New worm developed for Mac OS X?
updated 09:45 am EDT, Tue July 17, 2007
New worm for Mac OS X?
An independent coder claims to have developed a new worm for Mac OS X computers. An unnamed, proof-of-concept project, the worm exploits a variation of the mDNSResponder vulnerability recently addressed by Apple -- if not completely, according to the coder. Once an attack is successful, the worm grants remote root access, and places a text file on the desktop before moving on to other systems in the same network. Theoretically, an improved version could be a serious threat, randomly attacking networks across the world and depositing malcious software instead of text.
The writer of Information Security Sell Out, however, says he has merely tested it on local systems and will eventually share his information with Apple, so that the vulnerability can be fixed. Part of his stated goal is to dispel notions that Mac OS X is somehow more secure than Windows, an aim shared with many current security commentators.












Worm?
07/17, 10:01am reply
Any info on how this "worm" wold be able to spread?
gskibum3
Fresh-Faced Recruit
Joined: Nov 2006
Another Theory more FUD!
07/17, 10:02am reply
Another theory and more FUD! What does it prove? Absolutely NOTHING.
horvatic
Fresh-Faced Recruit
Joined: Apr 2002
Somehow?
07/17, 10:10am reply
"Part of his stated goal is to dispel notions that Mac OS X is somehow more secure than Windows."
Well if he could "somehow" create a website that I could visit, and just by going there I become part of a botnet, maybe THEN he can start dispelling notions. Until then this is just more FUD piled on to the mountain of FUD already created.
wings_rfs
Fresh-Faced Recruit
Joined: Dec 2002
????
07/17, 10:20am reply
Next headline for macnn?
Microsoft stock to reach $1,000,000 per share? gskibum3 sells one of his Ferraris?
What is with these headlines ending in question marks?
Isn't that inane?
???
gskibum3
Fresh-Faced Recruit
Joined: Nov 2006
be careful..
07/17, 10:23am reply
..what you wish for.
Rezzz
Fresh-Faced Recruit
Joined: Jan 2006
blah blah blah??
07/17, 12:56pm reply
actually no 'worm' here at all, just a hack to create a 'root' user, all one would need to do is have the OSX firewall turned 'on' and the mac would not respond to the 'dnsresponder' request at all... duh
what's wrong been running your mac again sans firewall?? don't ware seatbealts?? running with siccors again??
if your so conserned about security I'd think you would at least turn on the firewall... which sits on the mackernel and setup a non-admin user to surf the net with if your paranoid... keep your cash under the mattress and keep your front door unlocked and you too will find the milkman in bed with your teenager daughter... ugly thought
...who's the brilliant hacker this time??
can you say 'looser' in french??
hokizpokis
Fresh-Faced Recruit
Joined: Jan 2007
re: blah blah blah??
07/17, 01:26pm reply
Where to start?
First - don't berate others for not using a firewall when you don't know enough to use a spell-checker if your spelling sucks.
The firewall does *not* sit on the Mach Kernel. It is a separate process, and most folks will not enable it, because Macs are "more secure".
mDNSResponder is a key and low-level part of the OS - it is what enables Bonjour discovery of services. Read http://developer.apple.com/networking/bonjour/faq.html for more. It is unlikely that your average user will know how to set up the firewall to block it. I'm fairly certain you don't.
It is unclear to me whether this worm would be limited to local networks, as bonjour and mDNSResponder is - it has the ability to do Unicast over the internet but I'm not certain that's enough for a worm to propagate. Even if it can, I'm not certain how it would create a root user for those who have not enabled it. If both of these are true, then this is a serious and huge vulnerability. In any case, it's definitely something worth taking seriously until disproven.
And it's 'loser', not 'looser'. In French it's roughly translated as 'hokizpokis est un cretin'.
dogzilla
Mac Enthusiast
Joined: Sep 1999
Not Professional
07/17, 01:28pm reply
While I believe my Mac is much more secure than Windows, I also understand that it's not invulnerable. Some of these coders who are bound and determined to expose security flaws in OS X claim to be part of professional services groups. If that's really the case, then they'll work with Apple to close any holes before they can be exposed in the wild.
Robb
Fresh-Faced Recruit
Joined: Feb 2000
Here we go again!
07/17, 01:52pm reply
"Part of his stated goal is to dispel notions that Mac OS X is somehow more secure than Windows, an aim shared with many current security commentators."
Even if this were true, here is the score.
Mac OS X = 1 Window = 110,000+
Yep, looks pretty close to me, I guess the Mac is just as unsecure as Windows!
CorDog
Fresh-Faced Recruit
Joined: Mar 2006
firewall
07/17, 02:01pm reply
And why doesn't apple turn the firewall on by default, anyways?
testudo
Fresh-Faced Recruit
Joined: Aug 2001