Mac Malware Discovered

Posted by:
Date: Monday, October 25th, 2004, 11:13
Category: Archive

ZDNet is reporting on a script-based threat that spies on Mac OS X users:

The malware, which has been dubbed Opener by Mac user groups, has the potential to disable Mac OS X’s built-in firewall, steal personal information or destroy data. At the moment, however, it seems to pose little danger.
Security experts say those threatening traits are common among the thousands of online threats targeting Microsoft’s ubiquitous Windows operating system but are virtually unheard of on Apple Computer’s Mac OS.
Paul Ducklin, Sophos’ head of technology in the Asia-Pacific region, said that the software, which Sophos calls Renepo, is designed to affect Mac OS X drives connected to an infected system and that it leaves affected computers vulnerable to further attack.
Ducklin said Opener disables Mac OS X’s built-in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive, and downloads a password cracker called JohnTheRipper.

The article goes on to explain that the threat is a “rootkit” which isn’t the same as a virus. “Rootkits don’t spread on their own, as viruses do, and require administrator access to be installed.”


ZDNet is reporting on a script-based threat that spies on Mac OS X users:

The malware, which has been dubbed Opener by Mac user groups, has the potential to disable Mac OS X’s built-in firewall, steal personal information or destroy data. At the moment, however, it seems to pose little danger.
Security experts say those threatening traits are common among the thousands of online threats targeting Microsoft’s ubiquitous Windows operating system but are virtually unheard of on Apple Computer’s Mac OS.
Paul Ducklin, Sophos’ head of technology in the Asia-Pacific region, said that the software, which Sophos calls Renepo, is designed to affect Mac OS X drives connected to an infected system and that it leaves affected computers vulnerable to further attack.
Ducklin said Opener disables Mac OS X’s built-in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive, and downloads a password cracker called JohnTheRipper.

The article goes on to explain that the threat is a “rootkit” which isn’t the same as a virus. “Rootkits don’t spread on their own, as viruses do, and require administrator access to be installed.”

Recent Posts