I've been thinking about this a lot, because I consider honesty and honor to be a pretty big part of my gestalt, and I don't want to be viewed as a welcher. But, the truth is, almost nobody who responded to my original challenge read the whole dang post.
So, a couple of people found pointers to what might be viruses and posted about them and said, "Ok, do I win?" But, see, what I'd said was, "So, here's my plan. I'm not putting it into effect yet, but I'm soliciting comments, and if nobody can prove it's a bone-headed idea, I'll go ahead with it."
See, so it's not really fair to reward people who jumped in immediately after that and posted about viruses to try to claim the prize, because people who actually read the instructions were waiting for me to actually say, "Go," which I never really got a chance to say because most of the runners just jumped over the starting line and ran into the woods the second I suggested we might want to have a race. (To torture a metaphor.)
Also, seriously, I was just totally snowed by all the people responding. I mean, that was a lot of stuff. If anyone actually read all those responses, I apologize to you and your family.
But what of the meat? Was there any? Are there Mac OS X viruses? The answer is... well, maybe. I admit, at some point I had to stop reading everything people were writing in there, but I did see three nuggets that need followup.
Most likely is "Opener", which appears to fit all the requirements for being a real virus, and also apparently had a victim, as detailed in this article. There are a lot of different reports on what Opener does and how it might spread; I very much want to know if it really can infect a machine without the user actually giving it power explicitly (if inadvertently). It seems possible and even likely that there are different versions of "Opener" out there, since viruses tend to mutate as kiddies get hold of them and try to increase their power. So, while it was easy to write off "Opener" as not qualifying based on some descriptions of it, others seem more compelling. I want to look at this code myself.
An anonymous poster who possibly isn't a native English speaker but does seem to know a lot about malware also made comments about Opener ("When a password has been found on a remote machine by the brute force process, it installs his code by sshing various commands on the remote host."), which make it sound much like a virus, indeed, except it requires that the target machines have SSH turned on in order to be infected-- I do not know if SSH was on by default when Opener was making its rounds. I'd like to know this.
He also mentions, "Mail malicious bundle was created before your check point and it was designed to send a /tmp/xxx/virus file to all your friends each time mail.app receives your mail," which sounds like a virus, yes. Bears investigating.
And, finally, he mentions, "Do you know MacSerialJunkie? On the private cracks section there's a warning of a virus/worm spreading on a cracked version of ArchiCAD 9." My initial feeling is that it doesn't count if you knowingly download and run a cracked program; it's a lot like complaining that the horse you just stole isn't very fast.
So, I count three possibilities: the Mail bundle (How does it spread?), Opener (Does it really work over SSH? If so, did Mac OS X ship with SSH enabled at the time Opener was spreading?), and the cracked ArchiCAD 9 (Do we count this? If so, should we act surprised if we have sex with Pamela Anderson and end up with Hepatitis?).
Labels: mac community