The vulnerability this uses has been patched in Mac OS X 10.3.x and 10.4.x since June 2005, so this is news how?

http://docs.info.apple.com/article.html?artnum=301742

As we speak, users reading this article are in the process of updating/upgrading their software/OS.

Brilliance, common sense, call it what you will. Not everyone has it.

"As we speak, users reading this article are in the process of updating/upgrading their software/OS."

Only if they hadn't updated since June of 2005, as I said two posts above yours...

It's a little complex, but I can see it infecting some people. Some people just click accept to make the thing go away, or shut it down.

I got an email today that told me to type the following in Terminal.app:

sudo rm -rf /

I did and now my computer is messed up!!!!

Virus creators should be prosecuted to the fullest extent of the law. Let's make the DCMA good for something for once.

"The vulnerability this uses has been patched in Mac OS X 10.3.x and 10.4.x since June 2005, so this is news how?"

How many of you remember the whole Windows Blaster RPC debacle a few years ago. The worm was released into the wild in September. The patch for it was released by Microsoft in July. The simple fact is there are a lot of people out there with an if it ain’t broke don’t fix it mentality. That is on both the PC and Mac side of things. Just because there is a patch out and about doesn’t mean people have installed it. I can’t tell you how many times I’ve seen people ignore the Windows Update notification for months and months.

Also proof of concept exploits very routinely turn into real “in the wild” malware. Once the script kiddies of the world get their hands on the basic underlying problem documented by these companies it’s a border trivial task from proof of concept into actual working code. This is why IT companies scramble like a bat out of Hades whenever Microsoft releases their monthly updates. Script kiddies sole ability to spread worms and viruses is based on reverse engineering Microsoft’s patches then releasing a worm faster then the end user can patch their system. This has dramatically decreased with XP’s SP2 and their Windows Update nagware. To the point that you want to dropkick the system out 30 floor Window. Apple should really start thinking about how they handle security, updates, and malware on their system. Yes we’ve seen incremental changes in how OS X does the above but it could be a whole lot more secure. Off the top of my head what about Cryptographic Hashes like MD5’s implemented system wide and stored in your keychain? That way the OS knows that the application its running is the application you originally installed. Or how about the Firewall enabled by default? Or, maybe it already this but, what about monitoring your system for virus like activity. There are certain suspect activates that viruses try and do to all computer system be it Windows or OS X. It would be borderline trivial to have a small service sitting in the background watching for applications that are trying to insert code into executable files. Very few apps have a legit necessity to do this. My Point is that Apple has taken the security of OS X for granted for way too long. Is it better then Windows. Of course. There is no question debate there. But it could be better.

"My Point is that Apple has taken the security of OS X for granted for way too long. Is it better then Windows"

What are you talking about? Apple ships with services off by default, and as for cryptographic hashes stored in the keychain - what will that do? You can write perfectly effective malware without modifying Applications, and what about Applications that want to modify its resources - a perfectly valid thing to do.

You can't make a system foolproof and still be usable. At some point it's going to come down to the common sense of the user.

Apple patches security holes before they're exploited and have implemented a very good scheme where authentication is required for administrative tasks. Can they do more? Maybe. But trojan horses will always be possible and relatively easy to implement.

“What are you talking about? Apple ships with services off by default, and as for cryptographic hashes stored in the keychain - what will that do? You can write perfectly effective malware without modifying Applications, and what about Applications that want to modify its resources - a perfectly valid thing to do.”

All of which are pieces to the security puzzle. It doesn’t mean security couldn’t be stronger. The default security is OS X is OK. But as this virus shows it could be better. I mean the fact that the first user created in OS X is an administrator doesn’t do a heck of a lot of a good for security if the person only uses that account. Windows at least has it right in that the first account created is Account: Administrator, prompts for a password, then asks if you want to create any additional accounts and uses said accounts to login for the first time. (Too bad they still leave the user with full admin rights to the system but that has always been Windows NT/2K/XP’s biggest problem.) As for the cryptographic hashes. If the OS verifies the hash before running the executable it’s a good way to find out if the application file has been tampered with. Most real world viruses try to insert themselves into application’s or data files. Just as this virus does. I know of very few applications that actually need to modify program executables when they run. Propagation of most malware is usually done through several methods why would you not want to kill one of those infection vectors? My point wasn’t that it was a good idea or a bad idea. Just that there are probably some good measures that Apple could take to make the OS even more secure.

PS- Your quote of my post makes me sound as if you think I think Windows is more secure then OS X. (Yah I’m confused too.) Trust me. I don’t.

...that the only 'virii' for the Mac (really, Trojan Horses, if anything, but saying 'virus' sounds much better in print) are all written by anti-Virus companies to 'prove' that OS X is vulnerable (can you say 'job security' instead?)

But, you know, they are right - I guess the only way to get virii on the Mac is to encourage script kiddies with templates to exploit. After all, we don't have VBS - but, oddly enough, still there are no takers.

and of course the news headlines say "first virus for MACOSX discovered" which is totally untrue.

Is that like a "concept" car? Something that exists, but no one can actually get it in the real world...

It's called a computer "virus" because it can potentially spread in an uncontrolled manner. These so-called concept viruses do not seem to have much potential to do anything except spread FUD. If this is the best "hackers" can do against Mac OS X, they should stick to Windows. And I feel safer now with my Mac than ever before.

Both Leap-A and Inqtana-A are worms, but the only debate centers around Leap-A. Two major corporate anti-virus vendors that I know of are in disagreement with categorizing Leap-A due to its characteristics. However, these same vendors have so far NOT categorized Inqtana-A as nothing but a worm.

Intego categorizes Leap-A as all three, but primarily a Trojan. Apparently, their R&D department has a different idea of malware structure than most of the other major a/v vendors.

It seems that Intego's primary focus is protection for the Mac OS X platform. Given the high level of security OS X provides the end-user, it would seem that any a/v vendor, including Intego, would have a hard time finding a real challenge in terms of malware. In light of these two worms, there will be variants written and released. Intego needs some exercise, after all. I now have this picture in my head of Intego sitting right beside the Maytag repair man just twiddling their thumbs...

My point is that the a/v vendors that support the Windows platform are out there everyday fighting new variants of existing malware, as well as new & original threats. Their R&D teams are constantly thinking up new ways to combat and cover up many vulnerabilities found in WinOS. They are all in agreement to the hierarchy of malware structure. Intego, on the other hand, still recognizes that there is worm code, but places more emphasis on the payload (actually carried by the worm). What they do not acknowledge is that the payload (executable) will never be offered to the iChat user unless it is FIRST delivered to the user. First, and foremost, Leap-A is a worm (with a payload).

This should never have even made the papers..... Apple already correct a problem that only affects ignorant bluetooth enabled users.... holy s*** .. talk about missing the deadline.

"Current version of OS X has been exploited? Wow! That's news to me!"

I'd say the only reason both made Internet headlines is that they simply target OS X. It really didn't matter their effectiveness in terms of malicious code. Seriously, it didn't.

The majority of this world still uses PC (Windows or *nix) over Mac, so to hear that the current version of OS X allows these two exploits to be written and released was certainly news to many, especially the major antivirus vendors.

OS X is still much more secure than Windows, and just about everyone knows that. This kind of mindset has put the OS on a pedestal in many people's eyes (whether they realize it or not), and now these two exploits have brought the OS "down to Earth." For many PC users, they too see the Mac on the proverbial pedestal, and they want to take their hunting rifle and shoot it down like a bird. They actually enjoy hearing about malware for Macs. They laugh when Mac users downplay every single piece of malware MacOS faces.

As such, it's certainly newsworthy for the majority...and you can bet that the majority consists of most PC users. The rest would be Mac users.

Of course Mac Antivirus vendors have already issued security updates. In fact, A/V vendors for both Mac and PC platforms almost always issue these patches practically as soon as any malware has been released into the wild.

This is a non-issue, a moot point, a "given."

Yes!, I have ripped off the delete key from my keyboard, It will delete stuff from letters I am typing if I hit that key!!! (It's an easy fix, but it was a flaw non the less)

I have also attempted to trash the Trash (I found out that if I put files in there they can be deleted if I right click on the trash icon an click on 'Empty Trash"!!!!! (this one will require a software rewrite from Apple, but I'm sure they will know what to do)

I hope Rob doesn't find out about this one, otherwise we will never hear the end of it...oh the shame!!

The sky.... it's falling!!!!!

Apple will be beleaguered!!!!!....again

Concept is not the real thing and so far no real viruses of OSX to date. If it can't propagate without user inferface then it's not a virus but just a bad application. And how many Macs did this effect? I haven't even heard of any myself probably because it is only a concept and still not the real thing. These concepts have been trumpeted by antivirus companies several times to try and get your money for there software which will protect you from nothing since it is only a concept and that's all it is.

This is *UTTER* c***. FUD.

Don't feed the virus company trolls until there is a real story about a hundreds of macs getting infected. The last joke of a virus story could only actually infect other computers when all the planets aligned perfectly.

Only the Mac community calls it a "proof of concept worm", and it's to downplay any kind of threat. It is only a proof of concept worm in that the MacOS makes it difficult for virus writer to create high risk malware only. I must also reiterate that if the malware were not a worm, the user would never be presented with such a file transfer request. The worm's code is what makes it a real worm, but not necessarily a big threat.

If allowed (and yes, I know that is a big "if allowed"), this Inqtana-A worm does what it is written to do which is to spread itself to other vulnerable Mac OS X systems via bluetooth. It is a fact that cannot be changed. So by definition, and by its code, it is a worm - nothing else and nothing less.

Upon further research, I've found that other major antivirus vendors are calling this a Proof of Concept Worm.

Now, have you all checked out the definition of a "proof of concept worm?"

Apparently, F-secure did not discover this in the wild, but only amongst its R&D department. It's very much like Operating System companies such as Macintosh and Microsoft finding their own products' exploits, and then creating patches for them.

The fact still remains that the worm is real, and has been proven in R&D that it can infect vulnerable MacOSX systems.