Anonymous researcher boasts of building Mac worm

Exploits bugs Apple missed in May, 'Information Security Sell Out' blogger says

An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple missed in a May round of patches.

A poster on the Information Security Sell Out blog said Sunday that he or she had written a proof-of-concept worm "in a few hours" that exploits a variation of a vulnerability patched in May by Apple.

According to the researcher (actually, in one posting, "writers" is used so there may be more than one contributing), he or she exploited a still-unpatched bug in mDSNResponder, a component of Apple's Bonjour automatic network configuring service, in the worm's code. "This vulnerability, as with the ones fixed, gives remote root access," the researcher said. Apple's May security update, 2007-005, included a fix for the mDSN bug.

Info Sec's blogger(s) said the worm was also "very 'customer' specific" and crafted for cash. "[It] could easily be changed to be more malicious," said the researcher.

The same blogger made a minor stir in April when, after a US$10,000 security conference contest concluded, he or she claimed to have grabbed the exploit from the conference wireless network and reverse-engineered the vulnerability. Conference organizers, however, denied that the wireless network had been cracked. When asked to back up his or her claims, the Info Sec blogger only replied: "There is no real benefit to me in doing so. I am not one who cares if people believe my claims or not."

In the same comment thread, the Info Sec blogger also promised to post the captured packets and other information "Once this bug is patched by Apple and I am satisfied that I would not be adding additional risk." Apple patched the QuickTime vulnerability May 1. The Info Sec blogger has not yet, however, posted the nicked network traffic.

Attempts to reach the Info Sec blogger via e-mail were unsuccessful.

More about: Apple, HIS Limited, SEC, VIA

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/165/billings/

Billings

Billings allows you to present clients with professional looking invoices. There are 30 templates to choose from and you can add your own logo and ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia