Windows-based worm masquerading as iTunes

You'd have to be pretty stupid to fall for this:

"Hey look! Somebody sent me a link to a picture! Let's click!" "Hmm. No picture, but cool, it's iTunes! And they've shrunk the file size dramatically! Let's double-click!" "Hmm. This doesn't look like iTunes. Whoa! An ad for Viagra! Let's click!"

You don't have to be stupid, you just have to be a normal computer user, who doesn't think about things before doing them. For example, all those window viruses that were sent via email, then sent in a zip file in an email, then in a password protected zip file in an email. Even needing to go through all those hoops, people still opened them up and ran the files.

And if there was a Mac worm of this same thing, Mac users would do the same thing.

Since when did yet another Windows exploit get to be news? on a Mac-centric forum? This new exploit which targets Windows and is spread via AIM has absolutely nothing to do with the Mac, Apple, or its users. What's next, W32.MacOS_X.Trojan@mm?

"And if there was a Mac worm of this same thing, Mac users would do the same thing."

You just don't get it. What you are describing is not possible on the Mac.

If your friend send you a link to a picture, which turns out to be an executable, are you gonna install it without even asking them what it is or why they are sending you iTunes?? If it's someone you don't even know, isn't it going to make you that much more suspicious? No, this isn't something a "normal computer user" would do. Get pop-up, click to download, then install.

I tried turning a copy I made of iTunes into a .JPG file (by changing the .app extention to .jpg) to see if it would execute or if it would launch Preview.app, but instead Finder tacked on the .app extension after the .jpg one.

Most of the glaring flaws in the Windows OS don't even come close to revealing themselves on the MacOS. If mainstream virus writers were to go heavy into the Mac Virus area, we would see far far more creative viruses than the "trick em n get em" style of virus we see today.

The smarter the operating system is, the smarter the virus writers need to be.

BTW, a friend of mine has a dell and said it was running really slow. I installed Spyware Doctor and scanned it. 2651 infections were found on his system, and Spyware Doc crashed before it removed the last 200. The worst my mac ever gets now adays is incorrect file permissions. :D

You just don't get it. What you are describing is not possible on the Mac.

How is this NOT possible on the Mac? Put a link to a supposed picture file, but have it download iTunesInstaller.app. User runs iTunesInstaller.app (because he thinks he has a new installer for itunes for some reason - hell, if a PC user thinks the picture became an installer, why not a Mac user?), it installs malicious program on computer.

BTW, you're all also making the same mistake in understanding this whole thing. You assume that the user clicks the link to get the picture, then goes searching for it, sees the EXE, and runs that. That's not likely. However, imagine if you will, user clicks the link, EXE downloads seripditiously, user looks for file, can't find it, moves on with life. Later, while perusing his downloads directory, sees he has a new itunes installer, thinks he needs to install it (hey, he must've downloaded it, right, so its gots to be OK), and then gets infected. Or maybe you did download a new installer, and then saw this one before the one you just downloaded, and ran this instead.

If you're that paranoid just go to apple.com and download the link to get iTunes. If that's not good enough then borrow a friend's iPod CD. There. Problem solved.

You sure put a lot of stock into possible but unlikely scenarios.

"You don't have to be stupid, you just have to be a normal computer user, who doesn't think about things before doing them."

So you are assuming that a user that stupid and inexperienced about computers bought a Mac rather than a far more cheaper system, more main-stream system like a Dell?

As I said in an earlier post, my friend had 2651 infections on his Dell according to Spyware Doctor, and these were not specifically done by him. He doesn't download files at random, click on banner ads because they are there, or even use Intneret Explorer or Outlook for that matter (Firefox and Thunderbird all the way baby). I layed down the internet law to him about what to do and what not to do, but still his computer got royally raped.

With a mac he would have NONE of these problems because they just don't happen on the mac. Sure, a malicous file COULD be made that COULD mask itself as iTunes that COULD be installed by someone. Thats a lotta COULDS. But in order to really get hit by a virus or spyware on a Mac, you have to be below the bar stupid and careless about computing and internet access. Unlike the Windows world, where all you have to do is accidently click the wrong link on a webpage and you get some weird file floating on your system.

The big problem in the windows world is that now apps are being made that say they remove spyware but are in fact spyware. This doesn't happen on the mac because we don't have spyware, or at least not enough to warrent making a big deal of it. If one comes along, everyone makes a stink about it on VersionTracker, MacUpdate or one of the other big trusted download sites, and it is delt with.

Look at the Dashboard loophole that people found when Tiger came out. EVERYONE was talking about it on Apple's discussion forums, MacNN forums, MacOSXHints, etc... So what did Apple do? In 10.4.1 and 10.4.2 they added alot more protection, like a widget preview, and alot more confirmation buttons).