toggle

AAPL Stock: 509.46 ( 0 )

MacNN News

'Opener': new 'virus'/malware found for Mac OS X

updated 07:00 am EDT, Mon October 25, 2004

Mac OS X \'Opener\' malware

ZDNet reports on a newly discovered that spies on Mac users. Dubbed 'Opener' by Mac user-groups, it disables Mac OS X�s built-in firewall, steals personal information and can destroy data: "the virus, which Sophos calls Renepo, is designed to infect any Mac OS X drives connected to the infected system and it leaves affected computers vulnerable to further hacker attack. Ducklin said Opener disables Mac OS X's built in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive and downloads a password cracker called JohnTheRipper."

by MacNN Staff

(18)

TAGS :

troubleshooting

Share the Article

Facebook Twitter Delious Slash Dot Digg

toggle

Comments

JamesKass
Junior Member

Joined: Nov 1999

0

10/25, 07:18am | report spam | close Reply |
Opener != Virus

Don't you people read your own forums? Can't replicate to other computers, it can't be a virus.

wings_rfs
Fresh-Faced Recruit

Joined: Dec 2002

0

10/25, 07:22am | report spam | close Reply |
Virus My A**

A virus huh? In case ZDnet forgot, a virus is something that spreads without human intervention. This thing is nothing more than a trojan, requiring the user to install it, AND to provide the root password when doing so. That said, ANY installer when given the admin password can do whatever it darn well pleases -- and that's exactly the way it and all other Unix's work. Just what is this vulnerability that they suggest Apple needs to fix?

Call me when they find something that can penetrate my Mac and s**** it up with me away from the keyboard.

alexf
Fresh-Faced Recruit

Joined: Oct 2004

0

10/25, 07:24am | report spam | close Reply |
Not a virus

This is not a virus. The "script based" tag probably makes most people think of the Windows viruses which use scripting to install themselves from emails etc.... this so-called 'virus' cannot install itself - the user's machine has to be compromised first or the user has to be fooled into installing the script themselves. From that point on, this script can cause problems - but that is no different from any trojan program purporting to do one thing and then in reality doing something else. So although users should be careful not to install this software on their machines, there is no need to be alarmed that an outbreak of infections is about to occur, as this script is not infectious.

coolfactor
Fresh-Faced Recruit

Joined: Jun 2003

0

10/25, 07:45am | report spam | close Reply |
It can spread

It may not be able to spread to other computers directly, but it can spread to any connected "volume", and if that volume happens to be a network volume shared by multiple computers, doesn't that spell trouble?

MacScientist
Junior Member

Joined: Feb 2000

0

10/25, 08:59am | report spam | close Reply |
Re: It can spread

coolfactor, everything stated above still applies. The administrative user must install Opener. The administrative user must run the script. Otherwise, it sits on the computer as a useless file. The Opener scare is much ado about nothing.

cyngus
Fresh-Faced Recruit

Joined: Apr 1999

0

10/25, 09:09am | report spam | close Reply |
Gets the Blood pumping

Well, it gets the blood pumping on a Monday morning anyway. Its a small threat. One of the good things here is that this trojan/virus requires a fair amount of user stupidity (to supply an admin password to an unknown program) and the average Mac user tends to be a little more computer savvy than the average Windows user.

Clive
Mac Enthusiast

Joined: Jan 2001

0

10/25, 09:35am | report spam | close Reply |
Trojans

They don't necessarily require users to open the file, there's some tricky vulnerabilty in MacOS (which is really a nice feature) where this isn't necessary. At some point the "stupid" hackers will get a bit cleverer.

The sky isn't falling in, but we shouldn't ignore the warning.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

10/25, 10:09am | report spam | close Reply |
Re: It can spread

It may not be able to spread to other computers directly, but it can spread to any connected "volume", and if that volume happens to be a network volume shared by multiple computers, doesn't that spell trouble?

It only spells trouble if
(a) the software on the network volume is run/installed by another user

or

(b) the trojan, when infecting network volumes, notices a volume as a boot volume and infects the appropriate directories with itself (such that, when that computer is rebooted, it launches the virus).

The second point is one reason why OS X doesn't, by default or without hacks, usually allow you to share just any folder or drive, only those from your user folder. Your system drive should never be set up to share the entire volume.

This does indicate that everyone should question ANY installer that requires an admin password to install. (Although other trojans can easily get by installing themselves as local programs to the user, and a password isn't required to install those, then you've got a keyboard logger running and don't know it - unless you check your startup items regulalry, and who does that, esp. since Apple sticks them in such a stupid location in system preferences).

Bryson
Fresh-Faced Recruit

Joined: Mar 2002

0

10/25, 10:23am | report spam | close Reply |
Standard for ZDNet

It's a ZDNet story. They will take any negative Apple story and spin it into a 'sky is falling' article whenever they can.

This isn't any different than the rash of virus and trojans stories that appeared on ZDNet months ago and guess what, nothing has happened since.

digid
Fresh-Faced Recruit

Joined: May 2004

0

10/25, 10:24am | report spam | close Reply |
Where

I did not see any details on where this came from. What would you have to install to get it?

das
Fresh-Faced Recruit

Joined: Jan 2001

0

10/25, 10:25am | report spam | close Reply |
Wow

For an intelligent look at opener, see:

http://das.doit.wisc.edu/opener.txt

das
Fresh-Faced Recruit

Joined: Jan 2001

0

10/25, 10:27am | report spam | close Reply |
Re: Where

The reason you didn't see anything is because it IS NOT IN THE WILD, and nothing actually even installs this!

Sure, someone could throw a trojaned app that installs this together, but you'd have to get it from an illegitimate source like a p2p/warez network.

So the bottom line is, this is nothing more than a year-old shell script that has to be installed by someone who ALREADY HAS local admin/root or physical access to the machine!

drainyoo
Senior User

Joined: Feb 2001

0

10/25, 12:05pm | report spam | close Reply |
How do you get it?

Thru email or what? No one mentions how this thing spreads.

VadersCape
Fresh-Faced Recruit

Joined: Mar 2004

0

10/25, 12:08pm | report spam | close Reply |
The Way It Spreads ...

... is through ZDnet.

Set sensors to IGNORE.

piracy
Mac Elite

Joined: Mar 2001

0

10/25, 12:30pm | report spam | close Reply |
Re: How do you get it?

You DON'T get it.

It has no mechanism of spread or propagation of any kind (with the exception of trying to copy itself to other local Mac OS X boot volumes).

The only way you could get it through email would be if someone emailed it to you and tricked you into installing it.

It is not in the wild. It does not spread. It needs *root/admin* or *physical* access to your machine to be installed. This could, in theory, be installed by a trojan, like something masquerading as an innocent installer of updater. But this has ALWAYS been true, and that is NOTHING NEW...on ANY platform. Additionally, it's likely that such a trojan would come from an illegitimate source. Note that no trojan that would even install this exists, and even if one did, it is still NOTHING NEW, as tricking users into installing something they shouldn't is as old as time on any platform and any OS.

The way you "protect" yourself against things like this is being a responsible computer user, responsible with your passwords, responsible with your updating, and not letting untrusted users - or software - access your machine.

The coverage on this is really shameful.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

10/25, 12:52pm | report spam | close Reply |
not a trojan

Besides not being a virus, its not a trojan, either. A trojan is a piece of software that pretends to be something else (ala the trojan horse). Since no software is known to install this, its hard to call this a trojan. Its also not a virus nor a worm. You'd have to call it malware, I guess (if I knew a good definition for that term) or just a 'nefarious application/script'.

A good example of a Trojan horse is Windows. Its marketed as a secure OS, but....

chas_m
Fresh-Faced Recruit

Joined: Aug 2001

0

10/25, 01:14pm | report spam | close Reply |
Stop Freakin' Out, Folks

Most of the above posters are right ... this is neither a virus nor a trojan, it's just a malware. The user has to take a VERY ACTIVE ROLE in infecting his own machine and others in order for it to spread.

While it's not inconceivable some user could be that stupid, given that it's not even out "in the wild" yet makes it a non-threat and a non-issue. Hopefully someone in the so-called "tech media" will notice this and write up a nice contrast between Macs and Windows:

Windows: left alone for 20 minutes, you WILL get a virus.
Mac: must take an active participatory role in infecting your own machine.

Gosh, which computer would YOU rather work with?

MPMoriarty
Dedicated MacNNer

Joined: Oct 2003

0

10/25, 07:58pm | report spam | close Reply |
This needs to be told...

I think since ZDNet is misinformed that we should enlighten them as to what a REAL virus is and what this script is capable of.

Show More Comments

Login Here

toggle

Network Headlines

02/15	Proview: Chinese customs 'unlikely'...
02/15	Cook: iCloud over 100M users, Siri...
02/15	AMD Radeon HD 7750, 7770 GHz Edition...
02/14	Cook hints at Apple TV set during Goldman...
02/14	Apple CEO: Kindle Fire will sell, but...

Show All

02/15	Proview: Chinese customs 'unlikely'...
02/15	AMD Radeon HD 7750, 7770 GHz Edition...
02/14	Apple CEO: Kindle Fire will sell, but...
02/14	Time Capsule stock sees delays, sell...
02/14	Readability iOS app delayed, Android...

Show All

02/14	Apple attempting to disrupt Siri hacks...
02/14	Readability iOS app delayed, Android...
02/13	Apple launches 2012 back-to-school...
02/13	Sony Music caught inflating price for...
02/09	Apple explores environment-sensitive...

Show All

02/14	Refurb. 16GB iPhone 4, now only $259...
02/13	Refurb. Flip UltraHD Pocket Digital...
02/10	$380 off refurbished 2.8GHz Mac Pro...
02/09	iHome Dual Alarm Clock for Apple iPod...
02/08	Save 69% on SanDisk Cruzer 32GB USB...

Show All

toggle

'Opener': new 'virus'/malware found for Mac OS X

updated 07:00 am EDT, Mon October 25, 2004

Mac OS X \'Opener\' malware

Opener != Virus

Virus My A**

Not a virus

It can spread

Re: It can spread

Gets the Blood pumping

Trojans

Re: It can spread

Standard for ZDNet

Where

Wow

Re: Where

How do you get it?

The Way It Spreads ...

Re: How do you get it?

not a trojan

Stop Freakin' Out, Folks

This needs to be told...

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace

'Opener': new 'virus'/malware found for Mac OS X

updated 07:00 am EDT, Mon October 25, 2004

Mac OS X \'Opener\' malware

Related Articles

Recent Articles

Opener != Virus

Virus My A**

Not a virus

It can spread

Re: It can spread

Gets the Blood pumping

Trojans

Re: It can spread

Standard for ZDNet

Where

Wow

Re: Where

How do you get it?

The Way It Spreads ...

Re: How do you get it?

not a trojan

Stop Freakin' Out, Folks

This needs to be told...

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace