# Warning about a New OSX Trojan



## ArielMT (Nov 3, 2009)

Don't laugh.

According to a post on Symantec's Security Response, the new trojan called OSX.Loosemaque presents itself as a video game while secretly deleting files from the player's home directory.

It arrives as a Mac OS file named "lose lose.app" and 3,691,880 bytes (3.5 MB) in size.

When a user is tricked into running the trojan, the user is presented with a video game:






If the player shoots an enemy character, a file or folder is deleted from the player's home directory.  When the player's character is destroyed, the trojan sends the high score to a remote server and then deletes itself from the computer.

Symantec recommend the following practices, among others, regarding this trojan:

Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
Sensible, but irrelevant.

Symantec recommend the following steps to remove this specific trojan:

Update the virus definitions.
Run a full system scan and repair or delete all the files detected.
This is interesting because, according to the write-up, this trojan won't be detected by the weekly virus definition updates until tomorrow, November 4th.

Now you can laugh.


----------



## ToeClaws (Nov 3, 2009)

Not surprised - with the rising popularity of Non-MS operating systems, we'll likely see a lot more of these.  Have to admit though - I like the creative approach.


----------



## Aurali (Nov 3, 2009)

Greatest virus ever...

is it bad I wanna play it?


----------



## ArielMT (Nov 3, 2009)

I'm more disappointed at Symantec's response than I am at the trojan itself.

I have some Mac-owning customers, and I dread the day one of them brings it in with the complaint of missing documents and video games.  "But I got a really high score on it, and I don't want to lose that score!"

Edit: And I love the trojan's filename.


----------



## Aden (Nov 3, 2009)

ArielMT said:


> the new trojan called OSX.Loosemaque presents itself as a video game



Oh. Well there's nothing to worry about then. Nobody expects to play videogames on their Mac.


----------



## Sinjo (Nov 3, 2009)

This isn't a virus.

The developer provides this for free and warns you that it will delete files as you play.

http://www.stfj.net/art/2009/loselose/


----------



## ArielMT (Nov 3, 2009)

STFJ said:
			
		

> Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the players computer. If the player kills the alien, the file it is based on is deleted. If the players ship is destroyed, the application itself is deleted.



Hahah, oh wow!  WTG Symantec!

BTW, Web Of Trust scorecard.


----------



## ToeClaws (Nov 3, 2009)

Best kind of virus - one that lets you voluntarily run it and wreck your system with it!  There were some for both DOS and Windows like that too.


----------



## Runefox (Nov 3, 2009)

ToeClaws said:


> Best kind of virus - one that lets you voluntarily run it and wreck your system with it!  There were some for both DOS and Windows like that too.



Yeah, I remember those, it was awesome. XD It's amazing how the Mac crowd are only just now catching up with the trend.


----------



## Irreverent (Nov 3, 2009)

Aurali said:


> is it bad I wanna play it?



I used my boss' Airbook. :twisted:



Runefox said:


> Yeah, I remember those, it was awesome. XD It's amazing how the Mac crowd are only just now *failing to learn from* the trend.



Fixed. :razz:

Really, Symantech..WTF?


----------



## AshleyAshes (Nov 3, 2009)

Wait, the virus REMOVES ITSELF WHEN YOU LOSE?

...What kinda stupid design element is that?


----------



## Aurali (Nov 3, 2009)

Irreverent said:


> I used my boss' Airbook. :twisted:



Should bring out my old mac and see if it works no?



AshleyAshes said:


> Wait, the virus REMOVES ITSELF WHEN YOU LOSE?
> 
> ...What kinda stupid design element is that?



Read the rest of the thread.  maybe even the links within it


----------



## Duality Jack (Nov 3, 2009)

AshleyAshes said:


> Wait, the virus REMOVES ITSELF WHEN YOU LOSE?
> 
> ...What kinda stupid design element is that?


 Read the replies. ITS A GAME. One that was made to have "real consequences" to your actions.


----------



## Sinjo (Nov 3, 2009)

AshleyAshes said:


> Wait, the virus REMOVES ITSELF WHEN YOU LOSE?
> 
> ...What kinda stupid design element is that?


I'm not sure whether I should yell at you or feel sorry for you.


----------



## Azbulldog (Nov 3, 2009)

Sinjo said:


> This isn't a virus.
> 
> The developer provides this for free and warns you that it will delete files as you play.
> 
> http://www.stfj.net/art/2009/loselose/


This.
I heard about this game weeks ago, and it's not just OSX. I wish I had a crappy computer to waste just to be on the high scores.


----------



## Aden (Nov 3, 2009)

Step 1: Flood home directory with a few thousand junk files and play game
Step 2: ???
Step 3: Profit


----------



## Aurali (Nov 3, 2009)

lol at "permanent deletion" do they overwrite sectors or what?


----------



## Runefox (Nov 3, 2009)

Aurali said:


> lol at "permanent deletion" do they overwrite sectors or what?



You idiot! You own a Macintosh! The file is fucking gone! It's just gone!


----------



## Irreverent (Nov 3, 2009)

Runefox said:


> You idiot! You own a Macintosh! The file is fucking gone! It's just gone!



I swear that gets funnier every time I see it.


----------



## Aden (Nov 3, 2009)

Aurali said:


> lol at "permanent deletion" do they overwrite sectors or what?



I know Disk Utility gives the option to zero everything when formatting with a few options for amount of passes, but to my knowledge that doesn't happen with standard file deletion.


----------



## Sinjo (Nov 3, 2009)

Aden said:


> Step 1: Flood home directory with a few thousand junk files and play game
> Step 2: ???
> Step 3: Profit


Except that it chooses every and anything on the HDD


----------



## ArielMT (Nov 3, 2009)

Runefox said:


> You idiot! You own a Macintosh! The file is fucking gone! It's just gone!


----------



## Aden (Nov 3, 2009)

Sinjo said:


> Except that it chooses every and anything on the HDD





ArielMT said:


> the new trojan called OSX.Loosemaque presents itself as a video game while secretly deleting files from the player's home directory.
> 
> ...
> 
> If the player shoots an enemy character, a file or folder is deleted from the player's home directory.



Just going with what was said in the OP, bro.


----------



## Shino (Nov 3, 2009)

_Must resist... must resist... res..i...s..t..._

ah, screw it.

*I told you so.*


Also, +1000 to Runefox for posting the ultimate Mac quote...


----------



## CryoScales (Nov 3, 2009)

Someone actually went through the effort to make a macbased virus? I have to applaud them for their tenacity.


----------



## Carenath (Nov 3, 2009)

AshleyAshes said:


> Wait, the virus REMOVES ITSELF WHEN YOU LOSE?
> ...What kinda stupid design element is that?


You didn't read the thread, did you, it's a game not a virus.



Sinjo said:


> I'm not sure whether I should yell at you or feel sorry for you.


Except you've done just as bad yourself.



> Although touching aliens will cause the player to lose the game, and killing aliens awards points, the aliens will never actually fire at the player. This calls into question the player's mission, which is never explicitly stated, only hinted at through classic game mechanics. Is the player supposed to be an aggressor? Or merely an observer, traversing through a dangerous land?
> 
> Why do we assume that because we are given a weapon an awarded for using it, that doing so is right?
> By way of exploring what it means to kill in a video-game, Lose/Lose broaches bigger questions. As technology grows, our understanding of it diminishes, yet, at the same time, it becomes increasingly important in our lives. At what point does our virtual data become as important to us as physical possessions? If we have reached that point already, what real objects do we value less than our data? What implications does trusting something so important to something we understand so poorly have?


 So the game is a philosophical question... interesting.


----------



## Sinjo (Nov 3, 2009)

Carenath said:


> Except you've done just as bad yourself.


Example?



Aden said:


> Just going with what was said in the OP, bro.


It should be evident by now that the OP was wrong in the first place.


----------



## Rigor Sardonicus (Nov 3, 2009)

They were talking about it on The Escapist not long ago.
Somebody raised a very good point:

Pretentious pseudointellectuals should stay the fuck out of video games.

EDIT: That said, if it were Mac-exclusive, I'd totally dig this idea. Mac users deserve all the self-pwnage they can rack up.


----------



## Carenath (Nov 3, 2009)

Sinjo said:


> Example?


http://forums.furaffinity.net/showthread.php?t=54275


----------



## Shindo (Nov 3, 2009)

http://www.youtube.com/watch?v=aBJQ5085kSo 

i find this relevant

best virus ever, it goes away too


----------



## Bobmuffins (Nov 4, 2009)

Shindo said:


> http://www.youtube.com/watch?v=aBJQ5085kSo
> 
> i find this relevant
> 
> best virus ever, it goes away too



holy balls i want to buy a mac just to use this

like seriously


----------



## ArielMT (Nov 4, 2009)

Sinjo said:


> It should be evident by now that the OP was wrong in the first place.



I cited my source expecting it to be mocked.  Wishing it, in fact.  Symantec's write-up made my morning.



Shindo said:


> http://www.youtube.com/watch?v=aBJQ5085kSo
> 
> i find this relevant
> 
> best virus ever, it goes away too



More awesome than the California Virus of 1998.  (All the windows and menus would suddenly start wobbling as if in an earthquake.)


----------



## Sinjo (Nov 4, 2009)

Carenath said:


> http://forums.furaffinity.net/showthread.php?t=54275


Oh, you mean how I insulted some one. That's a good reason to yell and or feel sorry for me. A'yup, s'the exact same situation.


----------



## Rigor Sardonicus (Nov 4, 2009)

Sinjo said:


> Oh, you mean how I insulted some one. That's a good reason to yell and or feel sorry for me. A'yup, s'the exact same situation.


Just ignore Carenath. He changes the meaning of "insult" like I change my underwear.


----------



## Geek (Nov 4, 2009)

It's NOT SECRETLY deleting files.

When you open the app, it puts up a message saying that it WILL delete files when you shot the spaceships.

So if any files get deleted, it is the stupidity of the user.

Seems to be called an 'art project' by it's creator (more like a psychology experiment).

TMO had a news bit yesterday on it: http://www.macobserver.com/tmo/arti...deletes_your_files_with_every_ship_destroyed/


----------



## Rigor Sardonicus (Nov 4, 2009)

Oh, damn. Looks like Carenath deleted our posts because we figured out his secret, guys.

*On-topic:*


Geek said:


> It's NOT SECRETLY deleting files.
> 
> When you open the app, it puts up a message saying that it WILL delete files when you shot the spaceships.
> 
> ...


This has been discussed already. You're late.

Nobody wants to comment on how pseudointellectual dicks should stay away from gaming? I'm disappointed


----------



## Geek (Nov 4, 2009)

Rigor Sardonicus said:


> Nobody wants to comment on how pseudointellectual dicks should stay away from gaming? I'm disappointed



My computer's immune from this sort of Trojan... I run Windows.


----------



## Rigor Sardonicus (Nov 4, 2009)

Geek said:


> My computer's immune from this sort of Trojan... I run Windows.


There's a Windows version, isn't there?


----------



## Geek (Nov 4, 2009)

Rigor Sardonicus said:


> There's a Windows version, isn't there?



There's probably a Linux version if it's written on UNIX.



ArielMT said:


> When a user is tricked into running the trojan



That's a really nice way of saying, "When somebody is stupid enough to run the trojan..."


----------



## Rigor Sardonicus (Nov 4, 2009)

Geek said:


> There's probably a Linux version if it's written on UNIX.


No self-respecting Linux user would be dumb enough to play that game without a virtual machine. And if it isn't open-source, the N00buntu community probably can't get it from the repos and won't likely be playing either :V



> That's a really nice way of saying, "When somebody is stupid enough to play the game..."


Fixed.


----------



## Geek (Nov 4, 2009)

Rigor Sardonicus said:


> Fixed.


Thanks.

This is simply a game that deletes files, even beginner programmers can create such an application.

And the game actually warns you about what it's going to do.


----------



## ArielMT (Nov 4, 2009)

Geek said:


> That's a really nice way of saying, "When somebody is stupid enough to run the trojan..."



Well, yeah.  That's true.

And I didn't know it was supposed to be a game instead of a trick until Sinjo's link above.  As I noted, way to go Symantec.  I knew they were overreacting, which is why I started this thread, but I had no idea just how much.

@Rigor Sardonicus: n00b@woeismypc:~$ sudo apt-get install rm-rf-thegame


----------



## Beastcub (Nov 4, 2009)

Sinjo said:


> This isn't a virus.
> 
> The developer provides this for free and warns you that it will delete files as you play.
> 
> http://www.stfj.net/art/2009/loselose/



if it was an old computer you were getting rid of and had saved to disk anything you cared about it actually wold be fun.

sort of like some of the crap i see on funny home videos like the guy tearing down an old shed by crashing an old car into it


----------



## Geek (Nov 5, 2009)

I wrote a trojan that wipes out the user directory.

Terminal:

# cd 
# rm -rf *

GameOver


----------



## ArielMT (Nov 5, 2009)

Not quite as persistently effective as Eevee's Linux virus, even though it doesn't delete but one overwritten file:



Eevee said:


> ok guys bear with me here
> 
> 
> ```
> ...


----------



## furryfan917 (Nov 5, 2009)

just to let you know, this is not a trojan. the whole point of the game is that you lose a file when you hit an enemy, but if it hits you, you lose the application that opens the file.

hence the name lose lose.

symantec is just being stupid as usual. take a look at the homepage, there's a warning that it will delete files from your drive in big bold letters.

http://www.stfj.net/art/2009/loselose/

the game even warns you as you start it up. how the hell did symantec assume this was a trojan?


----------



## Runefox (Nov 5, 2009)

furryfan917 said:


> just to let you know, this is not a trojan.



Welcome to the topic! ... You're kind of slow on the draw, here.


----------



## Irreverent (Nov 5, 2009)

ArielMT said:


> @Rigor Sardonicus: n00b@woeismypc:~$ sudo apt-get install rm-rf-*thegame*



Somebody just lost...

Incidentally, the number of Canadians in this thread is startling.


----------



## ToeClaws (Nov 5, 2009)

Irreverent said:


> Incidentally, the number of Canadians in this thread is startling.



So... what aboot it?


----------



## Runefox (Nov 5, 2009)

ToeClaws said:


> So... what aboot it?



... Eh?


----------



## Rigor Sardonicus (Nov 5, 2009)

Is there a moose aboot the hoose? D:



ArielMT said:


> @Rigor Sardonicus: n00b@woeismypc:~$ sudo apt-get install rm-rf-thegame


Oh, you~<3


----------



## Runefox (Nov 5, 2009)

Rigor Sardonicus said:


> Is there a moose aboot the hoose? D:



LARD T'UND'RIN' JEEZUS, B'Y, YA KNOWS I GOTS TA GET ME MOOSE, BUDDY WHA.


----------



## Carenath (Nov 5, 2009)

Should I be glad that I'm *not* Canadian?


----------



## Rigor Sardonicus (Nov 5, 2009)

Carenath said:


> Should I be glad that I'm *not* Canadian?


No.


----------



## ArielMT (Nov 5, 2009)

Quit taking my thread off-topic and bring it back to fake/funny malware and security companies being stupid.

Unless Canada is a virus.

...Which must be true because a Canadian in this thread made me lose the game with my own words.  =(


----------



## Rigor Sardonicus (Nov 5, 2009)

ArielMT said:


> Quit taking my thread off-topic and bring it back to fake/funny malware and security companies being stupid.
> 
> Unless Canada is a virus.
> 
> ...Which must be true because a Canadian in this thread made me lose the game with my own words.  =(


*pats* There, there...


----------



## Sinjo (Nov 5, 2009)

furryfan917 said:


> just to let you know, this is not a trojan. the whole point of the game is that you lose a file when you hit an enemy, but if it hits you, you lose the application that opens the file.
> 
> hence the name lose lose.
> 
> ...


Please read the thread before posting.


----------



## Runefox (Nov 5, 2009)

ArielMT said:


> Quit taking my thread off-topic and bring it back to fake/funny malware and security companies being stupid.



Hmm, well, here's a funny piece of malware: XP Antivirus. Too bad I can't find a download link for it or I'd totally recommend it. They got blasted by the courts! =D

JUMPIN' DYIN' JEEZUS, DAT XP ANTI-VOIRIS IS ONE LI''LE ANTICHRISTER, 'E IS! I TELL YE, I DIES AT 'E EV'RY TOIM I SEES 'E! DE'RE SOME STUNNED, WHA?


----------



## Geek (Nov 6, 2009)

I'm working on a "trojan" also, which requires the user to type:


```
sudo rm -rf /
```

See how subversive & covert it is?

Now I have to go buy Norton.


----------



## Irreverent (Nov 6, 2009)

Geek said:


> I'm working on a "trojan" also, which requires the user to type:
> 
> 
> ```
> ...



fixed it for ya.  

Anywhoo, i think this thread is about ready for the fork.  Its done like dinner.


----------

