account from admin to standard while still logged in as me - I just had to authenticate as the new admin account to do so...seems to stop me in my tracks when I tried to do something stupid as my now-standard self.

Also, I applied the privileges from my Applications folder to all contents of that folder, as some of the apps I put in there myself were still R/W for me.

CB

ooh, ooh, ooh, yeah, almost forgot....Another thing I did was to go through each of the accounts on my macs and :

1. In finder, open the users home folder
2. Open the Library folder inside this
3. If there isn't a folder called "Input Managers", create one
4. Change permissions on this folder to the same as those on the Applications folder, and apply to all contents.

This makes sure that malicious software cannot sneakily install Input Managers without asking for authentication. this Trojan Horse uses an input manager to attach itself to other applications.

See recent posts on DaringFireball.net and other sites about Input Managers, what they do and how they do it.

CB

I'm sorry but if the only way a new "install" can occur is through tricking a user into running it, then it is a trojan. Installing a component into the OS via documented methods does not make it a virus. By that logic almost all software is a virus. A virus infects existing software or data by altering it. Nice try though.

Self replication is a moot point. Anything can self replicate if it wants to.

You guys can argue back and forth about this all day, but the fact remains that these things have long standing definitions. All you have to do is see which definition fits and thats the end of the story.

Quote

ericl wrote:
Is anyone stupid enough to type in their password when they thought they were viewing a JPEG?

No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people. Nor has anyone ever lost public office thereby.
- H.L. Mencken

not being stupid enough to accept an incoming file from anybody you don't know, being smart enough to NOT type in your admin password to view a JPG file, and being generally on the lookout for the onset of inevitable security risks.

OS X is more secure than most, but it's not inpenetrable.

So the score is now 70,000 to 1.

Quote

Tiger wrote:
not being stupid enough to accept an incoming file from anybody you don't know, being smart enough to NOT type in your admin password to view a JPG file, and being generally on the lookout for the onset of inevitable security risks.

OS X is more secure than most, but it's not inpenetrable.

So the score is now 70,000 to 1.

and that is just since 1 January 2006...

What I want to know is why no has filed a class action suit against Microsoft for continously selling a piece of software that costs the IT community billions of dollars a year to keep secure and causes vast amounts of data loss - from "almost finished papers due tomorrow" to corporate financial information, etc.

From all the screams from the bluse screen of death, we should at least see a "loss of hearing" complaint!

cheers

A rose by any other name is still malware because it has thorns. In my opinion Leap-A is a trojan, but to the general public it will be called a virus. A lot of the media people are not tech types and when the talking heads on our local TV news start reporting this they will call it a virus and that is how it will be accepted. Over at the CNN Money website they are calling it a worm, http://money.cnn.com/2006/02/17/technology/apple_virus.reut/index.htm?section=cnn_topstories

Segue alert, I believe that these malware creators, and those who consciously spread malware should be considered felons. These malicious programs cause a lot of damage to business and private activities, they cost us money. Malware should be considered a national security threat, I would bet that Al Qaeda is looking at the situation.

Here is a link to what Sophos says about it. It's a virus/trojan combo. It has aspects of both characteristics.


http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

Andrew

Quote

What I want to know is why no has filed a class action suit against Microsoft for continously selling a piece of software that costs the IT community billions of dollars a year to keep secure and causes vast amounts of data loss

Because it probably wouldn't get anywhere? Read the licence terms for just about any bit of software: the authors invariably disclaim all responsibility for anything the software might do. There is no guarantee that the software will not behave destructively, let alone as described in the manual. This is generally the case - even for Apple.

In my more cynical moments, I tend to think that the rise of free/OSS software has a lot to do with this fact. Since most software is rubbish anyway, it might as well be free rubbish.

'Hey! Somebody just dropped a nuclear bomb on my house and destroyed it!'

'It wasn't a nuclear bomb.'

'Oh! I feel so much better then!'

[quote=Rainy Day]Hope you have learned a lesson here: Don’t run as an Admin![/quote]

Like I'm going to believe that until now you had a separate account and had to log in as an admin every time you wanted to install software or change system settings? Right. Get over yourself and your smug, false sense of superiority. Most people run as an admin because it has always been safe to do so until now.

More importantly, it SHOULD be safe to run as an admin. You can play word games and argue that "it's not a virus" all you like, but that doesn't change the fact that IN ORDER TO DETECT THIS AS AN EXECUTABLE, YOU HAVE TO GET INFO ON IT. That makes this is more dangerous than Windows hiding extensions for known file types -- at least you can turn that off!

Next you're probably going to tell me that you check "get info" on every file you download before you open it.

The fact of the matter is that this has brought to light an extremely serious security vulnerability on the Macintosh platform and it needs to be fixed. It doesn't need a bunch of fanboys arguing semantics.

"That makes this is more dangerous than Windows hiding extensions for known file types -- at least you can turn that off! "

Well, actually, you can turn off hiding extensions in Mac OS X, also.

The majority of people will get a notice that it is trying to install something; I get these notices all the time even when I'm running Admin. After that, for trojans on any platform, you just have to be informed enough to know not to just click on any old thing mailed, IMed or downloaded. People who aren't that informed aren't doing their due diligence and will get messed with. In the meantime, we need very harsh consequences for the writers of these things when we catch them.

Quote

Mav wrote:
That's the thing, Rainy Day -- this is an important thing the OS X-using public needs to know. Here's hoping the Mac sites (somewhat less hopeful about the rest of the news media) will inform the public about the (apparently) very simple fix for preexisting Admin accounts -- which I found is as simple as going to System Prefs, Accounts, creating a new "dummy" admin, logging in as the new admin, going back to Accounts, and "revoking" the admin privileges of the old admin account. I say "apparently" because I don't know if I'm now as protected as I would be if I'd started using my Mac as a non-Admin from the get-go.

Yes, it is as simple as that, and exactly how i did it. You are as protected now as if you had created a non-admin (i.e. regular user) account from the beginning… assuming, of course, you had a clean and un-infected system to start with.

This is also probably the best way for most folks to go about it too because moving all your preferences from one account to another is a bit bothersome.

I wouldn’t call it a “dummy” account. You can have as many admin accounts as you please. (But each admin account you create is another opportunity to attack your machine, so i wouldn’t advise it without some sound reason to have multiple admin accounts.)

Quote

Guest wrote:

Quote

Rainy Day wrote:
Hope you have learned a lesson here: Don’t run as an Admin!

Like I'm going to believe that until now you had a separate account and had to log in as an admin every time you wanted to install software or change system settings? Right. Get over yourself and your smug, false sense of superiority. Most people run as an admin because it has always been safe to do so until now.

Well, as a matter of fact, i have – for a long time now – been running as a regular user. I rarely log into the admin account. One may install software without logging into the admin account. You merely need to provide an admin username and password (i.e. authenticate) to install software (or to move things around in directories you don’t have write access to). There really isn’t much need to log in as the admin for almost anything.

The only time i found this inconvenient is when working in the Terminal, since regular users cannot use sudo. Now you can add a regular user to the sudoers list, but it is just as easy to login adminAccount and sudo from there. [You can do that from the Terminal while logged in as a regular user in the GUI.] So there really is no need to log in to the admin account in the GUI.

Quote

Guest wrote:
More importantly, it SHOULD be safe to run as an admin.

Why? That’s like saying it SHOULD be safe to run without the firewall.

More to the point, there is no value to run as an Admin because you can do everything from a regular user account; you simply need to authenticate yourself as an Admin. This does mean you have to enter the Admin password a little more often, but by doing so you are buying additional security.

Bottom line is this: If you always run as an Admin, you are doing so at the expense of security. The choice is yours to make, but don’t complain when it inevitably comes around to bite you in the butt.

Quote

Guest wrote:
You can play word games and argue that "it's not a virus" all you like

You’re the one playing word games… because it’s not a virus!

Quote

Guest wrote:
, but that doesn't change the fact that IN ORDER TO DETECT THIS AS AN EXECUTABLE, YOU HAVE TO GET INFO ON IT. That makes this is more dangerous than Windows hiding extensions for known file types -- at least you can turn that off!

Next you're probably going to tell me that you check "get info" on every file you download before you open it.

Not at all. If something anomalous happens, like you need to authenticate to view a JPEG, then you should know something is afoot.

Quote

Guest wrote:
The fact of the matter is that this has brought to light an extremely serious security vulnerability on the Macintosh platform and it needs to be fixed. It doesn't need a bunch of fanboys arguing semantics.

The “extremely serious security vulnerability” you speak of is actually the user. Nothing can be done about “user head gap.” If you run as an admin, you are assuming certain security risks.

Incidentally, this is part of the insecurity problem with Windoze: You have to run as an admin. Of course the other part is that, in my opinion, M$ writes really poor code.

Choosing not to run as an admin is giving up an added layer of security. It is similar to choosing to turn on the firewall. It is part of what is known as “Best Practices.” You are free to choose to follow Best Practices or not, but if you choose not to, don’t blame the OS.

Viruses: A parasitic program designed to enter a person's computer clandestinely. It attaches itself to various files and is self replicating. Viruses can do serious damage such as erasing files or even rendering the computer itself inoperable. Some viruses come in through Web pages or shared floppy diskettes, but most arrive through email (usually as attachments), through chat and instant messaging programs or P2P music/video sharing programs (especially KaZaA). Currently it is estimated that there are up to 600 new viruses & worms a month. See also: worms.

Worms: A worm is similar to a virus. They replicate themselves like viruses, but do not alter files like viruses do. The main difference is that worms reside in memory and usually remain unnoticed until the rate of replication reduces system resources to the point that it becomes noticeable. Some worms come in through Web pages or shared floppy diskettes, but most arrive through email (usually as attachments), through chat and instant messaging programs or P2P music/video sharing programs (especially KaZaa). Currently it is estimated that there are up to 600 new viruses & worms a month.

Trojan: Small malicious programs that are delivered secretly or benignly to your computer as executable files (usually through email, chat lines, FTP, Freeware or Shareware programs, MP3s or even movies)-just like the Trojan Horse, innocent looking on the outside, but containing a nasty surprise hidden inside. It is really two programs-one on your computer ("server") and the other on the cracker's ("client"). This server runs automatically every time the computer is started. A Trojan program gives the cracker complete access to your computer. There are thousands of different Trojan programs. Trojans need user intervention to install (the file needs to be opened) and do not self-replicate like viruses.

To the imbiciles who refuse to acknowledge common knowledge, and is readily available online in multiple info databases and online dictionary/encyclopedic sources: IT IS NOT A VIRUS.

Quote

Rainy Day wrote:

Quote

Mav wrote:
That's the thing, Rainy Day -- this is an important thing the OS X-using public needs to know. Here's hoping the Mac sites (somewhat less hopeful about the rest of the news media) will inform the public about the (apparently) very simple fix for preexisting Admin accounts -- which I found is as simple as going to System Prefs, Accounts, creating a new "dummy" admin, logging in as the new admin, going back to Accounts, and "revoking" the admin privileges of the old admin account. I say "apparently" because I don't know if I'm now as protected as I would be if I'd started using my Mac as a non-Admin from the get-go.

Yes, it is as simple as that, and exactly how i did it. You are as protected now as if you had created a non-admin (i.e. regular user) account from the beginning… assuming, of course, you had a clean and un-infected system to start with.

This is not true.

If you keep using the same account, applications installed by you are still owned by you, so a they can still be infedted by your account (even if non-admin).

Quote

Guest wrote:
If you keep using the same account, applications installed by you are still owned by you,

True; applications are owned by whoever installs them (unless you change the ownership).

Quote

Guest wrote:
so a they can still be infedted by your account (even if non-admin).

And your point is?

Just because you may have been an admin at the time of original installation means nothing. The program only executes with the privileges of the account launching it, not with those of the owner, no matter who that is (unless the “set user ID” bit is set, which it normally isn’t).

It seems that there are a lot of people out there who want to call this bit of malware anything except a virus. Personally I don't care what it is as long as I can be reasonably confident it doesn't comprise a threat to me, and that if it did I won't be a link in the chain, spreading it to other users. For various reasons (including a fairly thourough analysis of what this program does) I'm pretty sure I'm safe on both counts. Anyway, I digress.

It's funny to see people arguing that this isn't a virus/trojan/worm while they point to the PC as having 70,000 viruses as classified by $COMPANY_WITH_VESTED_INTEREST. Anti virus companies want to call everything they see a virus so they can sell more software, now that they're doing the exact same thing on the mac as they've been doing forever on the PC everyone's up in arms about it, but it was fine to quote ridiculously overinflated virus numbers on the PC when comparing it to mac security, but it's not ok when a security company does the same to the mac.

Come on people if there are 70,000 PC "viruses" as defined by these guys, then it's ok to have ONE "virus" for OS X as defined by their deliberately paranoid definition of viruses. They probably classified it as a high risk too, even though it barely works and generally needs user interaction to activate or propagate. This is a pretty flaccid example of malware, but it really does exist by the looks of things.

It IS a virus, because it infects other programs. Keep in that 99% of the "viruses" you hear about in the news are not in fact viruses, but worms.

Is this a trojan? Yes. But "virus" and "trojan" are not mutually exclusive. A virus can be carried in a trojan.

And since it does try to propogate itself online, you could also technically call it a worm. Again, these terms are not mutually exclusive.

This IS a virus. Look it up. To quote dictionary.com:

Quote

"(By analogy with biological viruses, via SF) A
program or piece of code written by a cracker that "infects"
one or more other programs by embedding a copy of itself in
them, so that they become Trojan horses. When these
programs are executed, the embedded virus is executed too,
thus propagating the "infection". This normally happens
invisibly to the user.

A virus has an "engine" - code that enables it to propagate
and optionally a "payload" - what it does apart from
propagating. It needs a "host" - the particular hardware and
software environment on which it can run and a "trigger" - the
event that starts it running.

Unlike a worm, a virus cannot infect other computers without
assistance. It is propagated by vectors such as humans
trading programs with their friends (see SEX). The virus
may do nothing but propagate itself and then allow the program
to run normally. Usually, however, after propagating silently
for a while, it starts doing things like writing "cute"
messages on the terminal or playing strange tricks with the
display (some viruses include display hacks). Viruses
written by particularly antisocial crackers may do
irreversible damage, like deleting files.

By the 1990s, viruses had become a serious problem, especially
among IBM PC and Macintosh users (the lack of security on
these machines enables viruses to spread easily, even
infecting the operating system). The production of special
antivirus software has become an industry, and a number of
exaggerated media reports have caused outbreaks of near
hysteria among users. Many lusers tend to blame
*everything* that doesn't work as they had expected on virus
attacks. Accordingly, this sense of "virus" has passed into
popular usage where it is often incorrectly used for a worm
or Trojan horse.

Nicely put, it amazes me that everyone seems so ignorant and persistent to be a stereotype and give this little piece of malware one definitive label, that is either virus, worm or trojan, nice to see someone else that realises software can have elements of all and that the labels are not as percieved, mutually exclusive.

Wikipedia sez: “Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration. …

“Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses which operate by spreading on their own and infecting executable files, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses. However, the defining characteristic of trojans is that they require some user action, and cannot function entirely on their own.”

And there’s this: Digging deeper into the Leap-A malware

Sure fits the definition of a Trojan.

"Third, what is the percentage of users who run using their admin accounts. "

A majority, I would think, as the first account created is an admin account.

I think Apple and others are taking all this a bit too lightly. There are security problems on the Mac. For example, look at all the apps with write permisson on their files! That's asking for trouble and it's totally unneccesary.

Quote

Guest wrote:
I think Apple and others are taking all this a bit too lightly. There are security problems on the Mac. For example, look at all the apps with write permisson on their files! That's asking for trouble and it's totally unneccesary.

I agree that MacOS X security can – and should – be improved. That said, at least “MacOS X Security” isn’t an oxymoron like “Windoze Security” is.

But i can see no reason for applications in /Applications to be writable, or for that matter to be owned by the user who installed them. If you need write access, well use the user’s Application folder.

And i agree with the previous post too that Apple seems to encourage users running as an Admin by virtue of the way the MacOS X installer works. They need to change that by very clearly encouraging a regular user account for day-to-day use.

I read the article posted about Leap-A. It looks like it had bugs, and was a proof of concept.

I'm not talking out of school when I say what I'm about to, so don't jump on me for giving malware authors ideas--they already know about this one, they've used it for years.

Say I wanted to infect Mac users with a virus. (In the traditional sense of a self-replicating bit of code that changes other programs).

Let's also say I wanted to infect as many systems as possible.

How would I do that? As a two stage attack. Let's say first by infecting a *useful* program, say a utility or a nice game.

Then distribute the infected program and let the user do the work. It's been pointed out most Mac users run as Admin by default (BAD, bad idea).

So that means any program they run (including the infected one) has admin privileges and can infect any program that loads into memory.

Even if you don't run as admin, some programs need admin privileges AND THE USER KNOWS IT WILL. Infect one of those and you have the equivalent of a root kit.

Let the virus wait until it infects a *compiler* before deciding to breed outside its host system.

Far-fetched? No. In fact it's one of the earliest techniques, it was used on CP/M computers. Where the infection vector was floppy disks and the infection hotbed was the local user's group...

Now imagine a Mac freeware developer gets infected, somebody who's stuff is popular. He recompiles a program (and infects it) then uploads it and *bang*.

Instant infection vector, wide spread. Let's say there's a delay built in before the virus fires its payload. Maybe even a year.

If nobody's looking, nobody will suspect a thing. Like an AIDS virus it quietly infects everything. And one day the trigger gets pulled.

And if you're lucky there's a bug in the payload that keeps it from working. If you're not it could range from complete system wipe to botnets.

Or a perenial favorite the "intermitant save failure". Say the virus only activates on a random interval, but no more often than once every thousand saves. When it does, it injects some random junk into the file.

It would look like an intermittant hardware failure...and it would look like Apple QA had slipped. Anti-mac forces rejoince, bad PR, and all the rest.

Mac techs scratching their heads, users going nuts, it would be the ultimate "hacker causes mischief" scenario.

To the sterotypical would-be teen hacker bad guy it would be the ultimate hack. In the words of "Who framed Roger Rabbit"'s Judge Doom:

"My God, it will be beautiful".

One teen with L33T SK1LLZ and looking for a kick, and it's all over. Think it's unlikely?

Think again. The most prolific family of Windows viruses in recent years was produced by 1 teen programmer. *1*.

That's all it takes.

Your scenario is my worst fear for apps like Onyx or Carbon Copy Cloner. Two very prevalent and useful apps.

Look at me!!! I'm a troll and I crave attention!!! Look at me!!!

I'm still a troll! Look at me!!!

Hahahah.

Leap-A isn't anything special. Since the debut of OS X, it's always been possible to whip up an executable that does malicious things. But doing such a thing is pointless, because thanks to OS X's security, it would require the user the purposely run it, so it'd be one sorry piece of malware.

So now that somebody's bothered to make it, that's supposed to be news? Oh, wow - the concept of ineffective malware has been proven. What a revelation.

Hey, you know another big threat to Macs? Copies of the OS X install discs! Those things are LETHAL! They can WIPE YOUR HARDDRIVE!

Please. Tell me when there's an actual threat to OS X.

That there is a much more serious threat hidden in OS X. If you look at an image, say, it can trojan into your system via scripts and do horrible things.

-if you're running in "root"
-and if you allow Safari to open downloaded files automatically.

http://blog.washingtonpost.com/securityfix/

according to Brian Krebs:
"this exploit could still do a fair amount of damage if run on an administrator account. While a malicious Web site using this flaw would not be able to say, overwrite files or disable the firewall on administrator accounts, it could well delete that user's files or cause that account to send and/or receive various types of data."

Oh, and it can abduct your children.

Seriously, what do you all think?

The usual admonition not to open items from unknown sources seems hollow in this case.

How many people on your buddy list don't you know and trust?


Neal Cornelius
Vernon, CA

It's a virus you idiots. Trojans horses came directly from virii, they are the babies of virii. To go and state that it's not a virus because it is a trojan horse is like stating that the wheels on your cars aren't part of the car itself, they are just addons. The very same principal applies here, disperse, inject, propagate, infect.

So yes, it's a virus and yes, of the subdivision of virii, it's a trojan horse.