Jump to content
Sign in to follow this  
MacCast

Mac "Virus" is really more a Trojan

Recommended Posts

MacCast    80

Well I never ever said I was a security expert and that was clear when I told you about the Mac "Virus". Upon further reading I have come to understand that it is more a Trojan than a virus. If you want to know all the details about this thing here is the link to the thread with the complete deconstruction:

 

http://www.ambrosiasw.com/forums/index.php...howtopic=102379

 

Here is some info I found that expains the differences between the types of "Malware":

“Malware” is the term used to describe any and all malicious software, including viruses, Trojan horse programs, and worms.

 

Even though "virus" has become a generic term to refer to all types of computer malware, it actually only applies to one specific type of malicious code/file. A computer virus does the same thing a biological virus does, for the most part. It infects a “host” (a file, boot sector, etc.) and then looks for ways to spread. The major things setting it apart from other malware are that it (1) replicates itself and (2) infects other files instead of existing as a standalone file. Viruses can be very harmful (e.g., erasing or damaging files) or they can be relatively benign (e.g., displaying an obscene message to the user on a given date).

 

Worms do not attach themselves to a host program or file the way a virus does; worms reside in active memory and stand alone with no need for a host. A worm does replicate itself like a virus, but it doesn’t do so by altering files. Instead, it replicates over computer networks.

 

A Trojan horse program does not replicate itself, and it does not infect other files. A Trojan horse program (or, simply, “trojan” or “Trojan program”) is a malicious program that is contained within, or masquerades as, an innocent and useful program. The most widespread type of Trojan program is the type that installs “backdoor” access to a computer, through which a malicious person is allowed to remotely take control of the infected computer. The next most popular type is designed simply to steal passwords, credit card numbers, online banking data, or other personal information and send that information back to the malicious party. Often, a Trojan program arrives, unknown to the victim, along with a screensaver or game. When the screensaver or game is run, it is designed to then install the Trojan program that is included with it.

 

From:http://www.infotap.org/virusworminfo.asp

Share this post


Link to post
Share on other sites
Thorsten    0

well I think its more a virus than a trojan because it does spread via Bonjour iChat (not Internet iChat) and it does do some damage on the computer to applications the user owns.

It infects applications the user owns and you are reinfected very time you try to launch one of the infected applications, which btw. do not start anymore.

 

For more explanation see here:

 

http://www.macworld.com/news/2006/02/17/le...ollow/index.php

 

Also to be classified as a trojan it should open backdoors etc. which it absolutely does not, as far as we know yet, and does not steal credit card info etc..

This thing has abilities of a worm (spread iChat), virus (infecting applications) and trojan (coming as a jpg) but I think it mostly is a virus than anything else.

Luckily it did not do much damage and only reminds us that we can also be infected.

And reminds us to be careful.

 

How could you have been protected from this.

Always when not necessary run as a standard user and not an admin then MacOSX would have asked for admin username password before running at which point as users bells should we whistling: "A JPG that is running something and wants to install???"

 

Besides being sure to trust your sources, but to be honest I would have downloaded this image, who of us does not want to see somepics of Leopard? And only the above would have saved me :)

 

What I just find most annoying and strange is the fact that this did show up once Apple started the Intel transition, why now? Why not last year?

Really a bit strange. :?

Share this post


Link to post
Share on other sites
kwsanders    0

I think it should be classified as a virus or, more rightly, a worm since a trojan horse does not have code to replicate and spread itself. This particular application does just that.

 

http://www.sophos.com/pressoffice/news/art...macosxleap.html

Share this post


Link to post
Share on other sites
cassiope    0

a lot of bull over nothing

 

these so-called viri and or worms are nothing more or less then BOGUS: nothing happens.

 

besides who is dumb anough to open a document send to you by unknown@unknown.com?

 

Sheesh if you are liable to doing that you are worthy to be names windows user of the month.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing

    No registered users viewing this page.

  • Who's Online (See full list)

    There are no registered users currently online

×