By Dan Ilett, 2 November 2004 08:14
NEWS
Apple has denied that the malicious code dubbed 'Opener' is a worm, a Trojan or a virus of any kind.
Discovered a week ago, the Opener program originally called Renepo - has the ability to disable the firewall in Mac OS X and steal user information. Security experts declared last week that it is almost unheard of for malware to target Apple computers, but said that this could be the start of a spate of attacks to come.
In an emailed statement from a PR company that represents Apple, a spokeswoman said:
"Apple has just released the following statement and will not comment beyond this: 'Opener is not a virus, Trojan horse, or worm. It does not propagate itself across a network, through email, or over the web. Opener can only be installed by someone who already has access to your system and provides proper administrator authentication. Apple advises users to only install software from vendors and websites that they know and trust.'"
But antivirus experts beg to differ, saying that while the program is not an immediate threat, it is a worm because it attempts to copy itself, and is therefore a virus as well.
Antivirus company Sophos said: "Renepo is a worm, and since a worm is just a special type of virus - one which neither requires nor uses an existing host file as a carrier - it is a virus."
"I know there has been a lot of debate about this," said Graham Cluley, senior technology consultant for Sophos. "We class it as a worm. It's not going to spread very fast, but it does try to copy itself from Apple Mac drive to Apple Mac drive, and that still makes it a worm. If you saw something similar in the PC world, you would call it a worm."
Symantec declared that Mac owners were protected if they had kept their antivirus software up to date.
Dan Ilett writes for ZDNet UK. Additional reporting by Munir Kotadia of ZDNet Australia.
Comments
There are 7 comments. Join the discussion
1. anonymous
I have just discovered another "worm". This insidious software copies itself onto the users hard drive when run although it too requires an admin password, it's called the Sophos AntiVirus Installer.
2. anonymous
So when the Sophos software installer copies Sophos antivirus onto my hard drive that makes it a worm then?
I am shocked and appalled that Sophos is marketing their worms to the public. Disgraceful.
3. Bob Lopez
I agree with Apple. After looking at opener on their website, I see no mechanism to replicate itself.
This is a rootkit, not a virus or a worm. A rootkit is a set of programs that is placed on a computer to allow the intruder to gain access, escalate privileges or whatever it is that they are trying to do. They characteristically do not have the ability to propagate (virus) or locally replicate (worm).
The authors of this malware also call it a rootkit. Regardless of their intention, I think that they probably know what they are writing.
Why are the anti-virus companies so grossly miss-classifying it? Its a mystery to me, so I have to assume that there is some political motivation behind it.
4. anonymous
Apple's right, it's not a worm, it's a rootkit (http://www.tech-faq.com/unix/rootkit.shtml).
You need to login as root to install it, and you need to have root priviledges to run it.
It does not run on it's own or self propagate. It is just a shell script or in the Windows world, a batch file.
I'm assuming these so called security experts also sell anti-virus software?
5. anonymous
Oh dear, this has stired up the apple community, the thought that there systems may be vunerable. Who actualy cares if it is classed as a worm, if run it still compromises your system.
Grow up!!!
6. anonymous
Yes, the three 'experts' the article cited all sell antivirus software.
i want them to give me *proof* that it replicates *itself* -- successfully -- as everything i've read about it says it can't.
Also, it's not 'in the wild'. How can it be a 'threat' if it's not loose?
i love that last statement: you're safe if you keep your antivirus software up-to-date. Ha! With all the 'worms' reported lately for OS X, you're safe *if you don't blindly type in your password whenever you see a dialog box*. Nothing can install itself on OS X w/o the system asking for permission -- definitely unlike Windows, where *half a minute after* reimaging a hard drive you're infected if you forgot to disconnect the network. Sometimes before you even get to the Windows desktop!
7. Ryan C
Seems to me the virus companies have realised there maybe a half decent market for AV on the Mac platform, therefore any slightest rumour of anything that even remotly resembles some sort of malicious code will be blown out of perportion so all thoses mac user's who constintly read articles about windows amazing ability to be infected will hurry out and buy there anti virus software