Apple - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Apple


Mac Trojan Set Loose—More to Come?



 By: Ian Betteridge
2004-05-13
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Apple story.


Rate This Article:
Poor Best
A malicious Trojan for Mac OS X purports to be a version of Office 2004 for Mac; is the platform on the verge of increased attention from virus writers?

The first malicious Trojan for Mac OS X has been found in the wild, leading some to claim the platform may be on the verge of increased attention from virus writers.

The Trojan—dubbed AS.MW2004.Trojan by anti-virus company Intego—was first discovered by a reader of British Mac magazine MacWorld. It takes the form of a file purporting to be a version of the newly released Office 2004 for Mac and is available on download services such as LimeWire.

However, despite appearing with a legitimate-looking icon, the Trojan is in fact a simple AppleScript application that, when run, erases the contents of the users Home folder. And, unlike the real release of Office 2004, the application is only 108KB in size.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

After being alerted to the existence of the Trojan, Microsoft Corp. issued a statement saying, "Microsoft does not currently offer any Web downloads for Office 2004. When looking for product enhancements from Microsoft customers should always download from www.microsoft.com/mac or use the new auto-update tool in Microsoft Office 2004 for Mac."

And Apple Computer Inc. was quick to respond, seeking to reassure Mac users concerned over the potential of the Trojan. "This is not a virus, does not propagate itself and has only been found on a peer-to-peer network," said a company spokesman. "This is an example of the perils of seeking illegal software."

This view of AS.MW2004.Trojan was backed by Denis Zenkin, head of corporate communications at anti-virus vendor Kaspersky Labs. "It is definitely not a virus because it has no ability for infecting other files. Ability to propagate is a feature inherent to other types of malicious programs—worms," he said.

However, some commentators said Mac users should not become complacent. "A small number of virus writers are showing an increased interest in Unix, and there have been Unix worms that have spread in the wild," said Graham Cluley, senior technology consultant at anti-virus company Sophos. "For this reason Mac OS X users should not think they have nothing to worry about moving into the future."

Resource Library:
Could a worm on Mac or Linux ever get traction? Read Larry Seltzers column.

Zenkin, though, downplayed the Macs potential as a future virus target: "We believe there are three conditions for malware to exist within an operating environment," he said. "Firstly, it should be widespread in order to cover a number of virus writers. Secondly, it should be well-documented and provide easy-to-use tools for development of user applications. Thirdly, it should not be well-protected. With Mac OS X, the first condition is not really fulfilled—this operating system is mainly used by professionals who have more important things to do than creating viruses. So we do not expect Mac OS to be a platform for future virus development."

Check out eWEEK.coms Macintosh Center at http://macintosh.eweek.com for the latest in news, reviews and analysis about Apple in the enterprise.
Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Mac Trojan Set Loose—More to Come?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Apple Articles          >>> More By Ian Betteridge
 


x}v6EW--iXv:{ I)RCR;[7]hv'vҶDTP( {$ W7-gL:9)ٟG,zI}ݻ@BeZNULrJԶnL7n[c3P/WaW᳙(,Q  tjOt0]2xԴ;k:&gek/cߨ[:`&`1ZlRl #: rWӺ#~i-'@IR(cѺ#(D=ߵ-m: \'|7*UnSp{ca_ʞ0HQIM"h4"j>vn3gd #B=x:a/M˟ m׸ڮUX'[vB䅠1FE;wKI%_g'u٪r'Ӥbf]LÑc7Ppm׃)KTQ3#}jݳt#ԳF@u|ף&Y# 3MuL_FBQ If [aSK 0~b[>4Ibp\.: 뺷}=-:ԍ۱=$f]Ԓ],r"U)wS'>dRr-2訖þɲnMw3a[mޡlطǚZ*jUE9.TCxx-t}rNe,oFuޅRV5MQ;Uu7ںs nm)k>g}rܺx'7;Aڼ@o&1DR˅4D>-āY^'oVq+aASc T$0yY>E4b™EUCdvߔ-~k~:C,[3sAT4 ̠K`WkeP9k<_sܴ/ݛ9^fsCV=BCj`BӹciuZʿ!-_=z6b M u ô|WVK{C{r"޺tr>%9Io 70omYn]H.)T|Y|ěy30si2).߆I@w[@kkUykQ 4+@_x0ND1jSfMr,eg{0@M)61tk 3!RBʼĿIK _VPJB-)\Dh+Ԍ$ٛ"G;ž_"ʥcp1S{n.Ӱuarq|^oVV͉:]XYujZnE?´;\g\?k5[Mһ^Z0*>cq4Y`I-. :oo:jal:}5"+rOLf[ԑplP)uu~L>NR'}:;SjZim;Ni(|I}ѦޣR?ݘXiI70i\+Gݺ~L߳=Wԇ5D5i-DCwM0Ie!S uG νdrgoM~ٚС4}aqjS?g !Tg ,zzC 3PlmNl}h`1 5%aF@i0xz dQJ d  4.gP)AH = \99Y ŊH~ޑvZ*&RP*m=!ԑt݁Z*=h3aGe-n^ $ d6g2+IMiG0-&D7r"e.G 7Kᙖ6FlkVe y=0޹Ȝ 8C_gM Y1Q OfBnmhJJ:$,4)špdzKݼ^`";hqNNRНB#@9zQ/OZbxh6(U7v/:At ]֥PKo@xC dX{+/,7èkAJ+_ii tsaͰ,Cl6:`3ǟGRlC2DhR+}neDIUU[33R%fx#e\46L XbOF3F K^Lg,/,+YkuMٕ.RB|vjN YG:=4̄+ud'T-{<}6:Hy5՝  %1Iڏ9&_G5 k^ˣ6Wȵm>2躢΍ X:X<~o™5z1|*j0&B$V(l^x}xN`'\sW["LJ}wYвJzu6$\]Pr)SLZ06AaeL䱯^t@FM@X G\d`АBrAa T+S//' 7]@.&D~Ê?DNQcG=.C+DÜU^Vw.$JPVbrxC+jr\T+ qvJwq)4 bs`~62k sp@o([?`3|x+}K-˰p c.Z$ c`7._kOWbL['ʂX hO7`sk'k0ECV0! H*7h6І{egjڳP twPJ v|~KFhI[dEλԲ'**5P6>*0N枏~+kF$XS F1j>Lk}\SaWݬ`B[$ zDÈ i{qņZ ZYMf~q?pߎ3XAm†9k+sD ü z30Jјlwl^Qm(}< *Woᔻ,p{Sk),tljqc0:g<}'YQBn;Jr fĀy@?uUJ [2LdT~#\yRfl|g]a+w22˓FzXaoQ*\ 6-У''~Uc2~z:i0-a`O- q uhՂrO'(3_Gd3⇇a9kٝNC7E$79PܘGwDF$۝Rq#ÄoqS))r*H+ů 3Fˁ; _.7ITzGPUe@5ỵV3Ce 4v=.EЋq}cLB:ئOl[e7M"3*p7n-˕2~2sX y 7$B|=ݤ1p JM<1{H>JS-BtqQR5oTbPQKJBЛgQ!fAɂ]AӀM\r8hs)p}/O&PFzMʇq4wI#⩬yF0.Ɨ!skgO̦:zf36{%]M茻h\n Lc^e$i*M&n@uztS6neUsVB gI= c&8=._EU2qyh7(۞jMY@h#&w|}FrP*5]*{_ se#gD)jeѓEO*'mJpX8YHX9H(PK YG۷BlpH75),8{Je%[ yr2=QZaǰ^P(㘘\}?؇^?hUeqb%bn |+ =|QtW%}wnϏHAcg˾t/&~?<aa=&~"`}f{\i\.0MC~ڗGtL`UueSjwZb8K}LAIP 4p=&iCO"l/?Hmu#4-odhD4|w;Nq})}ڽ^Sz}ْWs=A n2H#O!yN/ZFSLo2XGz~0fK#f!B*.f3 T/Us>֒\zF_ɾj,49Aϐa6(F4G!ޚG8 V`!旁w1dORc (ʱ=`=` fwuN .F_$BAnpkz!NU He*4Д+e3ѓ:)KCT䵤 g[UHN~'%qbLyx*= $LrDaC=?V$=ݝ:F`cIŃ O~ؑq eީӊN|u +KׅNo՗W3k{R̵jП 2]>^Y ]s>ͥ`L8M\gwhG(V-w9c24aϝUjkݮ< #sCӝꖃ(&HK.}Ҹ跮IK09iJs tck5yׅO>4wX\/f9#- LwzzMYFg_ oc Ǿv/ݻw~Zw[q*A-wC?'dc: M"I^U֭UdU)I=YE㳏)G8}b[0d&'q=+=#tzoo=إ֛<C?}|}& ~ ]=PI=w뻿~=Ғ(r_ZDNqw5Q${qI9.t}?,K`\Ty^v} l$>?Gso D:*pctOxcZy‡i襖N4,曜;`!3ȑ +Ӡ5MH.vG c*yh\[w5%pRx65y(1h4Rwot8lv4W -~@k-Ǭ§!qZOpIVܱS,*O_Oo+N֊3SOp_M לW&/6o) \(.DӞ _'p5xnV،̳$tYS E Lt/tk԰W, }'jy#`~Ué;K{@PrIa/\os߯[ޜg8`_;GAzs.0eIt߯?կp]p1z9:qQV J9zF'_߶` e$>hĥОBCϘ# 8*R)w5?;y sLbNF}:n ^"p%<(n*s9:){b:V9z'Cq$܉eX e%l‚1At҇@8MbzDt㇙" :K2cܽj ]ՄHL@-@ rF&6|p4uYDfx ?31S?;ۊ;-:*bb 0\^;nGb%z,x D*dId+Q$e%!-շmrD9 B4|YK+ħ6fOcHndjµ.RPYtX09~<ѕDbiohdyH.dl0BnS/X3Jk .`VJV<7R}Q}4, 6o;2@mF4}#6 RӫSU FPkwOwjeXҒ+-ȓ7ᷜ9۪)Taz2#{Ա)ˎ)c*X/] _-3ZKq.=غ D "-2Ds)ДL0uV__璪Jjml[h/&,?$5)X"ATN:xJh\;J &E*D8$#$U΋#׷;[iʶlUx)bd TIIBa.,Ajb{z U)_~,tCE8,)EIl)ŗVdZI eUz~=D@UmS跼&.,/GJRa JP@&2ϯB<&'5Kq "7a>h;D@RVKٌx$:qxU3I`]0V LUݖOg*`b&tǶ1u`:fI70/sBj?D@q32YL+ P@%J8T n氰_^4!UvCgQUҶ,Vy)I|_Cj,/ = Jb,M2T+4q>O-M,9^8 hd?4g5GY^N9\yU _*/wU˻_7`6[`gamK:/]ٵ́K0t]ԂZ,/ۮ)^ 8K[' 8 IXR_}yT|qa7kBs/Elz՟ bK|1o/eMc6L N=JgXLT撏K{Vhm@cb^t&sK' l:P?@5RGrGoؓ4{pÈ$ʢ_"a8LOd_H!}N_ݒ/  hBjT`fPant_y- VI?r|^E}&LKphpEu_Ondwַ尗_rS= tk,]ĵz ]~MU*>:$`x KOOA /m2 Ӥ- }AM|$|#鈽ڴAnMN=p커D~s}s}s}sjYC]a5.{`ͤX_[ 2 [eihM\c3BU8)yC`ĵ=Z߶hJQ ϑX`[RMtJ8ܪB+D\z#^y55` (7NdYC:ƮuBƅS<}-AU~%%OF@7t =vE:e2HMŐ]S0c :32B! A(ɀ0%t&}1":|}K-I^=Gvm銺P-/6s@bJ HCB=MU S "$θw}JpsV@1%ȗF2nXc. e[9Gx?w]t6SO]ց|;R*Bx(& dR^, ï ^4bؑ_ s?o;kؓz7g .р=\cwP)=h3`;v+0JO_?Ma♹3ݶ^WHjer8\ϝYy}L1aWA(%5;6[7o\2vjmckk3u#A-[o"6௶eul>/"=}6dUoko#fyN;mV)jhk31}ilƼ؆_,I FRˬ$I3Ʊ3}5_8ET2̭-Y:dn2äV&H y3D/]/c >&ܹhyg|O_/Em/?񨾾oqc0|Wca@{3Iq$!ZpP]}zUcĄcc<vEx/l~oZ|78 ̠2.NdãEFrUYPo|֊[NiΞC`pQsS}LBqCb$J# !^tEw'y{LdS*{4S\0k ?Dy긯 7v.F3L\,K&QX#B7QEe oH?I5?O:%dQ?{(pOo𷊻q'H|B<DTQ<,+F]{N9-(N /p*n?m4F~_*%-V8BYWPؾ:8!9#9pgذЂz~rmzo> V8EL5(96ic7`ؕĠAIB4솞ĸW\n"IؗHUԖkYk ;V"Y"'"KIE/]^|~8. dRC8m/-Iyp\o+96qN"F dr B.sI *ʡ^r^:VXuZ.˘x'V@gLHk̘xj4vlNz ytFu.0*Z!Ѥ9a9eHQ58sM<ڜ>7-yM13цX50~f׵Ga\v̈́A|W@O[jkw1Yn!2YՉȩ mݹ]痏5&<[*ڢ#R[tˮIȋo@V`m 4,\ 4\πTnA4`}"fR%26ZX+(%\;;}搯jJEU!DP^vձ|z`BK.kXGl7̋1#JZP-0o鞽qX*l EL>[Sb#>v"AfӃR\LWqb\oj(AgJd4X>k_{wi/1~J+ɱF~<Ν-iҩF;6vCWѵATJ{=qzu,u{۫u) +Kk#_~=%U$d[j4K$¨ӔAJN` r;c±@4@G"ͨa8TJo[ J}z%rc[q{ZaD",?t15 W1儔JzN۠ĻŎ-W1h=%c 16 \TbЭB1˪M;InP}sY?e=` '2u/x߹[!VU'r&ᕲ*6;#n4j}'t MxQ37+ Sx&C7)(ʁޒi488l@1"r? I:NU~NP_ԓFG])׀gBUV"Ba=X :>IoRGP56Wn:nZl.Z~뺇V =;G}m!V<yS] h vTb8jv(/9$.+Ja S$ܝ!:, \vf+Rs?ra)?Do9fH s);#5jח=P)`/}~! L D"c*41GJ[#}scMZfBE< ,iMmanFbIA!5Q"`"1a9=g3b2lP\ s}%%zH"V|8snj0(-ŌCZQJФ*t!dW`ǪZJW.O^Y,f/co[iBR. ?$-GF쌆xɾe$͈ɵ?ѝXz 9^9nHI}ow/I{Ǫ5} \MGݩ;'՗e},fbv>J55ۼ6(P]6:-f)T3\h^Epɂw]%;飱</ۄ>IPJTَ/!jbTSa0_)o4׭^O˦V\k!h2\~ۛ\(3eF9\c/ \~/2lWdOd,@N};@N}:'g'?; D3(?A2;P(K ..n~f+ 2޿233ק 埳}}Π dd  M%:Iʘ!g+\8=Rdr ~)A_d_y*%YF!g賲+z7_˰ʠs=2Я!eߗdnleҾ:6 aqʍz^S_xښꖽpۭ]hp_l ^c/K^浽I%<"xEǹW4<< X1rnmŚ/JYy<qLklžȾ>y~ނb>| #rӚܴO]>v<2kӫk+#B5Afп~%kS$N^d6yx߇ ߚD,z e%Hi_1\-n9>_}#xC/+Og5>؃ Һl\ Z3 쓭/>AͷDB$p G;w0 d<3cvڢ{衈+4\zt{cn8l>EM++J9wWrDa3"BQ]FTMVYI2ZY9,+PPफ़h[vRjo視' yV8an%[zQ"z5~L@-1k"/cFA6of))^ ^"Uv3&Ec(2ǀ)"RK?^*u1 j>d%Q( o# Ⱦ(ty5e2=/ipzx 7e))G{1_f558wzIcs/j`5vk%sff\3&{r 1-Xhkоx^IdHNl7c@ԯN`Xkt J7t#byڝ0S@-] q[: 7tgG=םPq뺺who'O^!MXHx fB~. :TCȘH b2O|e'0OquEZfƽ@Ou60apt{??c/,gu]R59-|0Du9ϖ,|Ŷr.iG㿄&I[0%ۗC׽~rh`=E(aO<=v|4#eUI;.~i&o ]*I@%WbF8] "!3`A]|eKB$g EϩnC>XYc:9ebV)qdz-["@# e`1lG\}M}w؆;q^'d9e7S#+nvDg>6كl2p!(D0-?}^nT 2+1 <&Y`#&\f\jӟJ.ѮR@nbbq8g;KElB pQ*Ԯm^x[9Na^|ۺkAўXuql>-/#]^&c`H؂{XiWe1JpC)tO˰ANt3Ck׀5V`=2H]3(|9N]]PnãōGXƸ[[+ qy6`;Щ0D\NXeܔMF:®u4movщ߉nsQaW_0,X+0W_mkAkLeUTtCBYEL`;X+N%t&ж?8هl*~&o3Yl{kۺнT~xq*'\`b T*7_.Z+wb~; <^F}切T3uG?<;Ooڿ{hT*ቋoZ5ŧ݋u nғOM)h,-(ZNJ`XFپuK+_1ZF-<#@5̚J"<&/)FҢpL\岞*jal9n~;1{l~r[)CUs̥D/5^JB\sjh6