Just a day after experts warned of what is believed to be the first Trojan in the wild to target Apple Computer's Mac OS X, alerts are being published on a new worm that exploits an 8-month-old vulnerability in the operating system.
The new Inqtana worm spreads through a security flaw in Apple's Bluetooth software, antivirus vendors Symantec and F-Secure said on Friday. Apple provided a fix for the flaw last June with security update 2005-006.
The worm attempts to use Bluetooth to propagate. Once it infects a computer it searches for other Bluetooth-enabled devices and sends itself to those it finds, Symantec said.
Inqtana is a "proof-of-concept" worm, according to Symantec and F-Secure, meaning it's an example of attack code, but itself likely won't affect many users, if any at all. Inqtana is not believed to have actually attacked Mac users. Furthermore, it uses a Bluetooth component that is locked to a specific address and expires next week, according to F-Secure.
"It is quite unlikely that Inqtana would be any kind of threat," F-Secure said on its blog.
However, two examples of malicious software to target Mac OS X in two days may be the start of a trend, Vincent Weafer, senior director at Symantec Security Response, said in a statement.
"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend," he said. "While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage."
The new worm follows the Leap Trojan that was discovered Thursday. Symantec says it believes the two pests were developed on a parallel time line and that Inqtana was not created in response to Leap.
Symantec recommends that Mac OS X users keep antivirus and firewall software, as well as operating systems, up to date. Apple has a safety guide on its Web site.
An Apple representative did not have an immediate comment.
So two antivirus vendors wait until the day after a OS X Trojan surfaces to announce a worm (that is not even in the wild) that was effectively squashed 8 months ago, and then call it a trend.
What ever terror those antivirus companies predict, whatever security hole they expose(to thos hackers to hackers to exploit) even if your system crashes every second , do not buy any of their products. if they don't announce it,most hackers won't know about nowadays. old school hackers knew a lot now they just wait until these companies reveal the problems and if someone with a bluetooth device comes near your precious powerbook or macbook and infects you ,put down your and tussle, put him down.
You are reporting that there is a "worm" that was that takes advantage of "flaws" that were patched a year ago? Seriously, in your article you even say "Inqtana is a "proof-of- concept" worm".... which means... there is no threat.. it's not even out in the wild. This is ridiculous.
to generate some fear and some hysteria. Our sales to Mac owners has been falling for a decade, we can't keep up with the Windows virus' and we could really use some money.
Microsoft is entering the antivirus market so all the old hands are looking for non-Windows market share? Too bad. ClamAV works great on a Mac - and is free.
But I've seen more Windows mobile phones advertised lately and they are sure to be the next MS platform to be successfully attacked. So make sure you have a mobile av product ready.
ClamAV works great??? Maybe if there are no Mac viruses for it to detect.
Check out the University of Hamburg's (authoritative) AV test results at <a class="jive-link-external" href="http://agn-www.informatik.uni-hamburg.de/vtc/" target="_newWindow">http://agn-www.informatik.uni-hamburg.de/vtc/</a> en0407.htm
If you don't want to read that much, they gave Clam a grade of "useless."
This most certainly is a legitimate news story. Most of the successful Windows worms have exploited old vulnerabilities. Most people do not patch their systems religiously. And a lot of people have been burned by past problems with Apple's Security Updates -- I have two friends who have sworn off installing any updates from Apple after one of the earlier Security Updates killed their Airport access.
Face it, two OS X worms in two days -- after five years of nothing -- is news. It was enough to get me to reinstall my copy of Norton.
I liked his conclusion "It should, however, serve as a good wake-up call for all of us to closely examine those things we download prior to making the double-click decision."
Of course some people here are too busy blaming the AV companies to hear that wake up call. Sucks to be them.
Leap also propogates through Instant Messaging. That makes it a worm.
The fact that humans are involved in its propogation is immaterial. The same is true of the vast majority of malware for the PC.
Look, we're all upset to learn that the malware authors have discovered our beloved Macs. But to claim that the AV companies are at fault for categorizing the malware using the same criteria as they use for Windows malware... well, that's just whining.
"Just a day after experts warned of what is believed to be the first Trojan in the wild to target Apple Computer's Mac OS X, alerts are being published on a new worm that exploits an 8- month-old vulnerability in the operating system.
The new Inqtana worm spreads through a security flaw in Apple's Bluetooth software, antivirus vendors Symantec and F- Secure said on Friday. Apple provided a fix for the flaw last June with security update 2005-006."
The vulnerability is not 8-months old. The announcement is! Apple fixed this 8-months ago. A little late to be reporting it.
Proof of Concept is obviously useless when regarding a Mac, right? I mean, look at all the replies saying how ridiculous it is and that it's not even in the wild! But, this is a Mac, so that's okay! But! And I mean BUT! Don't let a Mac user come across a story of a Proof of Concept regarding a Windows or Microsoft flaw, oh no no no! Those are prime target for ridicule and perfect reason to attack Microsoft. But not Apple. Because Apple is all powerful, right?
Apple people, how about this? Since your beloved Operating System is so great and secure, don't install ANY AntiVirus, AntiMalware software, and just run free like a nudist on his birthday. Ignore all the warnings anyone gives, and let nature take its course. You'll be fiiine!
Or, grow up! Respect software companies for what they are and stop slandering them! This applies to Microsoft people too. Zealotry will only lead to a lot more crap.
re "Apple people, how about this? Since your beloved Operating System is so great and secure, don't install ANY AntiVirus, AntiMalware software, and just run free like a nudist on his birthday. Ignore all the warnings anyone gives, and let nature take its course. You'll be fiiine!"
Um... yes i do - I setup a PC on my network and it has viruses on it before I can patch to SP2 if I plug it into the network.
My iMac on my desk has no antivirus software and is virus and malware free, no problem.
I use no AV software and I have no problems with my Mac. What angers me and I think most Mac users is that both (this and Leap-A) of these so called proof of concept trojans are poor proofs but they've gotten attention that should be reserved for real threats.
Both require an extraordinary set of circumstances to be in place in order to work at all. This guarantees that neither can be spread without direct and constant human intervention, making them hardly worthy of a mention other than the fact that somebody is making an attempt at writing Mac malware. We've known that for a long time though, so where's the news?
Is there going to be a trojan that endangers my bank account if I log in from my Mac as there are for Windows systems? ( <a class="jive-link-external" href="http://" target="_newWindow">http://</a> news.com.com/New+Trojans+plunder+bank+accounts/ 2100-7349_3-6041173.html?tag=nefd.top ) I seriously doubt it. If these two are any indication of what Mac users have to look forward to, then the future is looking great. All I have to do to protect my Mac is not be incredibly unlucky AND not be incredibly stupid at the same time. I think I can manage that without any 'help' from Symantec. I think my 75 year old mother can manage that too.
I could install all that crap, <i>or</i> I can keep my iBook <i>properly</i> secured without devoting precious hard drive and CPU resources to a virus scanner and a malware scanner.
Of course, I'm an old school linux geek, so I know how to administer a *nix system.
That said, these viruses are jokes. They don't even <i>work</i> properly, and if you're dilligent in maintaining your updates (not like Apple makes that difficult, as opposed to MSoft) then you have nothing to worry about.
Hell, even when I was on Windows I didn't run any anti-malware software. Why? Becuase <i>I</i> know how to frikkin' take care of a computer, handle patches, I never EVER used Internet Exploder.
And personally, regardless of <i>what</i> OS I hear about a Proof-Of-Concept for, I point it out to friends, and discuss its severity.
Which brings me to my last point. These two proof-of-concepts gave the virus the capacity to do what? Not much- one tricked a user into thinking it was an image (which should teach people about getting images from .tgz files!) and the other requires user intervention to accept the bluetooth file anyway. At that point, you're tricking the user and can do anything you want. Hell, I could whip up a nice little "virus" that IMs itself to all of your friends and formats your hard drive- unless you've properly secured your computer (Don't run as ADMIN!)
Meanwhile, in the Windows world, the last flaw allowed somebody to execute any program on your computer from a WEB PAGE. That too, was a proof of concept, but which one is more severe?
It's supposedly a worm, that is supposed to be able to propagate via bluetooth. But it is a "proof of concept" presented by the Symantec and F-Secure, and it is an 8 month old vulnerability that was fixed last June?!
-- proof of concept. Hmm where is it and is it working (but as you will soon see, not)
-- proof of concept. Did Symantec and F-Secure author this worm to sell their software?
-- 8 month old vulnerability that was fixed last June. By my calculations, (can't stop laughing), then it must have been a vunerablitity for about a day, and therefore does not even exist.
-- 8 month old vulnerability that was fixed last June. How the hell can it be 8 months old when it was fixed last June?! Stranger and stranger.
-- Furthermore, it uses a Bluetooth component that is locked to a specific address, that expires next week. What the hell does that mean?! Did F-Secure create some kind of temporary device to try and infect one of their "test" machines?!
What in the world is really going on? Symantec can't sell software to Mac users, and Mac users are growing in numbers. As a result they result to a campaign of fear, and smear? If they keep this up, they might just find themselves in a whole hell of a lot of legal trouble.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
surfaces to announce a worm (that is not even in the wild) that was
effectively squashed 8 months ago, and then call it a trend.
How convenient.
computers that happen to be within, what, 30ft?
Oooh, I'm shaking in my boots.
Upgrade to Windows and have no more problems with BLuetooth infestations!.
nb - Blootooth works up to 100 Metres away!
Upgrade to Windows and have no more problems with BLuetooth infestations!.
nb - Blootooth works up to 100 Metres away!
security hole they expose(to thos hackers to hackers to exploit)
even if your system crashes every second , do not buy any of their
products. if they don't announce it,most hackers won't know about
nowadays. old school hackers knew a lot now they just wait until
these companies reveal the problems
and if someone with a bluetooth device comes near your precious
powerbook or macbook and infects you ,put down your and tussle,
put him down.
advantage of "flaws" that were patched a year ago?
Seriously, in your article you even say "Inqtana is a "proof-of-
concept" worm".... which means... there is no threat.. it's not even
out in the wild.
This is ridiculous.
has been falling for a decade, we can't keep up with the Windows
virus' and we could really use some money.
Signed,
The Anti-Virus Companies
puh-lease.
nonsense in others? MPD!
Show me.
Your not one of those looney ID proponents, are you?
Mac anti-virus software!!
I know that the Mac stuff brings page views to CNet, but seriously, have some professionalism.
looking for non-Windows market share? Too bad. ClamAV works
great on a Mac - and is free.
But I've seen more Windows mobile phones advertised lately and
they are sure to be the next MS platform to be successfully
attacked. So make sure you have a mobile av product ready.
detect.
Check out the University of Hamburg's (authoritative) AV test
results at <a class="jive-link-external" href="http://agn-www.informatik.uni-hamburg.de/vtc/" target="_newWindow">http://agn-www.informatik.uni-hamburg.de/vtc/</a>
en0407.htm
If you don't want to read that much, they gave Clam a grade of
"useless."
successful Windows worms have exploited old vulnerabilities.
Most people do not patch their systems religiously. And a lot of
people have been burned by past problems with Apple's Security
Updates -- I have two friends who have sworn off installing any
updates from Apple after one of the earlier Security Updates
killed their Airport access.
Face it, two OS X worms in two days -- after five years of
nothing -- is news. It was enough to get me to reinstall my
copy of Norton.
their products. You fell for it.
index.php
call for all of us to closely examine those things we download prior
to making the double-click decision."
Of course some people here are too busy blaming the AV
companies to hear that wake up call. Sucks to be them.
others now reporting proof of concepts as something to be
alarmed about.
Never, ever buy a product from Symantec, F-Secure etc.
Leap also propogates through Instant Messaging. That makes it
a worm.
The fact that humans are involved in its propogation is
immaterial. The same is true of the vast majority of malware for
the PC.
Look, we're all upset to learn that the malware authors have
discovered our beloved Macs. But to claim that the AV
companies are at fault for categorizing the malware using the
same criteria as they use for Windows malware... well, that's just
whining.
"Just a day after experts warned of what is believed to be the
first Trojan in the wild to target Apple Computer's Mac OS X,
alerts are being published on a new worm that exploits an 8-
month-old vulnerability in the operating system.
The new Inqtana worm spreads through a security flaw in
Apple's Bluetooth software, antivirus vendors Symantec and F-
Secure said on Friday. Apple provided a fix for the flaw last June
with security update 2005-006."
The vulnerability is not 8-months old. The announcement is!
Apple fixed this 8-months ago. A little late to be reporting it.
ONE infected machine? (Outside of M$, er, Symantec)
Apple people, how about this? Since your beloved Operating System is so great and secure, don't install ANY AntiVirus, AntiMalware software, and just run free like a nudist on his birthday. Ignore all the warnings anyone gives, and let nature take its course. You'll be fiiine!
Or, grow up! Respect software companies for what they are and stop slandering them! This applies to Microsoft people too. Zealotry will only lead to a lot more crap.
System is so great and secure, don't install ANY AntiVirus,
AntiMalware software, and just run free like a nudist on his
birthday. Ignore all the warnings anyone gives, and let nature
take its course. You'll be fiiine!"
Um... yes i do - I setup a PC on my network and it has viruses on
it before I can patch to SP2 if I plug it into the network.
My iMac on my desk has no antivirus software and is virus and
malware free, no problem.
Do I take off my clothes now?
angers me and I think most Mac users is that both (this and
Leap-A) of these so called proof of concept trojans are poor
proofs but they've gotten attention that should be reserved for
real threats.
Both require an extraordinary set of circumstances to be in place
in order to work at all. This guarantees that neither can be
spread without direct and constant human intervention, making
them hardly worthy of a mention other than the fact that
somebody is making an attempt at writing Mac malware. We've
known that for a long time though, so where's the news?
Is there going to be a trojan that endangers my bank account if I
log in from my Mac as there are for Windows systems? ( <a class="jive-link-external" href="http://" target="_newWindow">http://</a>
news.com.com/New+Trojans+plunder+bank+accounts/
2100-7349_3-6041173.html?tag=nefd.top )
I seriously doubt it. If these two are any indication of what Mac
users have to look forward to, then the future is looking great.
All I have to do to protect my Mac is not be incredibly unlucky
AND not be incredibly stupid at the same time. I think I can
manage that without any 'help' from Symantec. I think my 75
year old mother can manage that too.
Of course, I'm an old school linux geek, so I know how to administer a *nix system.
That said, these viruses are jokes. They don't even <i>work</i> properly, and if you're dilligent in maintaining your updates (not like Apple makes that difficult, as opposed to MSoft) then you have nothing to worry about.
Hell, even when I was on Windows I didn't run any anti-malware software. Why? Becuase <i>I</i> know how to frikkin' take care of a computer, handle patches, I never EVER used Internet Exploder.
And personally, regardless of <i>what</i> OS I hear about a Proof-Of-Concept for, I point it out to friends, and discuss its severity.
Which brings me to my last point. These two proof-of-concepts gave the virus the capacity to do what? Not much- one tricked a user into thinking it was an image (which should teach people about getting images from .tgz files!) and the other requires user intervention to accept the bluetooth file anyway. At that point, you're tricking the user and can do anything you want. Hell, I could whip up a nice little "virus" that IMs itself to all of your friends and formats your hard drive- unless you've properly secured your computer (Don't run as ADMIN!)
Meanwhile, in the Windows world, the last flaw allowed somebody to execute any program on your computer from a WEB PAGE. That too, was a proof of concept, but which one is more severe?
It's supposedly a worm, that is supposed to be able to propagate via bluetooth. But it is a "proof of concept" presented by the Symantec and F-Secure, and it is an 8 month old vulnerability that was fixed last June?!
-- proof of concept. Hmm where is it and is it working (but as you will soon see, not)
-- proof of concept. Did Symantec and F-Secure author this worm to sell their software?
-- 8 month old vulnerability that was fixed last June. By my calculations, (can't stop laughing), then it must have been a vunerablitity for about a day, and therefore does not even exist.
-- 8 month old vulnerability that was fixed last June. How the hell can it be 8 months old when it was fixed last June?! Stranger and stranger.
-- Furthermore, it uses a Bluetooth component that is locked to a specific address, that expires next week. What the hell does that mean?! Did F-Secure create some kind of temporary device to try and infect one of their "test" machines?!
What in the world is really going on? Symantec can't sell software to Mac users, and Mac users are growing in numbers. As a result they result to a campaign of fear, and smear? If they keep this up, they might just find themselves in a whole hell of a lot of legal trouble.
Sick of this.