Mac virus author admits coding difficulties

Mac virus author admits coding difficulties

Summary: The proof of concept Mac OS X virus, which was discovered late last week and dubbed Macarena, includes comments in the code that indicate the author had a difficult time creating the malware.According to antivirus firm Symantec, Macarena was discovered last Thursday and has infected fewer than 50 machines.

SHARE:

The proof of concept Mac OS X virus, which was discovered late last week and dubbed Macarena, includes comments in the code that indicate the author had a difficult time creating the malware.

According to antivirus firm Symantec, Macarena was discovered last Thursday and has infected fewer than 50 machines. Macarena has a very poor replication mechanism and is unlikely to cause problems for the majority of Mac users.

Peter Ferrie, senior security response engineer at Symantec, explained in his blog that the virus does not cause any serious problems and is unlikely to spread very far.

"There is no payload in this virus -- it simply replicates. However, it won't replicate very well, because it is restricted to the current directory," said Ferrie.

Paul Ducklin, head of technology for Sophos Asia Pacific, said that the virus was "not important or significant" but he was concerned that the author had distributed the source code, which could "not only explain how you might write a virus but give someone direct tools to create one even if they have no skills of their own".

However, in the source code, Ducklin said the author had expressed what appears to be frustration at trying to make the virus effective on Apple's platform.

"In the source code, which is a mish-mash of stuff, there is a comment where the author says 'so many problems for so little code'," he said. "So it does look as though virus writers, fortunately, still have a way to go before they are able to write Mac viruses with the proficiency and fluidity that they can for Windows."

"It doesn't have any of the characteristics of a modern effective or dangerous Windows worm or Trojan, it is a simple appending parasitic infector," Ducklin told ZDNet Australia.

He also revealed that Macarena will only affect Intel-based Macs.

"This is an Intel specific thing -- not Power PC," Ducklin said.

However, Ducklin warned the Apple community to not be complacent because although writing malware for the Mac is more difficult than it is for Windows, the users' common sense can be a weak point.

"There are things that are done in OS X that make it less likely you will get a virus but very little can head off a determined and ill-informed user," he said. "If you are determined to run a program against common sense then you can get yourself into trouble and that may cause trouble for the next guy."

Topics: Apple, Hardware, Malware, Operating Systems, Security, Symantec

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Not Entirley True

    Yes, MOST OS X apps are "packaged", but not all. An application does not need to be a package file (a specially structured directory with a .app suffix) in order to be launched, and I highly doubt that a VX author is going to bother packaging a virus in the prescribed manner.

    In fact, Xcode is the only IDE I know of that actually creates an Application Package standard, most other compilers do not do this for you, leaving it up to you to opackage your application and resources.
    anonymous
  • Shut Up Everyone

    Jesus, Can you just shut your damn mouth already. Do everyone a favor and break your fingers so you can't type stupidities any more.
    anonymous
  • Heysuse Chill out!!

    What is your problem Heysuse? I think these stuff is over your head. Why don't you do everyone a favor and get lost.
    anonymous