Renepo Worm Targets Mac OS X

October 24th, 2004 at 3:00 PM - Reports by Brad Gibson

Security experts have discovered a worm that targets Appleis Mac OS X , disguising itself as a shell script. There are currently no reports of the virus in the wild, but experts are concerned that if it spreads, its effects could be serious.

Graham Cluley, Senior Technology Consultant at security software maker Sophos Plc, told the Mac Observer the virus entitled iOpeneri, or iRenepoi (opener spelled backwards), was discovered Friday and is being sent round the antivirus community for analysis.

"We have no reports of anyone actually be infected by it, yet," he said. "Weire not expecting that to happen at the moment. I think whatis happening here is that their is a group of people in the Macintosh underground community who are interested in pushing the Mac OS to its limits and seeing if they can crack it and investigate what kind of problems they could cause in the future."

Mr. Cluley said Renepo is a self-propagating worm that doesnit use e-mail as a carrier. Instead, it first needs to get root access to a system, but once run will begin seeking out other drives and systems on the network to which it can copy and spread.

"Once on a drive, it does a number of things including turning off system accounting and logging, the OS X firewall, software auto-updates, and the OS X security program LittleSnitch," said Mr. Cluley. "It also creates a new admin-level user which can be used for subsequent system access. It turns on filesharing, and copies some key system files making them world-writeable. It creates a huge back door. Itis a smart worm."

The worm also installs a number of pieces of software, such as ohphoneX (a voice and video sharing program for OS X), John the Ripper (a password cracker) and dsniff (a password sniffer). It scans the swap file, Samba and VNC (virtual network computing) connections for passwords and creates a folder in which to store this, IP numbers of other infected computers and other data found on the hard drive.

Mr. Cluley said the worm could be propagated as a promotion via e-mail, encouraging the reader to go to a specific Web address and download the script now to update the Mac OS or some other specific software program.

Mr. Cluley believes the worm is not an enormous problem and doesnit believe Mac users should panic.

"Be vigilant about these things and donit get complacent," he said. "This is not just a problems for Windows users any more."

Mr. Cluley doubts there is much Apple could do to stop the worm from causing damage on a Mac because most worms do not exploit holes in an operating system, but rather "exploit bugs in peopleis brains by relying on humans to do something dumb and install viruses."

Mr. Cluley said he is confident a number of major virus protection companies will release a virus update to scan and detect Renepo in the coming few days.

Commenting is not available in this section entry.

Recent Headlines - Updated November 10th

Tue, 9:34 AM: Product News - MiniMail 2 Adds Snow Leopard Support
8:58 AM: News - AT&T: iPhone Tethering Really is Coming… Eventually
8:16 AM: News - Apple Releases Security Update 2009-006 for Leopard, Snow Leopard
Mon, 7:20 PM: Rumor - Apple May Update iPod touch in December
6:45 PM: Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
5:16 PM: Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
4:12 PM: Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
2:51 PM: Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
2:25 PM: Games - EA Scoops Up Social Games Publisher Playfish
1:51 PM: Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive: $84.99
10:58 AM: News - StarHub Signs Singapore iPhone Deal
10:36 AM: Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Plug & Play Hardware RAID up to 8.0TB. High Performance, Data Redundant Solutions. FireWire 800, FireWire 400, USB2, or eSATA. Hot Swappable Bays, Data Rates over 200MB/s. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Apple Stock Quote

AAPL: $202.84. Change: +1.38.
(Prices delayed up to 20 minutes.)
Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Psystar to Court: Just Say We’re Legit - 27 Comments
Apple Magic Mouse is no Magic Bullet - 18 Comments
AT&T Sues Verizon Alleging Misleading “There’s A Map For That” Ads - 18 Comments
CNET Dubs iPhone the Worst Phone in the World - 17 Comments
Fortune CEO of the Decade: Steve Jobs - 14 Comments
Apple May Update iPod touch in December - 11 Comments

TMO Express

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday. Find out more!

Top Deals From DealBrothers.com

Recent Features

Get the latest installments of TMO Columns, Podcasts, & Blogs.

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.