Posted on 05/06/2009 12:49:42 AM PDT by Swordmaker
Symantec says a new worm targeting Mac OS X spreads via email and network shares. But is it really a threat?
According to Symantec, the Tored worm spreads through network shares and by emailing itself to addresses gathered from the infected computer's Address Book.
It opens a back door to the computer, allowing it to be conscripted into distributed denial of service attacks as well as logging keystrokes (which could be used to steal passwords and other confidential information).
There is no indication that Tored can execute without user intervention. For example, Symantec does not seem to suggest that there are any issues with Mac OS X mail clients that could cause the code to be automatically executed when the message is opened.
The company says there are a very small number of Tored infections at no more than two sites, and that the worm is easily contained and removed, and does little damage.
Tored has been given a risk level of 1, the lowest on Symantec's scale.
But was Tored really discovered on May 5, as Symantec claims?
Not if it is the same Tored that Intego reported last week as being discovered on April 22.
According to Intego, Tored is a proof-of-concept created with RealBasic, which is not the malware writers' usual tool of choice.
Intego says the malware works by copying itself into the System and System/Library/StartupItems folders so it runs automatically after subsequent logins.
Tored attempts to spread using "an SMTP server that is currently non-existent" so that doesn't get it very far. Furthermore, "the code in this malware is faulty, and it does not work correctly, so there is no real threat from this malware."
So it would seem that the usual precautions (not blindly opening every attachment that arrives by email, or every file that appears in shared folders) would suffice, and even if you are careless there may not be any real harm done.
Sophos added Tored detection to its antivirus products last weekend. Senior technology consultant Graham Cluely described it as "a lame email worm" and said "Bugs in the worm's code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don't lose too much sleep."
"For now, I think a much more real threat for Apple fanatics is that of websites hosting malicious applications designed to undermine their Mac's security," he added, in a reference to the RSPlug malware.
But bugs can be fixed, and mail servers put into action. So to borrow a slogan, it's time to be alert, not alarmed.
Since the so-called worm in this article wants to use an non-existing SMTP server, I cannot see how it can be called a worm. It will never send copies of itself to anyone.
If you want on or off the Mac Ping List, Freepmail me.
I like it... can I rip it off?
Ho-hum. Another “But Macs really, really do have viruses and stuff, just like windows d00d, so they are not awesome, man, and cost more than my clone box, and don’t have games, d00d” story.
This is like the MSM reporting on Bush Derangement Syndrome every month or so.
There is no virus, trojan, or worm that is a threat to MacOS.
I agree there are no viruses or worms... but there are about 15 Trojan horse programs. No operating system that allows you to install software can protect the system against an administrator installing an malicious applications.
Sure. ‘Su Casa es Mi Casa’
Sure. ‘Su Casa es Mi Casa’
Thanks, Joe.
from the sound of things, it's not even just a matter of opening attachments to email. After opening it, you apparently then have to actively give it permission to run, and then give it your administrator password. Sounds kinda not-to-bright to me.
A “worm” that not only requires you open an unrecognized file attached to an email, then have to give permission to install, then enter administrator password - for a bit of code that doesn’t even work.
Hmmm... crickets still chirping...
You just described every worm that can infect an up2date version of Vista.
The crickets can do a duet...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.