Opener

Posted on October 25, 2004 by Ian Betteridge

The Cult of Mac Blog writes about the rather nasty little Opener malware that’s been found for OS X:

“There’s no means for Opener to spread, and no way for it to infect a machine remotely.”

It’s worth noting that this strictly isn’t true. Opener will, according to the original Macintouch report, copy itself to any mounted volume, presumably including servers. It also turns on File Sharing and puts a copy into each user’s Public (shared) folder. Another user opening one of these copies would, if they put in their admin password, be infected themselves. So while Opener has nothing like the kind of exploit that spread Sasser, it does have a crude method of spreading.

This entry was posted in Macs. Bookmark the permalink.
  • Maureen Powell

    My computer class decided to try to get infected with opener. We downloaded the script and saved it on one computer in the lab. The script would not run when double-clicked. We finally got it to run from terminal but it did nothing because we were not logged in as root. Next we had to change permisions on StartupItems to install it and restarted. The script ran on that one computer but did not infect any of the other computers in the lab. We turned on sharing on all of them and still no spread. We connected all the other computers and mounted thier disks on the desktop of the infected computer and restarted. Still nothing. We added the mounted disks as login items to our admin user and restarted. Still nothing. We changed the usernames and passwords on all the computers so they were all the same. Nada. No matter what we tried we could not get the script to spread to another machine at all. We then wiped the hard drive on the Mac and reinstalled and then ran Norton AntiVirus on all the computers. No opener at all. How is this thing supposed to be able to spread?