Here’s an article I spotted on Google News, via Vnunet.com:

Security experts have warned that malware which exploits a flaw in the Mac OS X operating system has been spotted in the wild.

As usual, the warning came from Symantec, a firm that now has a firm track record, like McAfee, of releasing alarmist reports full of exaggerations and falsehoods which try to represent Mac OS X as being vulnerable to malware so they can sell frightened users their unneeded anti-virus software.

So you go to Symantec’s page warning of this new “OSX.Exploit.Launchd,” and it says this:

OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability (as described in Security Focus BID 18724). It provides root access on the Macintosh OSX version 10.4.6 or earlier.

The thing is, as much as I try to read this report and the news articles generated by it, I can find no description anywhere of how the trojan presents itself. A trojan is supposed to trick a user into opening the malware via social engineering, but there is not a word about how it does so–information which would be vital for people to avoid it. In fact, the Symantec page only will say that the “trojan” will provide root access to an outside user–but the “trigger” and “distribution” info fields all say “n/a.” Furthermore, while the report claims that the trojan is in the “wild,” it reports that there are “0-49” infections on “0-2” sites.

So guess what? It doesn’t exist. That’s right–this so-called “trojan” in the “wild” has no actual existence except as a potential for existing. The company has now admitted that nothing more than example exploit code exists–in other words, somebody wrote yet another unapplied and harmless bit of code to show how a certain security hole in OS X might be exploited. Not to mention that Apple released a security update a few days ago in 10.4.7 to patch the exploit.

And yet Symantec’s page on this “trojan” still stands, claiming it is a “trojan” (how can that be, when there is no method of delivery?) and that it is “in the wild”–although in a way, their report of “0-49 infections” is accurate in that there have been “0” infections. Incredibly misleading, however, as no one would expect such a classification to be made if there really were zero infections. And yet…