Mac "Virus"
There’s an alarmist headline at MacSlash about a new mac virus. Its been picked up in a bunch of places. The commenters correctly identify it as a rootkit, not a virus. A rootkit is a program you install, after break in, to hide your tracks.
Its not even a sophisticated rootkit. Its stunningly primitive. Reading it, I felt that I’d gone back to 1995 or so. It doesn’t even change ps or ls to hide itself.
It certainly doesn’t spam itself to other users, it doesn’t hide itself in documents so that it spreads when you send them, it doesn’t include any way to break into your computer. If someone adds it to one of those, a mac will still require that you enter a password before running most of those commands. (And there’s no code to prompt for a password.)
At some point, there will doubtless be viruses for the mac that deserve press. This doesn’t.
Hell, it’s barely a rootkit. With a couple of exceptions, this could be a really classy backup script… The automated download and execution of jtr is a nice touch though.