ILOVEYOU on Mac?

I’m just wondering – being provoked by a Mac user on ZD Net claiming that e-mail attachments could not hurt him, even if he ran them, I took a peak at AppleScript. Being a Windows developer with very little Mac experience I was quite impressed with this technology – going from zero experience with AppleScript it took me less than 30 minutes to have a compiled script running and since I haven’t ever developed anything for the Mac and haven’t actually used one for years I must say that AppleScript rocks (I would write that it kicks my behind, by there seems to be a word filter ;-).
Anyway, what I am wondering about is the following: could you create an AppleScript that used the local e-mail client to send e-mails to recipients in the local address-book? The reason I’m asking is that a lot of people are really busy right now claiming that the effectiveness of VbScript on Windows is the sole reason for the spread of the ILOVEYOU worm/virus, but to me that’s like saying the we should only allow dull knives – it would result in less stabbing victims but it would be a [beep] working in the kitchen :wink:
Would Macs be equally “easy” to target using an AppleScript? This site contains some scripts that automates tasks on Eudora and Outlook Express, so there is some kind of connection.
(Please note I am asking from general interest – I’m not trying to prove any points about Macs being insecure or start any bashing campaign – I do not think that VbScript makes Windows insecure – I’m just curious, since in my head any kind of Apple-development had to be something arcane involving CoreWarrior, but AppleScript actually look both really easy and very powerful, and given the recent talks about scripting and e-mail I’m wondering if its “that” powerfull).

“could you create an AppleScript that used the local e-mail client to send e-mails to recipients in the local address-book?”
Yes.
“the effectiveness of VbScript on Windows is the sole reason for the spread of the ILOVEYOU worm/virus”
B.S. (I slipped that one by the word detector.)
" Would Macs be equally “easy” to target using an AppleScript? "
I don’t think so, there being to way to automatically run an applescript attachment. An applescript virus would:

  1. have to search for and use one of several email programs, none of whose object models for retrieving data are the same. This means the virus would be have a lot of code to do a little. A shorter virus would target only the most popular emailer (and in a particular version, as applescript support varies in different versions).
  2. find some way to trick the user into executing the program. Not difficult, I imagine; still it requires human intervention (and i know people who can’t figure out how to open jpeg attachments).
  3. find someway around the lack of macusers. There may not be enough macusers to spread the virus. Most businesses, for example, with databases of thousands of email addresses couldn’t be touched by a mac-only virus. (In my email address book are about sixty people; eight are mac users.)
  4. oh, and it would be slow. Applets can be forced to execute in the background when the user clicks an application the user intends to use. (If the applet forced itself to the front, then the infection becomes obvious, defeating its purpose.) And it might not be able to hide its fuctions: the user would see email being created, addressed, and mailed.
    A truly devious worm could combine windows & mac, by activating an internet connexion that downloaded the appropriate virus, then did damage.

: A truly devious worm could combine windows & mac, by
: activating an internet connexion that downloaded the
: appropriate virus, then did damage.
A truely devious virus/worm/etc. would use some way of having both Mac & PC code (a 68K worm & PC worm would work, not sure about PPC).
Imagine that… virus.exe has the code to run as an application(whatever) on a Mac & as an infection agent on a PC… be very nasty… and very hard to write I would say…
I’m not even sure it would be possible, just something that rattled around my head a few yrs ago when Chernoble came out…

I will have to respectfully disagree with the other two responses to your question. With a little work, AppleScript could produce the same kind of results as VB on a wintel machine. The only problem with sneaking AppleScript past the user is that you would have to clandestinely register a script server application to the browser. Once this was accomplished however, you could turn on their file sharing, retrieve and IP address from the TCP/IP control panel, and send remote events to the applications (including the finder) on their hard drive. Apple does have a much more secure (if less stable) environment than Windows make no doubt about that. VB is the ultimate backdoor hack for worms and since most Windows users have never even heard of VB, it definitely should not come preconfigured to allow remote events to be run! Unlike windows, you would have to turn on AppleScript first, and hope that the end user has OS 9.

: The only problem with sneaking
: AppleScript past the user is that you would have to
: clandestinely register a script server application to
: the browser.
How about plain attachments? I mailed my self a compiled script using Navigator, and it took me 4 clicks to launch the script – click attachment, save, double click icon. Getting the script running seems pretty easy, and I’m sure that AppleScript shares VbScripts anonymity among the common user.
But I guess if AppleScript is not turned on by default, OS9 users are pretty much safe. If you turn it on chances are that you would also be able to identify the danger an attached script posed.
: VB is the ultimate backdoor hack for
: worms and since most Windows users have never even
: heard of VB, it definitely should not come
: preconfigured to allow remote events to be run!
Uhm, if you think that VbScript embedded into a homepage retrieved from the Internet is allowed to do much more that displaying dialogs and controlling DHTML I can see how you got the impression that Windows is insecure. Luckily is isn’t so.
Anyway, judging from the answers I have gotten and my own experience with attached scripts in Navigator, its only possible to reproduce the ILOVEYOU worm/virus on systems configured to allow AppleScript and with a user that would not hit the power switch the moment that his/hers mail program started popping up windows left and right. Not very realistic :wink:

Just to add something else in the pot here; It was my understanding that VB script (aka love bug) was set up as a javascript rollover, whereas the user only put their curser over the link to it, and it started downloading immediately. Right?
Still, after all of this thread being exercised, Applescript still requires you to make the sucker run. I would like to think that anyone who owns a mac would have enuf savy to look at something very close that came as an email attachment, especially from someone whom they did not know -

No the virus came as an attachment that the user had to open. If you know attachments you do not execute this baby by mistake. After opening the mail you had to double click the attachment, choose “open” instead of “save” and click “ok” at the warning. Not something that a user can do by mistake.

It all depends all the person and how curious this person is all the persons I know who opened this “love letter” were women, go figure :wink: I guess that women are more into love :wink: Besides the whole gimmick is that you only receive it if you a listed in someone’s address book and chances are you would know and trust that person. Somewhere I read a pretty good term for the skill behind this virus social engineering. You spread this thing from friend to friend, with a subject that triggers your curiosity. I guess that love works just as well for Mac users ‚Äì but something like “Adobe stops all development for Mac” or “Steve Jobs is coming by my house!” would catch the eye of the average Mac user;-)
I have to differ with your claim that Mac users are especially savy just about all the Mac users I have met (but a few) works within advertising and have absolutely zero clue about computers and security. They would open anything in a heartbeat. Things might be different with Mac users in the states, but where I come from “Mac” equals “Easy”.
Anyway, now we are getting into the good ol’ classic religious war over platforms this is not the place and discussions like this always sucks, cause no one wants to learn from it.