Saturday, February 18, 2006

The End of Innocence

We knew it had to happen sooner or later: now Mac users have the Leap.A trojan to worry about. Something like 50 people, total, have been hit by this... but judging from the press coverage, you’d think it was Apocalypse Now. Just don’t accept any files called “latestpics.tgz” from iChat and you should be fine.

Way back when transferring files meant schlepping them around on a floppy, Mac viruses were fairly common. I kept a fairly extensive collection of disinfectant software and had a fairly detailed plan for cleaning up the department Macs when we got hit (which only happened twice in five years). Later on, the primary viral focus shifted from floppies to Microsoft Word files; you could write viruses using Word’s macro language, and they ran on both PCs and Macs. I remember the first Word macro virus; it was called “Concept,” and it was simple enough that I took it apart and analyzed it. It was rather chilling to see a routine called “PayLoad,” which contained only the comment “this should prove my point” — and indeed, it wasn’t long before more destructive macro viruses (that mostly only damaged PCs, fortunately for me) appeared.

After that, malware activity on Macs faded away gradually and those disinfectant utilities withered for lack of need. Lordy, it’s been 7 or 8 years since there’s been anything beyond breathless pronouncements, quickly debunked. Part of it, of course, is the sheer number of Dozeboxes in the world... and the larger part is how easily it has been for malware to infest those Dozeboxes. Macs represented too much effort for too little return, so we have enjoyed a long period of innocence which may well have come to an end this week.

If you use a Mac, grab the Free ClamXav malware scanner if you haven’t already. I think it’s already been updated to detect Leap.A, and it’s a good idea to use it if you transfer files to Dozeboxes... you can’t get infected by their viruses, but you can be Typhoid Annie and transfer them. Be a good citizen and avoid doing that.

While Leap.A is probably not a serious threat — you have to accept an incoming file transfer, unpack the archive, double-click the executable (that tries to disguise itself as a JPEG file), and enter your password to allow the installer to do its thing (and if a JPEG file wants your password, it’s probably not a JPEG) — it represents the straggly first weed in your putting-green lawn. Time to get the shovels, rakes, and implements of dee-struction... and keep them safe in the garage. For now.

No comments

Post a Comment

Comments are welcome, and they don't have to be complimentary. I delete spam on sight, but that's pretty much it for moderation. Long off-topic rants or unconstructive flamage are also candidates for deletion but I haven’t seen any of that so far.

I have comment moderation on for posts over a week old, but that’s so I’ll see them.

Include your Twitter handle if you want a shout-out.

LinkWithin

Related Posts Plugin for WordPress, Blogger...