Malware OS X Part 2
Before anyone blows this one out of proportion calling it a virus, worm, trojan, whatever, get the facts straight.
Now that’s out of the way, Secunia has issued a severe alert about malicious .zip files. These files pose as a JPEG, MOVs, etc and Finder’s “Get Info” marks them as a “Terminal Document”, and when when the .zip is decompressed, it runs on command and *can* potentially trash your hard drive which could DELETE YOUR USER FOLDER if the proper UNIX commands are executed.
That being said, the test .zip file as provided by Secunia, only opens the Calculator app and kills the command. There is no user interaction and as said, it can be dangerous. It does NOT propagate to other systems. It does NOT infect other applications (though it may remove them), and again uses social engineering to accomplish its task.
The solution is do NOT download from untrusted sources. ALWAYS check the file with “Get Info” before executing it. In addition, you can move the Terminal application to another location on your hard drive and it supposedly will not execute.
Don’t say I didn’t warn you. Apple does know about this, as I’ve reported it to them. I won’t post any other details about it, though.
Posted: February 21st, 2006 under Apple.
Comments: none
Write a comment