There"s now a real virus out there for Mac OS X that can do some real damage. It doesn"t seem to be too destructive although it does delete some UNIX commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it "Opener." My system was a responding a bit slowly and a check of my /var/log files showed that they were _all_ empty and had the same mod date. The Activity Monitor showed a process called "john" eating almost an entire processor.
Some further looking showed an unknown startupitem in /Library/StartupItems/ called "opener". The executable file is a well-commented bash program. It scans for passwords for every user, processes the hashed info using your own Mac, turns on file sharing, and puts all this stuff into an invisible folder called .info on each users Public folder. It does much, much more but it"s important that a warning get out quickly.
Dave Taylor: You might notify people that the fastest way for them to see if they"ve had this little bugger show up is to run:
- $ sudo ls -l /Users/*/Public/.info
- ls: /Users/*/Public/.info: No such file or directory