Here we go again, part 2
More details have emerged on the alleged Mac virus du jour (latestpics.tgz), which does in fact appear to be a real Mac OS X virus in this case.  As indicated yesterday, a new, Mac OS X-specific piece of malware (an all-encompassing term that includes alleged viruses) has been discovered “in the wild.” This piece of malware is clearly, at minimum, a Trojan Horse.  Definitions vary slightly, so we’ll use the one from our book (which is, after all, the main reason for this blog):
Since the malware-du-jour masquerades as a JPEG (image) file and contains a hidden application which does bad things to the system on which it runs, it certainly qualifies as a Trojan Horse. But that doesn’t mean it can’t be a virus and/or a worm too, which it probably is.  Again from the book:
Since a worm is a type of virus, and the malware-du-jour tries to act as a worm (by sending itself to another computer using iChat), our malware is in fact a Trojan Horse, a virus and a worm.
Of course none of this categorizing really matters much.  What matters is how much we as a community should worry about this virus, and what we can do to better protect ourselves against it and other pieces of similar (and potentially much worse) malware that will be coming along.  It has been good to see that the anti-virus vendors (Symantec, McAfee, Intego, and Sophos at minimum) have all quickly addressed the virus with updates to their virus definitions. So be sure to update your virus definitions right away (you are running an anti-virus program, right?).  Beyond that, here are some other suggestions (most of which come from the book):
  1. Get an anti-virus program if you don’t have one, and keep it up to date (included again because it’s by far the most important suggestion, especially for this malware).
  2. Be wary of anything you download from a Web site, especially bulletin boards and chat sites, or receive as an attachment or IM file, even if you know the person sending it (since they may be infected with the virus, as with this one).
  3. Log in and run as a non-admin user whenever possible. And if something asks for your admin password, don’t provide it unless you are sure of what you’re providing it to.
  4. If you run iChat, be sure “Confirm before sending files” is checked in Preferences.
  5. Install a personal firewall.  The one built-into Mac OS X is not good enough. (Yes, we sell firewall software; that doesn’t mean this advice is wrong). A personal firewall usually won’t block viruses like this one, but it might block the spread of some viruses, and it will block many other forms of Internet attack.
Oh yeah, you should also read chapter 11, “Viruses,” in the book.  If you really don’t want to buy it (all of $10, or included free in our security products), just use the feedback link at the bottom of this blog’s home page to send an email and request we send you just that chapter, gratis.
As far as how much we should worry about this particular virus, in the overall scheme of things, maybe not that much.  It’s more a wake-up call than anything else.  Perhaps it will help us get prepared for the much worse things we’ll probably see in the unfortunately not-to-distant future.  This one doesn’t seem to do a good job spreading itself, and doesn’t do all that much damage (relative to what it could do).  In fact we haven’t found anyone who’s actually been infected by a copy that propagated itself at all.  If you are or know of anyone who received this virus via iChat, please let us know.  Thanks.
Friday, February 17, 2006