Previewed at WWDC, launching in the fall.
The First Mac OS X Virus? (A New OS X Trojan) [Updated]
On the evening of the 13th, an unknown user posted an external link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include:
_infect:
_infectApps:
_installHooks:
_copySelf:
The exact consequences of the application are unclear, but users who originally executed the application have noted that it appeared to self propogate:
Andrew Welch, who had done some of the initial disassembly, is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Update #2: The most recent updates show that the file does send itself to other users in your AIM/iChat buddy list.
Update #3:
Andrew Welch posted the final technical analysis of the application with assistance from Ed Wynne and Glenn Anderson.
Symantec has posted a step by step guide on what happens when you launch this application.
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include:
_infect:
_infectApps:
_installHooks:
_copySelf:
The exact consequences of the application are unclear, but users who originally executed the application have noted that it appeared to self propogate:
If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
Andrew Welch, who had done some of the initial disassembly, is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Update #2: The most recent updates show that the file does send itself to other users in your AIM/iChat buddy list.
Update #3:
Andrew Welch posted the final technical analysis of the application with assistance from Ed Wynne and Glenn Anderson.
Symantec has posted a step by step guide on what happens when you launch this application.
[ 628 comments ]
Microsoft has announced a new visual search feature for its Bing app that lets users snap a picture with their phone's camera and use it to search the web.
The new visual search function...
Some 60 billion messages are sent over the WhatsApp chat platform every day. One of the reasons for the service's massive popularity is that it lets users send and receive as many media-rich...
eBay today launched its latest sitewide coupon code, offering customers the chance to save $15 on orders that reach or exceed $75. The code isn't as enticing as eBay's previous...
Apple today updated its GarageBand music creation software for Mac to version 10.3, introducing new loops, sound effects, drummers, and more, all for free.
There are two new Drummers that offer...
Apple today updated Final Cut Pro, its video editing software for professionals, to version 10.4.3, introducing minor new features and a few bug fixes.
The new update introduces support for...
Facebook today announced it is expanding chat translation within Messenger to all users in the United States and Mexico.
When you receive a message in a language that is different from your...
Movie subscription service MoviePass today confirmed that it will soon introduce surge pricing into its business model, charging customers from $2 and up for films that the company deems popular....
Siri rival Google Assistant received a major update today across the Google Home speaker ecosystem with a feature Google revealed at I/O in May, called "Continued Conversation." Now, when you...
