![]() ![]() But listing the command is not like explaining how to write a self-replicating virus that spreads from machine to machine - this is common knowledge to probably at least a couple of million OS X users who have some knowledge of Unix.įor those that don't know Unix, rm is "move to and empty trash," -r is "do this for all items and folders within this folder," the f means "force removal without confirmation," and the ~ means "the user's directory." Spelled out, this means that the script will, without warning or user intervention, delete everything in the user's folder. What makes it troublesome in this case is simply that it's called from a program where the typical user will not know what's happening, and will be shocked at the outcome. In fact, if you search macosxhints (using the advanced search page) for the 'exact phrase' rm -rf, you'll get fully three pages of matches. ![]() rm -rf is a very standard, very useful Unix command. And to claim that this is some "deep dark secret" that needs to be hidden is, in my opinion, trying to hide from the truth - more "security by obscurity," which we all know doesn't work well at all. I feel it's important that everyone understand the above command, and know what it looks like - the more people who know what this line does and how it works, hopefully the fewer who will be fooled by it. Basically, my guess is that the trojan horse is a one-line AppleScript that contains the following UNIX command (in the script, the command will be accessed via the AppleScript method for calling a shell command, but I'm not going to bother including that part here): rm -rf ~ WARNING!! DO NOT USE THIS COMMAND! YOU WILL ERASE YOUR USER'S DIRECTORY! Although some (perhaps many) will disagree with me, I'm going to publish what I think the exploit to be, because it's not a huge secret. Note that this is not a virus it cannot email itself to others, nor replicate over a network, etc.Īfter reading the article and the press release, I think it's pretty obvious what the program is doing - I suspect it's nothing more than a one-line AppleScript. ![]() Double-click it, and your user's folder contents are history. According to Macworld UK and Intego, the trojan horse is a script that has been neatly saved as a clickable application, complete with a custom Microsoft Office icon. Later today, if not already, you'll probably be reading a lot about a new OS X trojan horse, as first reported by Macworld UK, and then covered in an Intego press release. This is a somewhat non-standard hint, but I felt it was worth mentioning and discussing. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |