Fwd: trojan horse for Mac os x - Of course it Microsoft related
Fwd: trojan horse for Mac os x - Of course it Microsoft related
- Subject: Fwd: trojan horse for Mac os x - Of course it Microsoft related
- From: roncross <email@hidden>
- Date: Wed, 12 May 2004 12:23:50 -0700
Begin forwarded message:
>
From: roncross <email@hidden>
>
Date: May 12, 2004 12:21:01 PM MST
>
To: XUsers Discussion List <email@hidden>
>
Subject: trojan horse for Mac os x - Of course it Microsoft related
>
>
http://www.macosxhints.com/
>
>
>
>
A warning on a new destructive 'trojan horse'
>
Wed, May 12 '04 at 01:10PM � from: robg
[demime 0.98b removed an attachment of type image/gif which had a name of rg-system.gif]
>
>
>
>
From robg website macosxhints:
>
>
This is a somewhat non-standard hint, but I felt it was worth
>
mentioning and discussing. Later today, if not already, you'll
>
probably be reading a lot about a new OS X trojan horse, as first
>
reported by Macworld UK, and then covered in an Intego press release.
>
According to Macworld UK and Intego, the trojan horse is a script that
>
has been neatly saved as a clickable application, complete with a
>
custom Microsoft Office icon. Double-click it, and your user's folder
>
contents are history. Note that this is not a virus; it cannot email
>
itself to others, nor replicate over a network, etc.
>
>
After reading the article and the press release, I think it's pretty
>
obvious what the program is doing -- I suspect it's nothing more than
>
a one-line AppleScript. Although some (perhaps many) will disagree
>
with me, I'm going to publish what I think the exploit to be, because
>
it's not a huge secret. Basically, my guess is that the trojan horse
>
is a one-line AppleScript that contains the following UNIX command (in
>
the script, the command will be accessed via the AppleScript method
>
for calling a shell command, but I'm not going to bother including
>
that part here):
>
rm -rf ~
>
>
WARNING!! DO NOT USE THIS COMMAND! YOU WILL ERASE YOUR USER'S
>
DIRECTORY!
>
>
I feel it's important that everyone understand the above command, and
>
know what it looks like -- the more people who know what this line
>
does and how it works, hopefully the fewer who will be fooled by it.
>
And to claim that this is some "deep dark secret" that needs to be
>
hidden is, in my opinion, trying to hide from the truth -- more
>
"security by obscurity," which we all know doesn't work well at all.
>
rm -rf is a very standard, very useful Unix command. In fact, if you
>
search macosxhints (using the advanced search page) for the 'exact
>
phrase' rm -rf, you'll get fully three pages of matches.
>
>
What makes it troublesome in this case is simply that it's called
>
from a program where the typical user will not know what's happening,
>
and will be shocked at the outcome. But listing the command is not
>
like explaining how to write a self-replicating virus that spreads
>
from machine to machine -- this is common knowledge to probably at
>
least a couple of million OS X users who have some knowledge of Unix.
>
>
For those that don't know Unix, rm is "move to and empty trash," -r
>
is "do this for all items and folders within this folder," the f means
>
"force removal without confirmation," and the ~ means "the user's
>
directory." Spelled out, this means that the script will, without
>
warning or user intervention, delete everything in the user's folder.
>
Permanently.
>
>
thanks
>
Ronald Cross
>
>
thanks
Ronald Cross
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.