toggle

AAPL Stock: 562.29 ( -3.03 )

Windows-based worm masquerading as iTunes

updated 12:00 pm EDT, Wed July 20, 2005

Worm masquerades as iTunes


A recent Windows-based worm is . The downloaded file, named 'iTunes.exe' may trick users into thinking it is a legitimate application, according to security firm Trend Micro; however, the firm ranks the security threat as "low," although it has 'medium' damage and distribution potential. The "WORM_OPANKI.Y" worm spreads via AOL Instant Messenger (AIM) by sending a message to users that prompts a download of a so-called picture file. Once downloaded, the application appears as the iTunes download. Upon execution, the worm opens a connection to an IRC server, waits for remote commands, and executes those commands on the locally affected machine. It also downloads and executes other applications, mainly adware programs, into affected machines, according to the report.


by MacNN Staff

print
email
(18)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. jimothy

    Fresh-Faced Recruit

    Joined: Sep 2000

    0
    07/20, 12:53pm | report spam | Reply |

    Stupidity required

    You'd have to be pretty stupid to fall for this:

    "Hey look! Somebody sent me a link to a picture! Let's click!" "Hmm. No picture, but cool, it's iTunes! And they've shrunk the file size dramatically! Let's double-click!" "Hmm. This doesn't look like iTunes. Whoa! An ad for Viagra! Let's click!"

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    07/20, 01:27pm | report spam | Reply |

    No

    You don't have to be stupid, you just have to be a normal computer user, who doesn't think about things before doing them. For example, all those window viruses that were sent via email, then sent in a zip file in an email, then in a password protected zip file in an email. Even needing to go through all those hoops, people still opened them up and ran the files.

    And if there was a Mac worm of this same thing, Mac users would do the same thing.

  1. MacScientist

    Junior Member

    Joined: Feb 2000

    0
    07/20, 01:32pm | report spam | Reply |

    Is this news?

    Since when did yet another Windows exploit get to be news? on a Mac-centric forum? This new exploit which targets Windows and is spread via AIM has absolutely nothing to do with the Mac, Apple, or its users. What's next, W32.MacOS_X.Trojan@mm?

  1. MacScientist

    Junior Member

    Joined: Feb 2000

    0
    07/20, 01:34pm | report spam | Reply |

    Re: No

    "And if there was a Mac worm of this same thing, Mac users would do the same thing."

    You just don't get it. What you are describing is not possible on the Mac.

  1. koolkid1976

    Fresh-Faced Recruit

    Joined: May 2003

    0
    07/20, 02:05pm | report spam | Reply |

    re:No

    If your friend send you a link to a picture, which turns out to be an executable, are you gonna install it without even asking them what it is or why they are sending you iTunes?? If it's someone you don't even know, isn't it going to make you that much more suspicious? No, this isn't something a "normal computer user" would do. Get pop-up, click to download, then install.

  1. MacHarbor

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    07/20, 02:20pm | report spam | Reply |

    executables on the mac

    I tried turning a copy I made of iTunes into a .JPG file (by changing the .app extention to .jpg) to see if it would execute or if it would launch Preview.app, but instead Finder tacked on the .app extension after the .jpg one.

    Most of the glaring flaws in the Windows OS don't even come close to revealing themselves on the MacOS. If mainstream virus writers were to go heavy into the Mac Virus area, we would see far far more creative viruses than the "trick em n get em" style of virus we see today.

    The smarter the operating system is, the smarter the virus writers need to be.

    BTW, a friend of mine has a dell and said it was running really slow. I installed Spyware Doctor and scanned it. 2651 infections were found on his system, and Spyware Doc crashed before it removed the last 200. The worst my mac ever gets now adays is incorrect file permissions. :D

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    07/20, 03:30pm | report spam | Reply |

    Re: No

    You just don't get it. What you are describing is not possible on the Mac.

    How is this NOT possible on the Mac? Put a link to a supposed picture file, but have it download iTunesInstaller.app. User runs iTunesInstaller.app (because he thinks he has a new installer for itunes for some reason - h***, if a PC user thinks the picture became an installer, why not a Mac user?), it installs malicious program on computer.

    BTW, you're all also making the same mistake in understanding this whole thing. You assume that the user clicks the link to get the picture, then goes searching for it, sees the EXE, and runs that. That's not likely. However, imagine if you will, user clicks the link, EXE downloads seripditiously, user looks for file, can't find it, moves on with life. Later, while perusing his downloads directory, sees he has a new itunes installer, thinks he needs to install it (hey, he must've downloaded it, right, so its gots to be OK), and then gets infected. Or maybe you did download a new installer, and then saw this one before the one you just downloaded, and ran this instead.

  1. JohnnyFive

    Fresh-Faced Recruit

    Joined: Feb 2003

    0
    07/20, 03:34pm | report spam | Reply |

    Just d/l from Apple

    If you're that paranoid just go to apple.com and download the link to get iTunes. If that's not good enough then borrow a friend's iPod CD. There. Problem solved.

  1. koolkid1976

    Fresh-Faced Recruit

    Joined: May 2003

    0
    07/20, 03:47pm | report spam | Reply |

    Re: Re: No

    You sure put a lot of stock into possible but unlikely scenarios.

  1. MacHarbor

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    07/20, 03:47pm | report spam | Reply |

    Normal Computer Users?

    "You don't have to be stupid, you just have to be a normal computer user, who doesn't think about things before doing them."

    So you are assuming that a user that stupid and inexperienced about computers bought a Mac rather than a far more cheaper system, more main-stream system like a Dell?

    As I said in an earlier post, my friend had 2651 infections on his Dell according to Spyware Doctor, and these were not specifically done by him. He doesn't download files at random, click on banner ads because they are there, or even use Intneret Explorer or Outlook for that matter (Firefox and Thunderbird all the way baby). I layed down the internet law to him about what to do and what not to do, but still his computer got royally raped.

    With a mac he would have NONE of these problems because they just don't happen on the mac. Sure, a malicous file COULD be made that COULD mask itself as iTunes that COULD be installed by someone. Thats a lotta COULDS. But in order to really get hit by a virus or spyware on a Mac, you have to be below the bar stupid and careless about computing and internet access. Unlike the Windows world, where all you have to do is accidently click the wrong link on a webpage and you get some weird file floating on your system.

    The big problem in the windows world is that now apps are being made that say they remove spyware but are in fact spyware. This doesn't happen on the mac because we don't have spyware, or at least not enough to warrent making a big deal of it. If one comes along, everyone makes a stink about it on VersionTracker, MacUpdate or one of the other big trusted download sites, and it is delt with.

    Look at the Dashboard loophole that people found when Tiger came out. EVERYONE was talking about it on Apple's discussion forums, MacNN forums, MacOSXHints, etc... So what did Apple do? In 10.4.1 and 10.4.2 they added alot more protection, like a widget preview, and alot more confirmation buttons).

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News