Creative Communities of the World Forums

The peer to peer support community for media production professionals.

Activity Forums Apple OS X ATTENTION… Possible Mac Virus…

  • Apple OS X

    ATTENTION… Possible Mac Virus…

    Posted by Harry Pallenberg on February 16, 2006 at 6:33 am

    from macrumors…

    On the evening of the 13th, an unknown user posted a link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named “latestpics.tgz”

    The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is a virus or was designed to give that impression. Routines listed include:

    _infect:
    _infectApps:
    _installHooks:
    _copySelf:

    The exact consequences of the application are unclear, but according to the users that originally executed the application have noted that it appears to self propogate:
    If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.

    Andrew Welch who had done some of the initial disassembly is posting updates to this thread.

    According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.

    Thanks,
    Harry.

    Forum Cowmunity Leader: OSX
    Forum Cowmunity Leader: Indie & Doc

    Dual 1.8 G5 ** 1GB ** 10.4.1

    Harry Pallenberg replied 20 years, 2 months ago 2 Members · 3 Replies
  • 3 Replies

  • Tony! Hulette

    February 16, 2006 at 8:03 pm


  • Tony! Hulette

    February 16, 2006 at 8:09 pm

    Search your drives for this file “latestpics.tgz” If you find it, don’t launch it, just delete it. I wouldn’t worry to much about finding it/downloading it online by accident at this point. I don’t think you could find it even if you tried.

    Tony

  • Harry Pallenberg

    February 16, 2006 at 9:21 pm

    Sophos Software has some info on its site
    https://www.sophos.com/virusinfo/analyses/osxleapa.html

    that seems to suggest that one of the side effects is that it can delete some files. This is the 1st and only place I’ve seen this info…

    Also re: downloading – dont take any thing like this over iChat (or other chat apps) as this seems to be one of the ways it spreads.

    Thanks,
    Harry.

    Forum Cowmunity Leader: OSX
    Forum Cowmunity Leader: Indie & Doc

    Dual 1.8 G5 ** 1GB ** 10.4.1

Reply to this Discussion! Login or Sign Up

We use anonymous cookies to give you the best experience we can.
Our Privacy policy | GDPR Policy