OT: OS X virus info

mascarasnake dontdrill at earthlink.net
Wed Nov 3 17:18:39 MST 2004 

Just adding a bit here, Bill:

I've been following this News tidbit for a while now. From what I can 
gather, there's very little that this thing can do if your machine is 
secure (it requires root access to install in the first place). Good 
security rules of thumb - use 'sudo' instead of 'su', use 'ssh' instead 
of 'telnet', lock your screen if you are away from you computer, et. al 
- make this malware mainly a note of interest as opposed to a real threat.

Mac OS X Hints has a great thread on this gizmo that includes some 
scripts that can keep an eye on your Startup Item Folders for you (where 
this puppy likes to live).
	<http://www.macosxhints.com/article.php?story=20041101050409768>
There is also a link to the NSA's guide to securing a Mac. Informative 
reading (if not exactly titillating). I found several holes in my own OS 
X box that I plugged.

Like you say,the one thing that this really points out to us in the Mac 
and *nix world is that no system is truly free from the uglies of the 
world. If we  practice lax security, we're really not much better off 
than our Windows Weenie cousins thrice removed.


Longman, Bill wrote:
>>From ESJ:
> 
> Apple Worm Emerges
> 
> Antivirus vendor Sophos warns of a new worm that affects Macintosh computers
> running OS X.
> 
> Known both as Opener and Renepo, the worm uses the Bash shell to disable the
> Mac's firewall and other security settings, install hacking and
> password-sniffing tools, change permissions for key directories to allow
> unmitigated access, create its own administrator-level account, and hide its
> tracks by deactivating logging.
> 
> "This is a shot across the bows rather than a pressing immediate danger to
> Mac environments," says Graham Cluley, senior technology consultant at
> antivirus vendor Sophos. Still, "the Renepo worm reminds Mac users who may
> have felt smug that most viruses target the Microsoft Windows market that
> they should be careful not to turn a blind eye to security."
> 
> Sophos says the worm hasn't been seen in the wild. Computer Associates, on
> the other hand, notes the worm spreads through file-sharing networks. Still,
> vulnerability information provider Secunia characterizes the worm as a "very
> low risk," its lowest rating for vulnerabilities.
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 

-- 
     It's what you make it man
     Takes time
     A little bit
     A little bit more

             -The Minutemen

dontdrill at earthlink.net

More information about the yellowdog-general mailing list