'Hammer' Exploits Mac User Vulnerability

- 2006.02.23

There's a new security threat to Macintosh computers circulating around the Internet, dubbed by security experts to be the "Hammer" worm. As usual the mainstream press is trumpeting the security flaw in OS X as the end of an era for Mac users.

What, you haven't heard of "Hammer"? Well, you'll be an expert as soon as you read the Lite Side's

Guide to the Newest Mac Exploits

February 2006: "Hammer," a new security exploit, has been identified by Dr. Norton's All-Purpose Threat Prognosticator as the newest security threat to Our Favorite Platform. Hammer, otherwise known as Louie the Worm or Floppy-ears, is invoked when users read an email from "Louie" that reads as follows:

"Hi, Smuggypants!
I work for a big computer company and I just heard there's a virus on your computer!

It's not really a virus but it's a worm and to stop it you must kill it!

Here is how you kill it: Click here"

Users who click on the embedded link in the email are taken to a web page that shows how to destroy the "infection" using three simple steps:

Get a hammer.
Smash your Mac with it.
Repeat until it stops running. This will kill the worm. Please now email this warning to everyone you know, especially people you don't remember in your address book. "

Investigators claim the email actually came from a joke written by a news website and presented as actual news but supposedly disguised in a humor column. Readers who forwarded the email to each other as a joke apparently reached users who "didn't get it," according to security expert Lance M. Boyle, who works for Systemanic Security Software. "Users are actually pounding the hell out of their computers with a hammer in an effort to rid themselves of this worm, not realizing that the pounding itself is the manifestation of the worm's effectiveness," he said. "And, by the way, it's a worm, not a virus."

This just goes to show the naiveté of the Macintosh user compared to their more sophisticated colleagues, according to unnamed security experts. A Windows user, many feel, would have used a sledgehammer and gotten the job done much more efficiently. Using a hammer may be more convenient and less messy, but it doesn't do the job as effectively as a more mainstream sledge, say Windows users who have fallen prey to the Windows version of this aggressive little worm.

Security experts warn this is just the beginning. Milo Browe, who has evaluated tens of zillions of wormii and virii and Trojan Horsii for the Windows platform, suggests that Mac users are going to be in a situation where history repeats itself very soon now.

"Everyone knows a Windows user who claims never to have ever had a virus or malware on their computer," he says. "The comments section on security articles online are filled with them. Actually, we are pretty sure this is the same guy commenting in all these forums, and for the most part, he's either a liar or an idiot," Browe continued.

"Now we get to have the same sort of idiot posting the same kind of inflammable messages for Mac. Before, they just got to do the old 'Macs are inherently more secure' line in online flame wars. Now they'll get to go through the same mind-numbing set of excuses that Windows users have lived with for years. Of course, this means that the Mac fanboys are going to go down in flames, unable to defend themselves against their naturally more experienced superiors. I'm actually kind of looking forward to it," he concluded.

"By the way,"he added, "it's not a virus, it's a Trojan."

A spokesman for Apple was unable to confirm that any exploits had actually appeared in the wild. "I've tried to get my computer infected for the past 72 hours," said Nancy Bowtie, a tech support research assistant for Apple. "They want me to compromise my machine so they can work on fixing the exploit, but so far, none of my IM buddies have sent me any attachments. It's kind of hard to get infected, even if you want to," she said.

"I'm pretty sure this thing's a virus," she added.

Other worms are in the works, according to USYTBSBA. (Unnamed sources yet to be sued by Apple). Here's a partial list to keep you waiting in suspense:

Shazbot Noogie: This malicious virus reproduces itself to detached aliases and spreads when you accidentally send the alias to a friend instead of an actual file. This one is a virus but everyone tells you it's a worm.

Horsey Set: This email-based attack claims to have pictures of Britney Spears carrying her kid potato-sack style at the Kentucky Derby and running across the track in the middle of the race. Upon opening the file, users see a picture of Britney's mom running across the track in the middle of the race, carrying Britney, which makes the user eject their dinner all over the keyboard. This ejection is definitely virus based. Probably the flu.

Fort Bellow: This virus sends a fake news release about itself to everyone in your address book. "The virus is spread when people read this sentence," it reads. [By the way, you just got infected. Sorry about that. - JA] Also, it's a worm, not a virus.

Smellovision: This exploit starts up Classic and uses so many system resources it makes your processor overheat and smell like a burnt omelet. It's actually not a worm, virus, or Trojan horse. It's just a little program that calls itself "Smellovision" and gets posted on shareware sites because the name sounds so cool.

LITESIDE LUSER: This Trojan horse runs a little hypnosis program that makes you forward a link to this story to everyone you know. This Trojan horse is actually a Trojan horse, not a worm. Or a virus. I think.

Recent Lite Sides

You Might Be a Computer Geek If..., 06.17. 20 signs that you just might possibly be a computer geek.
What if Apple thought like a PC company?, 11.01. Apple has innovated and blazed its own trail. But what if it had followed the path taken by the PC copycats?
How Microsoft can turn Vista lemons into lemonade, 10.22. How Microsoft could profit by no longer allowing manufacturers to sell new PCs with Windows XP installed.
iPods that never passed beta or focus groups, 09.13. "What most Apple fans don't realize is that there were a few iPod variants that never made it out of beta testing and the focus group stage."
More in the The Lite Side index.

Links for the Day

Mac of the Day: Mac mini Core Solo, Feb. 2006 - The only Mac to use a Core Solo CPU, this model ran at 1.5 GHz, has integrated graphics, and includes a Combo drive
Group of the Day: SuperMacs is for those using Umax SuperMac clones.
November 24 in LEM history: 98: Microsoft's heavy hand - 00: Looking at the iMac - 04: The best Mac for the holidays - Picking the right replacement for a dead mouse - Better battery for 15" AlBook
Support Low End Mac

Recent Deals

Best G4 iMac Deals, 11.24. Used 15" 700 MHz CD-RW, $150; 800 MHz Combo, $229; 1 GHz, $289; 17" 1.25 GHz, $200; 20" 1.25 GHz, $509.
Best PowerBook G3 Deals, 11.24. Used 233 MHz WallStreet, $75; 266 MHz, $160; 400 MHz Lombard, $199; 400 MHz Pismo, $289; 500 MHz, $350.
Best MacBook Air Deals, 11.24. Used from $899; refurb from $1,099; new 1.6 GHz/120 HD, $1,150 after rebate; 1.8/64 SSD, $1,150 a/r; 1.86/128 SSD, $1,350 a/r; 2.13/128 SSD, $1,694 a/r.
Best 12" PowerBook G4 Deals, 11.23. Used 867 MHz SuperDrive, $348; 1 GHz Combo, $379; SD, $519; 1.33 GHz, $529; 1.5 GHz Combo, $549; SuperDrive, $609.
Best Mac Pro Deals, 11.23. Used 2.66 GHz 4-core, $1,300; 3.0 4-core. $1,919; refurb 2.66 4-core Nehalem, $2,149; 2.93, $2,549; 2.93 8-core, $4,999; new 2.26 8-core, $2,290.
Best Time Capsule and AirPort Deals, 11.23. Used 802.11g AirPort Extreme, $49; 500 GB Time Capsule, $150; new, $190; 1 TB dual-band, $280; 2 TB, $469; 802.11n AirPort Extreme, $170.
Best eMac Deals, 11.18. Used 1 GHz Combo, $100; SuperDrive, $269; 1.25 GHz Combo, $119; SD, $319; 1.42 GHz Combo, $289; SD, $498.
Best Mac OS X 10.6 and Mac Box Set Deals, 11.18. "Snow Leopard", single user, $25; 5 users, $45; Mac Box Set, single user, $139; 5 users, $180; Server, $414. Shipping included.
Best Xserve Deals, 11.18. Used 1 GHz dual G4, $649; 2.3 dual G5, $795; 3.0 4-core Xeon, $1,899; refurb 2.26 4-core, $2,499; new, $2,888; refurb 8-core, $2,999; new, $3,449; more.
More deals in our archive.

About LEM | Support | Usage | Privacy | Contacts

Entire Low End Mac website copyright ©1997-2009 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
Access our RSS news feed at http://lowendmac.com/feed.xml.
Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.