Jump to content

Can a Ruby Script Be Used to Bring Down a Mac?


Recommended Posts

  • Staff

Ben,

 

It's possible that ANY executable code that you might run on your Mac could do something malicious. It is certainly possible that a ruby script could delete files.

 

However, I haven't heard of any recent malware for the Mac created using ruby, or distributed by being attached to an e-mail message. More importantly, to run a ruby script on a Mac, you must go to the Terminal and use ruby to execute the script (eg, "ruby /path/to/script.rb"). I don't believe that you can simply double-click on the script file. It's always possible he could have received some other kind of file that would open when double-clicked, but it wouldn't be a ruby script.

 

Finally, modern malware generally doesn't get into the business of juvenile vandalism, except in the case of ransomware, in which case there's a definite financial goal behind the vandalism (ie, holding files hostage after encrypting them). I haven't seen Mac malware that purposefully destroyed the system since the 90s. He could be seeing something new, and it would probably be something targeted specifically at him if it behaved this way, but again, it wouldn't be a ruby script if he simply double-clicked it to open it.

 

So, it seems likely that he's mistaken as to some part of what happened. If you've got additional details that might help clarify, or if he still has a copy of that script, then that might enable us to say more.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Ben,

 

Looks like that file isn't actually a Ruby file. Inside the attached zip file is a file named RB1409181.RB. However, the .RB extension is actually not accurate... the file is actually a .zip file. Inside THAT .zip file is a folder full of dBase and FoxPro database templates. As far as I can tell, they don't contain any data.

 

Nothing in there is actually an executable file, so this couldn't possibly have been the cause of any problems.

 

Hope this helps!

Link to post
Share on other sites

Hi Thomas,

 

Yes that was a big help!

 

Thank you for investigating that file for me I really appreciate that you took the time to take a look and later find out that it was not actually a Ruby Script at all? Strange that the sender of the original email should have renamed a zipped dbase and Fox Pro database templates folder to .rb?

 

I will definitely tell everyone I know to frequent this forum whenever they require assistance with any possible malware related files, etc...

 

Thanks again,

 

Ben

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.