|
|
Posted Nov 5, 2006 10:34 by Alaric S.
Listed in:
News
Tags:
Intel,
Mac OS X,
Symantec,
OSX.Macarena
2QJ
Ó
 "Macarena", the song that you either loved (it was one of the biggest hits of 1996) or hated, has come back to haunt us. The good news: not as the song. The bad news: it has reincarnated into OSX.Macarena - a virus that targets client and server editions of Mac OS X 10.0.0 through 10.4.8.Symantec says the current version has a lowest-possible threat rating and doesn't carry a malicious payload. But since the source code for the MacVirus has gone public, the company does not discount the possibility of more dangerous variants in the future. OSX.Macarena targets some, but not all, Mac OS X Mach-O executables but does not infect PowerPC Mach-O binaries, nor Universal binaries for the PowerPC and Intel Mac platforms. While the SANS Instituter's Internet Storm Center (ISC) said the Macarena MacVirus is "no big deal" it did say it should be taken as a warning to get anti-virus protection for Macs even if there are no viruses in the wild today. |
|
|
[Via InformationWeek]
Permalink |
Email this |
Linking Blogs
| Digg It!
Bookmark / Find this article on: |
|
1 Comments
|
|
by Advertising - |
|
 
|
|
|
by Macabagepatch (Unregistered) - 2006-11-06 |
|
|
» Meaningless
Here's the story from MacDailyNews.com
"‘Macarena’ malware does not exploit Mac OS X bug
Monday, November 06, 2006 - 04:31 PM EST
"OS.X Macarena poses no viable threat as currently conceived. Although we don't have our hands on the virus source code, according to Symantec (who initially publicized the virus last week) OSX.Macarena can infect neither PowerPC-exclusive binaries, nor Universal binaries. It can only affect binaries that are Intel-specific. That would include various system files, but since OSX.Macarena can only infect files in its own directory and has no means of gaining the privileges necessary to escalate into directories where most system files are stored, the the threat level is mitigated," MacFixIt reports.
MacFixIt reports, "Further, it can be reasonably said that this 'virus' is no more than a basic exploitation of the way in which UNIX permissions are designed to operate. By default, applications have permission to modify files that reside in their same directory. It's somewhat akin to writing a shell script that deletes one or more (or all) files in the home user directory then distributing that script as a download: Running the script has a malicious outcome, but there would be no way to prevent its operation without changing the granularity of permissions in Mac OS X (assigning some applications tigher restrictions than the default user-level permissions allow) -- something Apple may or may not enact in Mac OS X 10.5 (Leopard)."
MacFixIt reports, "Symantec admitted to MacFixIt: 'I think the phrase 'proof of concept' which is used in the writeup may have caused some confusion. This is not a threat which is exploiting some bug, rather the concept that is being proven is that Mach-O files can be infected, and that Mac OSX file infecting viruses are therefore possible.'"
"Also, as has been the case with virtually all purported Mac OS X viruses documented by anti-virus firms thus far, there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur," MacFixIt reports. "As a result of these considerations, the OSX.Macarena has served less as a 'warning shot' across the bow of Mac OS X than as a re-iteration of just how difficult it is to write an effective virus for the operating system.""
Here's the story from MacDailyNews.com
"‘Macarena’ malware does not exploit Mac OS X bug
Monday, November 06, 2006 - 04:31 PM EST
"OS.X Macarena poses no viable threat as currently conceived. Although we don't have our hands on the virus source code, according to Symantec (who initially publicized the virus last week) OSX.Macarena can infect neither PowerPC-exclusive binaries, nor Universal binaries. It can only affect binaries that are Intel-specific. That would include various system files, but since OSX.Macarena can only infect files in its own directory and has no means of gaining the privileges necessary to escalate into directories where most system files are stored, the the threat level is mitigated," MacFixIt reports.
MacFixIt reports, "Further, it can be reasonably said that this 'virus' is no more than a basic exploitation of the way in which UNIX permissions are designed to operate. By default, applications have permission to modify files that reside in their same directory. It's somewhat akin to writing a shell script that deletes one or more (or all) files in the home user directory then distributing that script as a download: Running the script has a malicious outcome, but there would be no way to prevent its operation without changing the granularity of permissions in Mac OS X (assigning some applications tigher restrictions than the default user-level permissions allow) -- something Apple may or may not enact in Mac OS X 10.5 (Leopard)."
MacFixIt reports, "Symantec admitted to MacFixIt: 'I think the phrase 'proof of concept' which is used in the writeup may have caused some confusion. This is not a threat which is exploiting some bug, rather the concept that is being proven is that Mach-O files can be infected, and that Mac OSX file infecting viruses are therefore possible.'"
"Also, as has been the case with virtually all purported Mac OS X viruses documented by anti-virus firms thus far, there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur," MacFixIt reports. "As a result of these considerations, the OSX.Macarena has served less as a 'warning shot' across the bow of Mac OS X than as a re-iteration of just how difficult it is to write an effective virus for the operating system.""
You appear as unregistered user now. To change this, you must register or login
| Post new comment | Submit a trackback URL |
You can't post comments anymore on this article!
QJ.NET Blog Network
|
|
| MyQJ | Feed / PDA |
| MyQJ | RSS / PDA |
| Blog of Blogs | Feed / PDA |
| QJ.NET | RSS / PDA |
| Gaming Consoles | Feed / PDA |
| Nintendo DS | RSS / PDA |
| PlayStation 3 | RSS / PDA |
| PSP Updates | RSS / PDA |
| Wii | RSS / PDA |
| Xbox 360 | RSS / PDA |
| PC Gaming | Feed / PDA |
| Games for Windows | RSS / PDA |
| MMORPG | RSS / PDA |
| Tabula Rasa | RSS / PDA |
| World of Warcraft | RSS / PDA |
| Science | Feed / PDA |
| Science | RSS / PDA |
| Technology | Feed / PDA |
| Apple | RSS / PDA |
| Gadgets | RSS / PDA |
| Mobile | RSS / PDA |
| Photography | RSS / PDA |
Add QJ.NET
User Favorites - January
| Most Commented | |
| No available articles! |
User Favorites - January
| Top Jumps | |
| No available articles! |
Categories
-
222
(0) -
Accessories
(478) -
Advertisements
(21) -
Apple Corporate
(181) -
Applications
(343) -
Audio
(91) -
Boot Camp
(23) -
Connectivity
(45) -
Culture
(59) -
Deals
(5) -
Desktops
(22) -
Downloads
(136) -
Events
(8) -
Gaming
(228) -
Hacks & Exploits
(144) -
Hardware
(95) -
Homebrew
(371) -
How-To
(132) -
Humor
(57) -
iLife
(13) -
Intel
(51) -
Internet
(28) -
Interviews
(25) -
iPhone
(628) -
iTunes
(287) -
Laptops
(78) -
Mods
(60) -
Monitors
(11) -
Music
(68) -
News
(1339) -
Off Topic
(212) -
Open Source
(22) -
Opinion & Analysis
(250) -
OS
(191) -
Peripherals
(50) -
Podcast
(24) -
Portables
(13) -
Reviews
(37) -
Rumors
(306) -
Site News
(34) -
Software
(291) -
Steve Jobs
(65) -
Tools & Utilities
(98) -
Video
(114) -
Wireless
(32)
Products
Archives
-
November 2008
-
October 2008
-
September 2008
-
August 2008
-
July 2008
-
June 2008
-
May 2008
-
April 2008
-
March 2008
-
February 2008
-
January 2008
-
December 2007
-
November 2007
-
October 2007
-
September 2007
-
August 2007
-
July 2007
-
June 2007
-
May 2007
-
April 2007
-
March 2007
-
February 2007
-
January 2007
-
December 2006
-
November 2006
-
October 2006
-
September 2006
-
August 2006
-
July 2006
-
June 2006
-
May 2006
-
April 2006
-
March 2006
-
February 2006
-
January 2006
-
December 2005
-
September 2005
-
August 2005
-
July 2005
