toggle

AAPL Stock: 97.19 ( + 2.47 )

Printed from http://www.macnn.com

Second concept worm posted for OS X

updated 11:15 am EST, Fri February 17, 2006

Second Mac OS X worm

Yet another concept worm for Mac OS X has emerged, confirming that the platform is vulnerable to malware--despite the reluctance of many users to acknowledge potential security issues in Mac OS X. The new Java-based concept worm that will soon expire was discovered by F-Secure; it exploits a Bluetooth vulnerability in older versions of Mac OS X Tiger. Although Apple has since corrected the problem in the latest releases of Mac OS X 10.4 Tiger, some users have chosen not to upgrade or many have not yet upgraded, thus allowing previously discovered and addressed exploits to be leveraged by malware. MacSecurityNews reports that OSX/Inqtana.A tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability CAN-2005-1333. Users are urged to update to the latest version of Apple's OS X operating system (Mac OS X 10.4.5 was released earlier this week). This is the second worm for the Mac OS X platform, as earlier this week reports of the first worm for Mac OS X prompted a response from most major security vendors and some attention from Apple. [updated]

Apple provided a fix for the Bluetooth vulnerability for Mac OS X 10.3.x and Mac OS X 10.4.x in June of 2005.

"If you are using OS X 10.4 make sure that you have latest security patches installed and you are safe from Inqtana.A and any future worm that tries to use same exploit. Inqtana.A has not been met in the wild and it uses Bluetooth library that is locked into specific Bluetooth address and the library expires on 24. February 2006. So it is quite unlikely that Inqtana.A would be any kind of threat," according to MacSecurityNews.

The Inqtana.A worm spreads using an OBEX Push request, requiring user to accept the data transfer. Upon completion, Inqtana.A uses directory traversal exploit to copy its files so that it starts automatically on next reboot. The F-Secure site has also posted instructions on removing the worm from an infected system.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. SomeToast

    Joined: Dec 1969

    0

    Gettin infected

    "Why look, I'm receiving [b]three[/b] unexpected Bluetooth file transfer requests. Let's accept them all!"

    Okee dokee, then.

  1. itguy05

    Joined: Dec 1969

    0

    To sum up:

    1) A Virus software company writes a piece of malware. 2) This malware needs you to accept 3 separate BT file transfer requests. 3) This vulnerability has been fixed since 10.4.1

    Yeah, this is the end of it all.....

    Most people will not accepd a BT request that they did not initiate.

    Umlike Windows where this type of thing will go on without you accepting anything.

  1. jedi2187

    Joined: Dec 1969

    0

    Here it comes

    Do you hear that? That's Dvorak warming up his laptop to write a heated article about these critical flaws that will bring about the end of Apple!

    *cue Emperor Palpatine's laughter*

  1. Horsepoo!!!

    Joined: Dec 1969

    0

    WARNING!!!

    I've just discovered a more serious exploit. Dubbed OSX/IMADUMBASS.A, it requires the user to drag his Hom directory to the Trash and emptying it (providing any admin password when and if prompted).

    BEWARE!!!!

  1. RyanG3

    Joined: Dec 1969

    0

    FUD!

    All this "malware" c*** is targeting users not OS X. OS X could be 100% secure, but if the user installs bad software and authorizes it to run or accepts unknown file transfers, there is nothing anyone can do to protect the OS IF THE USER ALLOWS BAD things to happen, unlike in Windows where evil exes can run without the users knowledge. So it's up to the user to use common sense, and only authorize items from trusted sources, if not then they may deserve what happens. It's no fault of the OS. Here's my malware of the day, do this right now or all the baby kittens in the world will die. Use Spotlight and find all the .doc files on your Mac, select them all then trash them and finally empty the trash. Now pass this on to all your friends to have good luck for 48 hours.

  1. JoeE

    Joined: Dec 1969

    0

    Perspective

    Let's keep this in perspective.

    Unfortunately, not all Mac users are as brilliant. As you know, Macs are touted for their ease-of-use. That said, Macs are also used in offices and classrooms (Special Education, for example) for those users who are not necessarily computer/tech savvy. These are the particular users who are most likely to fall for the techniques employed by these worms and other malware.

    Another thing to consider is that it would seem that one purpose of the creation of these exploits (yes, they are exploits) is to demonstrate and point out the vulnerabilities that exist in the Mac OS. Granted, it's actually quite tough for malware to be as effective on Mac OS compared to Windows. So, as you have all been saying, all the Mac OS malware in the past and to come are simply there, but not something to really worry about, and I agree. Yet, it's still not a good idea to be complacent.

  1. itguy05

    Joined: Dec 1969

    0

    Brilliance means nothing

    Being brilliant or not brilliant has nothing to do with it.

    If I suddenly get a popup saying "do you accept this transfer?" and I didn't ask for one, I'd hit no. Just common sense.

  1. dscottbuch

    Joined: Dec 1969

    0

    screwdriver analogy

    These recent 'malware' warnings seem to be in the same league of danger as 'Oh look, here's a fellow with a screwdriver that wants to take my hard-drive. I'll say OK'.

  1. Terrin

    Joined: Dec 1969

    0

    I love it

    All right, I concede Windows is superior to the Mac. At least on on Windows we have thousans of actual viruses, none of this concept stuff.

    It trully is sad that people have to point out concept viruses for the Mac to find fault.

  1. idobi

    Joined: Dec 1969

    0

    terminal is malware

    the terminal is a dangerous application and should be deleted from all OS X installations.

    If I type 'sudo rm -R /*' and enter my admin password, it deletes your entire hard drive. This is unacceptable and an incredible security risk.

    Disk Utility should be removed too.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

toggle

Most Commented