OSX Trojan Horse

OS X trojan can wipe Home directory, not a virus says Apple

An OS X trojan horse masquerading as a Microsoft Office 2004 installer can wipe your Home folder, security company Intego has announced.

The AS.MW2004.Trojan is a compiled AppleScript applet, a 108KB self-contained application, whose icon resembles an Office installer. The script runs a Unix command rm that permanently deletes the entire content of the Home directory.

The trojan was discovered in the UK on a Gnutella peer-to-peer network.

Both Apple and Microsoft warned users about the consequences of installing unlicensed, illegally copied software.

Here’s a quick solution posted by my brother Rahul.

If you have a directory with important info (or your home directory) you can create a file in it called “-i” (minus i).
-i means interactive and it fools rm into thinking it was given the -i option in which it prompts the user for yes/no.

Do the following:

1. Launch Terminal. Then at the user prompt type:
2. ls > -i
3. It will create a file named “-i” on your home directory.
4. When anyone does “rm *” the first file picked up will be the “-i”.
5 rm will then prompt the user before deleting.