OS X users celebrate first wild worm

OS X users celebrate first wild worm

Summary: If you use OS X (I do), you should greet with glee and joy this week's announcement that security experts have identified the first example of an OS X worm in the wild.  After all, this shows that OS X is finally getting enough mind share that malware writers are taking note.


If you use OS X (I do), you should greet with glee and joy this week's announcement that security experts have identified the first example of an OS X worm in the wild.  After all, this shows that OS X is finally getting enough mind share that malware writers are taking note.  What's more, OS X appears to be holding it's own. 

The worm shows up when you receive an IM message inviting you to download screenshots of Apple's latest version of OS X (Leopard).  When you click on the link, the software is downloaded, installed, and then invites everyone on your buddy list to download a copy.  

At least that's the abbreviated version that you're likely to see reported in the media.  OS X is doing a good job of warning users of danger In fact, there's some important detail that's missing in that the scenario.  When you click on the link, you'll be warned that the download contains an application.  If you ignore that warning and move forward, the file is stored on your computer.  You have to click on it to activate it.  Of course, you want to see the pictures, so you click.  When you do, the application will ask you to type in the computer's administrator password.  If you do that, then it will install and replicate itself. 

I had a conversation with a friend not too long ago where I mentioned I'd never had a virus on any computer I used, even Windows.  He was shocked and asked what virus protection program I used.  He was even more shocked when I said "none."  Part of that is luck, but a large part of it is because most malware, especially on {Li,U}nix-based systems, requires the user's help.  Like most things in life, knowing where the danger lies and knowing the warning signs are the most important steps you can take in protecting yourself.  No virus program can protect you if you're careless.

With this worm, the user gets two chances to sense that something is wrong: images aren't applications and images don't need the administrator's password to be displayed. OS X gets points for this.   The news isn't that OS X is vulnerable; any OS is vulnerable.  The story is that OS X is doing a good job of warning users of danger.  

Topic: Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • ANOTHER intelligence test

    Call it the "clueless worm" or the "stupid worm" or at the very best, the "ignorant worm".
    Roger Ramjet
    • Clueless

      And that's the exact market Apple is targeting.
  • Mac OS X is full of exploits

    This is the first Trojan example that got some news coverage, and it isn't even a real exploit. There have been plenty of real remote exploits and shell code for the Mac, just look at Metasploit.
    • Consequences

      The choice of the Mac OS over Windows allows freedom from the
      consequences that come from Windows viruses and the ensuing
      paranoia. Consequences (65 billion in lost revenue - the FBI's
      conservative estimate) are the product of an endemically
      insecure Windows OS architecture and the malicious intent
      accruing from Microsoft's inability to be an honest corporate

      OS X's stellar security profile relative to Windows has amoritized
      over the last 6 years. It's been 6 years of productivity and peace
      of mind.

      What are the motivations for these reminders from the Windows
      IT peanut gallery ? Why isn't Apple off your radar? You bend over
      backwards to point out how expensive they are, how small the
      market share is. Why it's a bad choice for business. Fine, deal
      with todays Windows security crisis, you have enough to deal
      with. The coverage is disproportionate to say the least. Perhaps
      you protest too much and this is just more cognitive dissonance
      from another Windows user who has nagging doubts about
      supporting and advocating Windows in the face of what seems
      (increasingly) to be a more reliable platform and a consistantly
      better computing experience.

      I'll take my last 6 years over yours. I'll take my next 6 as well.

      Harry Bardal
      • I thoroughly agree

        I want to thank you for pointing this out to all the bone headed PC
        users who don't have a clue about a decent computing experience
        to save their lives. Nicely written.
    • You are right, it is not an exploit.

      What is an exploit? Who cares about Metasploit? Has anybody actually been infected? I know of no Apple users who have been infected by a virus or worm. There is a whole industry out there of people who do nothing more than clean up and fix computers of Windows users who have been infected. Windows, thanks to its vulnerabilities, is probably the biggest creator of employment after Walmart. It certainly is for the tech industry. Is that why you are such a great defender of MS? Because you can make a nice living from their incompetence?
      • Have you ever thought


        really at 1 to 3 percent of all operating systems do think is worth someones time to write code to exploit an apple.
        • It's not market share

          It is not market share, it is the fact that they cannot write anything
          to break the OS. Windows is a far bigger and easier target, as you
          pointed out yourself.
        • YES . EVERY DAY!

          AND I OFFER THANKS....
      • This is..

        what a good friend of mine tells me, and he is an admin for a
        Government agency. You know it is true, when his wife, who I
        would argue is barely computer literate, agrees.
    • More inane banter

      You, Mr. Ou, are a poor journalist. You spread misinformation much more readily than you do facts.

      The exploits you are referring to existed to be sure, but you leave out the fact that there are no documented cases of anyone actually being exploited by them.

      You cling to your Windows-centric ideology with popular ideas like "Mac and linux aren't assaulted with virii because of low market share." Let us counter that with a few facts, more specifically numbers from Network Associates, publisher of McAfee products.

      More than 150,000 total threats (up from 71,000 in August 2003). Since Macintosh represents about 5% of the total installed base of computers we should see that reflected in total threats, but wait....

      Searching for "Macintosh" yields 436 results.
      346 of these are MS Word macros.
      Five are hoaxes.
      One is the opener script, and two are proof of concepts (for Mac OSX)
      This leaves.... about 80 for the rest of Macintosh history. (Most discovered in 1997 onward -- PowerPC era.)

      Divide this number by 17 (The number of years that varied versions of classic MacOS was the primary Mac os) and you get an average of 4-5 virii per year. Over the six year history of Mac OSX, based on these numbers (and ignoring how rapidly the number of threats is growing), there should be about 24-30 virii.

      Where are they? They don't exist because nobody is stupid enough to put in an admin password to look at a picture or listen to an MP3. If someone wrote a batch file (not even real programming involved here) that erased the contents of several directories in C:\Program Files and called it Paris Hilton.wmv.cmd, most users who received it would get no warning before their installs of Office, Adobe, and others simply vanished.

      This horse has been beaten to death. MS Lackeys will always claim that the lack of malware is due to marketshare and ignore the facts. Show me the Windows machine that, without any kind of anti-virus, straight out of the box, asks for any kind of confirmation before executing a trojan.
    • Do I smell...

      More of George's F.U.D.? being spread? This isn't really an issue,
      as one isn't a virus and the other was fixed over 6 months ago.
      How many unpatched flaws are in George's favorite OS? Hundreds,
      • hundreds of thousands!

        George is full of it.
    • 'Full"? I don't see it

      I looked through the links for Framework and in the long list only
      saw one for OS X. There was one other from 2/05 that seemed to
      be OS 9. That's hardly 'full' of exploits. Another Mac OS hater
      because it challenges the livelihood of all the techies who rely on
      Windows problems?
      • Amen

      • Burglars

        Your post uses the same logic that since your mobile home hasn't been burglarized, it must be burglar-proof.

        More likely your trailer hasn't been burglarized because it doesn't appear to be worth burglarizing.
        • Precisely...

          that's why I bought it!
    • Metasploit?

      I have to say, from reading about Metasploit I'm not impressed.
      If this framework has the abililty to take over a computer, how
      come we haven't heard about one single incident of a Mac being
      taken over? Maybe because OS X is too secure for it to do any
      significant damage?

      And what evidence to you provide that there are "plenty" of
      these items?

      Because you don't have any other examples?

      It's not a matter of whether it can be done, but whether it is
      being done. And until thousands of virus examples come out,
      then OS X is still more secure than the competition.
    • George Ou is full of ...

      ... whatever you call [b]total absence of journalistic qualities[/b]
      these days.

      First he tries to stirr the pot by posting his by now infamous
      "Dell's 1000 bucks cheaper" rant (I still can't figure out [i]why[/i[
      he posted this piece of crap in the first place. What was he trying
      to prove and to whom?), then he ignores any serious counter
      argument, including a well written rebuttal at Macworld.com (to
      which he replies by rehashing his original false premise but [i]
      still[/i] leaving out the fact that the MacBook Pro configurations
      have been updated [i]and[/i] that his Magic Coupon no longer
      exists, not to mention the 150$ rebates for the MacBook at
      Amazon, etc) and now he resorts to unqualified general remarks
      without supplying any proof or evidence.

      I really do wonder why ZDNet still pays him ...
      Jens T.
      • Couldn't agree more...

        I have to wonder if there really IS a "George Ou." Could that be the nom-de-plume that ZDNet uses when they plan to post something particularly ill-researched and inflammatory, all in the name of generating more hits?

        I know that when I run across that tagline in a discussion (or heaven forbid, an article) I can just skip onward - the aggressive cluelessness and defensive reactions I'll find there just aren't worth the time.