Digitally Imported Homepage

Go Back   Digitally Imported Forums > Daily Life > Other Passions > Computers & Information Technology
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
LinkBack Thread Tools Display Modes
Unread Nov 9th, 2006, 04:33 PM   #1 (permalink)
DI Chronic Addict
 
chisbu's Avatar
 
Join Date: Oct 2002
Location: USA
Posts: 7,263
Default New virus "OSX.Macarena"

Quote:
Details released on OSX.Macarena virus
3 days ago by Kristie Masuda

Mac OS X has been the target of a proof-of-concept virus that Symantec claims is a "very low" threat.
"There is no payload in this virus—it simply replicates."

Called OSX.Macarena the level-one virus will self-replicate in whatever folder the Mac owner is using. It is only known to have infected about 50 Macs, according to Symantec, and those infected must use anti-virus software to remove it.

"The virus writer has found a rather unexpected region of memory in which to place the code, along with a way to gain immediate control when an infected file is executed," Symantec's Peter Ferrie wrote. "There is no payload in this virus—it simply replicates. However, it won't replicate very well, because it is restricted to the current directory."
http://www.spymac.com/news/article.php?contentid=5409

And No, I did not create this virus.

Last edited by chisbu : Nov 9th, 2006 at 05:29 PM.
chisbu is offline   Reply With Quote
Unread Nov 9th, 2006, 05:14 PM   #2 (permalink)
DI Extreme Addict
 
Trance-Aholic's Avatar
 
Join Date: Apr 2006
Location: In a Trance
Posts: 1,055
Send a message via AIM to Trance-Aholic Send a message via MSN to Trance-Aholic
Default

I've got an easy solution to this. It's called Linux
Trance-Aholic is offline   Reply With Quote
Unread Nov 9th, 2006, 05:33 PM   #3 (permalink)
DI Chronic Addict
 
chisbu's Avatar
 
Join Date: Oct 2002
Location: USA
Posts: 7,263
Default

Quote:
Originally Posted by Trance-Aholic
I've got an easy solution to this. It's called Linux
No thanks. I love my mac.
chisbu is offline   Reply With Quote
Unread Nov 9th, 2006, 06:54 PM   #4 (permalink)
DI Extreme Addict
 
Trance-Aholic's Avatar
 
Join Date: Apr 2006
Location: In a Trance
Posts: 1,055
Send a message via AIM to Trance-Aholic Send a message via MSN to Trance-Aholic
Default

Interesting news though. Considering there's like no viruses for Macs. But notice how it's not very destructive? Viruses for Macs are no where near as destructive as ones for Windows. That must say something about Windows.
Trance-Aholic is offline   Reply With Quote
Unread Nov 10th, 2006, 10:22 AM   #5 (permalink)
Endless Blue
Forum Staff
 
Dustwave's Avatar
 
Join Date: Oct 2005
Location: Viewing Smilies
Posts: 25,795
Default

Quote:
Originally Posted by Trance-Aholic
Interesting news though. Considering there's like no viruses for Macs. But notice how it's not very destructive? Viruses for Macs are no where near as destructive as ones for Windows. That must say something about Windows.
Rather about the intent of the one who wrote it. The article said it's a proof of life
__________________
Ocean to Shore

23-03-2002 - 06-04-2010 RIP Murciélago
Dustwave is offline   Reply With Quote
Unread Nov 10th, 2006, 11:53 AM   #6 (permalink)
Senior Forum Addict
 
Join Date: Nov 2006
Location: U.S.A.
Posts: 775
Default

Quote:
Originally Posted by Dustwave
Rather about the intent of the one who wrote it. The article said it's a proof of life
Ditto.

The only reason that Linux and Macintosh don't have a lot of their own viruses going around is because it just wouldn't be worth it. What with most of the world's computers running Microsoft Windows, it would make sense from a "causing mass chaos" perspective to just make viruses for Windows. Plus it would make them spread a lot faster. It actually has nothing to do with the security of Linux or Macintosh (no matter how much better or worse they actually may be than Windows).
__________________
Pamiiruq
http://soundcloud.com/Pamiiruq

"A lot can be said by a 3xosc with a dissonant melody and the right insert effect." -DeadMau5
sidran is offline   Reply With Quote
Unread Nov 10th, 2006, 10:49 PM   #7 (permalink)
DI Extreme Addict
 
Ambiguity's Avatar
 
Join Date: Nov 2004
Location: Raleigh, NC
Posts: 4,159
Default

Quote:
Originally Posted by sidran
Ditto.

The only reason that Linux and Macintosh don't have a lot of their own viruses going around is because it just wouldn't be worth it. What with most of the world's computers running Microsoft Windows, it would make sense from a "causing mass chaos" perspective to just make viruses for Windows. Plus it would make them spread a lot faster. It actually has nothing to do with the security of Linux or Macintosh (no matter how much better or worse they actually may be than Windows).
Mac & Linux are like people who wear a coat and rarely leave their warm homes. Windows is like a naked man on a cold, crowded subway in the middle of flu season.

Last edited by Ambiguity : Nov 10th, 2006 at 11:02 PM.
Ambiguity is offline   Reply With Quote
Unread Nov 11th, 2006, 10:28 AM   #8 (permalink)
DI Extreme Addict
 
Trance-Aholic's Avatar
 
Join Date: Apr 2006
Location: In a Trance
Posts: 1,055
Send a message via AIM to Trance-Aholic Send a message via MSN to Trance-Aholic
Default

Quote:
Originally Posted by Ambiguity
Mac & Linux are like people who wear a coat and rarely leave their warm homes. Windows is like a naked man on a cold, crowded subway in the middle of flu season.
That makes sense.
Trance-Aholic is offline   Reply With Quote
Unread Nov 11th, 2006, 10:41 AM   #9 (permalink)
Endless Blue
Forum Staff
 
Dustwave's Avatar
 
Join Date: Oct 2005
Location: Viewing Smilies
Posts: 25,795
Default

Quote:
Originally Posted by Ambiguity
Mac & Linux are like people who wear a coat and rarely leave their warm homes. Windows is like a naked man on a cold, crowded subway in the middle of flu season.
So basicly Mac & Linus are girly scared cats and Windows is a tough crazy college brat?
__________________
Ocean to Shore

23-03-2002 - 06-04-2010 RIP Murciélago
Dustwave is offline   Reply With Quote
Unread Nov 13th, 2006, 02:29 PM   #10 (permalink)
Addict in Training
 
Join Date: Nov 2006
Location: USA
Posts: 4
Default

Quote:
Originally Posted by Trance-Aholic
I've got an easy solution to this. It's called Linux
That makes me sad.


anywho here is a better virus for linux, run this as root

Code:
[ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo "You live"
Unknownname is offline   Reply With Quote
Unread Nov 13th, 2006, 07:45 PM   #11 (permalink)
DI Extreme Addict
 
Trance-Aholic's Avatar
 
Join Date: Apr 2006
Location: In a Trance
Posts: 1,055
Send a message via AIM to Trance-Aholic Send a message via MSN to Trance-Aholic
Default

Quote:
Originally Posted by Unknownname
That makes me sad.


anywho here is a better virus for linux, run this as root

Code:
[ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo "You live"
I don't know about you, but I usually don't run unfamiliar code as root.
Trance-Aholic is offline   Reply With Quote
Unread Nov 13th, 2006, 08:04 PM   #12 (permalink)
Senior Forum Addict
 
Join Date: Nov 2006
Location: U.S.A.
Posts: 775
Default

Quote:
Originally Posted by Unknownname
That makes me sad.


anywho here is a better virus for linux, run this as root

Code:
[ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo "You live"
What that does (correct me if I'm wrong) is by a 1/6 random chance, it attempts to delete all the files in your root directory and all its subdirectories. Otherwise it will display "You live" on the console. I suggest no one try it "just for fun." Sorry to burst your bubble, unknown.
__________________
Pamiiruq
http://soundcloud.com/Pamiiruq

"A lot can be said by a 3xosc with a dissonant melody and the right insert effect." -DeadMau5
sidran is offline   Reply With Quote
Unread Nov 13th, 2006, 08:12 PM   #13 (permalink)
DI Extreme Addict
 
Trance-Aholic's Avatar
 
Join Date: Apr 2006
Location: In a Trance
Posts: 1,055
Send a message via AIM to Trance-Aholic Send a message via MSN to Trance-Aholic
Default

Then it's not exactly a virus. By the way you described it, it sounds like a code that you have to manually run and it just generates a random result. Usually a virus gets on your system without your knowledge and executes itself. And by the time you know what happened it's too late. I wasn't going to try that anyways. Thanks for the info
Trance-Aholic is offline   Reply With Quote
Unread Nov 13th, 2006, 08:16 PM   #14 (permalink)
Senior Forum Addict
 
Join Date: Nov 2006
Location: U.S.A.
Posts: 775
Default

Quote:
Originally Posted by Trance-Aholic
Then it's not exactly a virus. By the way you described it, it sounds like a code that you have to manually run and it just generates a random result. Usually a virus gets on your system without your knowledge and executes itself. And by the time you know what happened it's too late. I wasn't going to try that anyways. Thanks for the info
Ya, no problem. And that's true. If it was a virus, then it would have some level of automation in it. This would just be deemed "malicious code".
__________________
Pamiiruq
http://soundcloud.com/Pamiiruq

"A lot can be said by a 3xosc with a dissonant melody and the right insert effect." -DeadMau5
sidran is offline   Reply With Quote
Unread Nov 13th, 2006, 10:55 PM   #15 (permalink)
Junior Addict
 
sorcerdon's Avatar
 
Join Date: Nov 2006
Location: USA
Posts: 16
Default

I wrote an article about malicious code.... and yes this sounds like just malicious code.
sorcerdon is offline   Reply With Quote
Unread Nov 14th, 2006, 10:22 PM   #16 (permalink)
Addict in Training
 
Join Date: Nov 2006
Location: USA
Posts: 4
Default

Quote:
Originally Posted by sidran
What that does (correct me if I'm wrong) is by a 1/6 random chance, it attempts to delete all the files in your root directory and all its subdirectories. Otherwise it will display "You live" on the console. I suggest no one try it "just for fun." Sorry to burst your bubble, unknown.
Ha, that was merely an example of how the OSX.Macarena virus works. At some point the user has to run something in order to trigger the execution of this virus so that it can muck with the mach-o system (the thingy that handles files in os x.)

Since this was a proof of concept virus, it really wasn't dangerous. Using the source code from that virus could lead to something interesting. For instance once the virus can write to other files within the directory, it could append itself to any file in there, and then move the pointer to the virus itself. That way any file in that directory becomes a virus. Now, if the virus can append itself to files, it may look for some sort of program that it can inject a bit of code into, that way it can then get some run time permissions and have a field day.

All in all, in order to get this virus, you have to do something really stupid like run that above posted code.

p.s. That shell sciprt is called Shell Russian Roulette.
p.s.s. I hope no one was silly enough to run that!
p.s.s.s Oh noes my bubble!

:P
Unknownname is offline   Reply With Quote
Unread Nov 15th, 2006, 06:08 PM   #17 (permalink)
Junior Addict
 
Join Date: Nov 2006
Location: United States
Posts: 13
Default

hahaha i will send this code later. ns, btw
eightbitstar is offline   Reply With Quote
Unread Dec 4th, 2006, 02:09 PM   #18 (permalink)
maz
"Banned Useless Poster"
(Forums Moderator)
 
maz's Avatar
 
Join Date: Jul 2001
Location: San Francisco
Posts: 5,632
Send a message via ICQ to maz Send a message via AIM to maz Send a message via MSN to maz Send a message via Yahoo to maz Send a message via Skype™ to maz
Default

Something I posted to a security emailing list:
Quote:
The major difference is how they are exploited at the user level. Generally you do not have root (read administrator) privileges on mac or unix. If you do you need to super user or use sudo (which is what OS X generally uses with a graphical front end).

You can exploit things that are running but generally OS X keeps services that listen on ports to a bare minimum. Here's what my mac (and I do a lot more "power" user stuff than the average mac owner) has listening right now:

nmap localhost

Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-11-27 09:25 PST
Interesting ports on xads.zedo.com (127.0.0.1):
Not shown: 927 filtered ports, 749 closed ports
PORT STATE SERVICE
1033/tcp open netinfo
1241/tcp open nessus
3689/tcp open rendezvous

Rendezvous is open because I happen to share my iTunes. Nessus so I can connect locally and do security audits. Netinfo is an ldap database of sorts for OS X to have configurations saved and can only be accessed locally. I haven't heard of any expoits for it, but I suppose it's possible.

Windows processes tend to have unrestricted root level access which causes the vast majority of problems.
maz is offline   Reply With Quote
Reply



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 01:25 PM.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0
Copyright © 2010 Digitally Imported, Inc.