Anonymous Mac virus writer strikes again

An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple Inc. missed in a May round of patches.

A poster on the Information Security Sell Out blog said Sunday that he or she had written a proof-of-concept worm “in a few hours” that exploits a variation of a vulnerability patched in May by Apple.

According to the researcher (actually, in one posting, “writers” is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple’s Bonjour automatic network configuring service, in the worm’s code. “This vulnerability, as with the ones fixed, gives remote root access,” the researcher said. Apple’s May security update, 2007-005, included a fix for the mDSN bug.

Info Sec’s blogger(s) said the worm was also “very ‘customer’ specific” and crafted for cash. “[It] could easily be changed to be more malicious,” said the researcher.

The same blogger made a minor stir in April when, after a US$10,000 security conference contest concluded, he or she claimed to have grabbed the exploit from the conference wireless network and reverse-engineered the vulnerability. Conference organizers, however, denied that the wireless network had been cracked. When asked to back up his or her claims, the Info Sec blogger only replied: “There is no real benefit to me in doing so. I am not one who cares if people believe my claims or not.”

In the same comment thread, the Info Sec blogger also promised to post the captured packets and other information “Once this bug is patched by Apple and I am satisfied that I would not be adding additional risk.” Apple patched the QuickTime vulnerability May 1. The Info Sec blogger has not yet, however, posted the nicked network traffic.

Attempts to reach the Info Sec blogger via e-mail were unsuccessful.

Comment: [email protected]

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.