Tuesday, July 17, 2007

MAC Virus

Stolen from here:

Oh Look. An Apple WORM.

Yes, you read the title correct.

With a few hours work I have put together a proof of concept worm that works on Mac OS X (Intel). I need to get a hold of an older PPC Mac to test that platform but I suspect it will work just fine.

Before I say anymore, because I know some of you will ask, NO I will not send you the PoC or any related details. I wrote this for my own purposes and it will be demonstrated to those who asked me to engage in this work. Yes, I am being compensated for this (Hi Joanna) and yes, Apple will be shown my work. Eventually.

I am willing to share what this worm does. While it is nothing special compared to Windows based Malware it does prove a point -- Apple Computers are just as susceptible to Malware as Windows based ones.

The code I came up with uses a variation of the MDNSResponder vulnerability fixed recently by Apple. Apparently, the engineers at Apple closed both the holes found by Mike Lynn and Dave Aitel but they did not fix them all.

This vulnerability, as with the ones fixed, gives remote root access. The code I wrote is very "customer" specific but could easily be changed to be more malicious. Currently, it compromises its first system (patient zero), places a text file on the desktop with specific contents, then moves on to attempting to compromise other systems on the same network, leaving it's text file and moving on.

Ways this could be improved are pretty obvious. The code could be adjusted to pseudo randomly generate lists of networks to attempt to attack an of course the payload be much more devious than a simple text file.

UPDATE: After a few meetings this morning this PoC is now fully weaponized and does a little more than leaves a text file behind.

This will make Microsoft fans smile a little, but it does have some implications. Apple has touted the claims of being virus free for quite some time now. And while this vulnerability will probably be fixed right away, it just proves that it's only a matter of time before hackers will figure out how to break into ANY system. Given enough time and money that is.

No comments: