As first reported by
Macintouch last week, there’s a new form of malware that specifically targets Mac OS X. Already dubbed “Opener,” it’s been confirmed by corporate anti-virus software maker Sophos Plc., which has posted details on
its Web site, and has called the malware “SH/Renepo-A.” Sophos describes the code as a shell script worm that specifically targets Mac OS X computers.
Opener can disable Mac OS X’s built-in firewall and copies itself to the system’s startup directory, according to Sophos. It can also locate passwords on the hard drive and attempts to crack them. Opener purportedly can attempt to copy itself to other networked hard disk drives mounted on the infected computer’s desktop as well.
According to the extensive information posted by Macintouch readers, it would seem that Opener may have started life as a startup script posted earlier this year to the Macintosh Underground discussion forums. The script purportedly requires root-level access to the target Mac OS X computer in order to be successfully installed, which should limit exposure unless your Mac’s security has already been compromised. The software installs “John the Ripper,” a brute-force password cracking tool sometimes used by Unix hackers.
Users who have anti-virus software installed on their Macs are encouraged to make sure they’re using the latest anti-virus definition files available from their software’s developer.