I have tested this... and it works. Thanks, Battman. I am going to ping the list to your find.
|
Posted on 02/24/2006 11:24:48 AM PST by Swordmaker
Just this week I received a file that said it came from Mrs. Swordmaker... but she doesn't send email to me... we share the same Mac network and if she wants to send me something she just drops it in my Drop Box. Attached to it was an executable file that contained a Windows Spyware installer masquerading as something else... I don't recall what it was. It obviously came from one of those Windows computersthat many on here claim are easy to harden and secure, that had my wife's and my email addresses in the address book, but had somehow gotten hijacked and turned into a zombie. If this email were a little better constructed so as to appear similar to emails Mrs. Swordmaker might send to her friend and it was sent to someone who expects to get such an email from her... why wouldn't they "trust" the attachment?
A spam filter will not filter your friends... the people you have emailed. It CAN filter known, recognizable malware contained in attachments... but that is why the crackers are always trying to come up with something new.
OS X updates using the menu selection are safe... because there are built in checks to assure that the file is coming from Apple. A couple of years ago a proof of concept SPOOF update site was demonstrated... and Apple added the encrypted checks to the Software Update app and to their web site to ensure this could not happen. Microsoft also had the same problem a couple of years ago and actually had to shut down their update website for about a week to fix the vulnerability. DO NOT download OS updates off of non-official sites. There are no guarantees that what you are downloading is sanctioned by the publishers. Use the downloads from official sites only.
The .jpg exif exploit in MS Windows would have scared me if it transported to Mac.
You've seen one Mac virus, you've seen them all. Sure can't say that about Windoze.
Me, I like Unix, and have for the last 20 years....
Just an FYI for those who might be paranoid now (although there is no good reason)... This might lighten your fears a bit:
http://www.versiontracker.com/dyn/moreinfo/macosx/29221
I have tested this... and it works. Thanks, Battman. I am going to ping the list to your find.
|
SafeTerminal downloaded, installed and checked....all ok.
Thanks!
So let me get this straight, if I don't use ichat, I don't have anything to worry about?
The original file that would infect you with the Leap.A or Oomp.A requires that you download it and install it. This file was named "latestpics.tgz" which it was claimed was a zipped file of pictures of OSX.5 Leopard. It is not... instead it unzipped to what appeared to be a single JPEG image file. You would THEN need to double click THAT resulting file supposedly to see the picture... but it would launch an Appliction that would install itself on your computer.
It would then look at your "buddy list" in iChat and offer a copy of itself to everyone on your Buddy List... but it can only SEND itself to Buddies who connect via Bonjour, in other words, only to LOCALLY recognizeable computers, not over the internet. Those buddies would then have to accept the file, download it, unzip it, etc. (repeat as needed) for it to continue the infection onward.
In addition, it would look in Spotlight to find the last four Cocoa application that you ran and write itself into the code of those app... but here is the rub. It can only do that to apps that are specifically installed in your USER Application folder, not the System Application File. VERY FEW Mac users even have a users Application folder.
Oh... and then those Apps won't work anymore.
The only way you can get the Leap-A malware on your machine is if you take some action to put it there yourself. You might receive a file from a buddy in iChat, or download something from the Internet, or open an attachment to an e-mail message. The program code is presently hiding in what claims to be pictures of OS X 10.5, Apple’s next major OS X upgrade. To get Leap-A on your machine, you must (a) receive the file, which is compressed; (b) expand the archive; and (c) double-click what appears to be an image file to execute the code. You cannot get the malware by simply browsing the Internet, reading e-mail, or chatting with friends in iChat.
A good link for completely different view on the subject:
http://www.wired.com/news/columns/0,70257-0.html?tw=rss.technology
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
