Previously posted on the Mac Virus blog, as this potentially destructive hoax specifically targets Mac users.
Some not-so-nice people on 4chan’s /b/ or ‘Random’ board – a minimally-regulated forum that you can only access if you click to agree that you won’t hold 4chan responsible for any damages resulting from your use of the site – have come up with a hoax that has the potential to trash a technologically-challenged Mac user’s system. The hoax claims that Apple has been including a secret Bitcoin mining feature into its computers that allows you to generate Bitcoins.
According to the hoax, all you need to do is to open the terminal app and run the command sudo rm -rf/*
(You can see what the hoax looks like on Graham Cluley’s warning blog article Secret Bitcoin mining hoax risks wiping Mac users’ data.)
However, there is no such feature. The command does exist, but it does something that most people will not want to inflict on their systems: it attempts to delete all their files. In fact, it’s a variation on a command that Dr Fred Cohen – who in some senses ‘wrote the book’ on computer viruses – cited in one of his early books as an example of how destructive a small program can be. (In that instance the command was rm -rf $HOME/* but to all intents and purposes the effect is the same.)
- sudo allows, potentially, an unprivileged user to use a command that otherwise has to be run by a user with administrative privileges.
- rm is a Unix command for removing files.
- the -r switch is recursive: that is, it removes all files and directories in the specified directory.
- the -f switch stops rm from prompting the user for confirmation before removing write-protected files.
- $HOME is an environment variable representing the directory tree owned by the current user.
- the slash (or forward slash) character / is used in Unix as a path delimiter.
- the * character is used as a wildcard to denote any number of any characters in a filename.
So the command rm -rf $HOME/* means “delete all files in my home directory, including all sub-directories and the files they contain, and if you find a file that’s write-protected, go ahead and delete it without asking me.” While the command sudo rm -rf/* means “pretend I’m a system administrator so that I can delete all files and subdirectories starting from the root directory. (Unix directory trees, for some reason, have a single ‘root’ at the top of the tree. This may seem counter-intuitive but it wasn’t my idea.)
An article by John Leyden for The Register reminds us of a somewhat similar ‘prank’ played by 4chan hoaxers on Xbox One users, kidding them that there was a way to turn on Xbox 360 mode compatibility. (Following the instructions given in the hoax could effectively brick the Xbox.
How much harm is this really likely to do? Well, the chances are that potential victims who don’t realize the destructive potential of the command would have trouble finding the terminal app, and wouldn’t have risked accessing the /b/ board if they even knew about it. What worries me most is the possibility that the core of the hoax might be migrated to other channels and services, perhaps with the social engineering tweaked.
Small Blue-Green World