The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Apple: 'Opener' Worm Not a Virus

TMO Reports - Apple: 'Opener' Worm Not a Virus

by , 3:00 AM EST, November 2nd, 2004

Apple Computer denied Monday that the supposed 'Opener' malware program is a virus, Trojan horse or a worm. The security company that originally reported the program disagrees.

In a statement, Apple said it has concluded 'Opener' is no threat.

"'Opener' is not a virus, Trojan horse, or worm," a written statement read. "It does not propagate itself across a network, through email, or over the Web. 'Opener' can only be installed by someone who already has access to your system and provides proper administrator authentication. Apple advises users to only install software from vendors and Web sites that they know and trust."

But an antivirus expert disagrees saying that while the program is not an immediate threat, it is a worm because it attempts to copy itself, and therefore is a virus as well.

Graham Cluley, senior technology consultant for for security software maker Sophos Plc told ZDNet UK, "we class it as a worm. It's not going to spread very fast, but it does try to copy itself from Apple Mac drive to Apple Mac drive, and that still makes it a worm. If you saw something similar in the PC world, you would call it a worm."

As first reported on The Mac Observer October 25, security experts discovered the virus entitled 'Opener', or 'Renepo' (opener spelled backwards), disguising itself as a shell script.

Mr. Cluley said Renepo is a self-propagating worm that doesn't use e-mail as a carrier. Instead, it first needs to get root access to a system, but once run will begin seeking out other drives and systems on the network to which it can copy and spread.

"Once on a drive, it does a number of things including turning off system accounting and logging, the OS X firewall, software auto-updates, and the OS X security program LittleSnitch," said Mr. Cluley. "It also creates a new admin-level user which can be used for subsequent system access. It turns on filesharing, and copies some key system files making them world-writeable. It creates a huge back door. It's a smart worm."

The worm also installs a number of pieces of software, such as ohphoneX (a voice and video sharing program for OS X), John the Ripper (a password cracker) and dsniff (a password sniffer). It scans the swap file, Samba and VNC (virtual network computing) connections for passwords and creates a folder in which to store this, IP numbers of other infected computers and other data found on the hard drive.

Mr. Cluley said the worm could be propagated as a promotion via e-mail, encouraging the reader to go to a specific Web address and download the script now to update the Mac OS or some other specific software program.

Mr. Cluley believes the worm is not an enormous problem and doesn't believe Mac users should panic.

Recent TMO Headlines - Updated October 22nd

Fri, 9:07 PM
Inside Apple Michigan Ave Store Opening in Chicago (Photos)
Fri, 8:07 PM
Get a Head Start on Your iPhone X Preorder on October 23
Fri, 7:12 PM
Apple Poaches Amazon Video Exec to Head International Development
Fri, 6:07 PM
Google Finds a Workaround for Apple's Intelligent Tracking Prevention
Fri, 3:52 PM
MOD-t (2nd Gen) 3D Printer on Kickstarter: $300 for a Self-Contained Consumer 3D Printer
Fri, 3:51 PM
iOS 11: How to Share Documents from the Files App
Fri, 3:12 PM
Our Top 5 Picks For Apple Watch Photography Apps
Fri, 2:41 PM
Apple Releases iOS 11.1 Developer Beta 4 with Bug Fixes
Fri, 2:32 PM
Use Your Apple Watch Digital Crown to Zoom Photos
Fri, 2:30 PM
Apple Fixes Several Bugs with watchOS 4.1 Developer Beta 4
Fri, 2:05 PM
Check Out This Cool Cyperpunk Horror Game Coming to Mac [Trailer]
Fri, 1:23 PM
Animoji Trademark Lawsuit, Apple's Sloppy UI Problem - TMO Daily Observations 2017-10-20
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!