Slashdot Mirror
Fake Codec is Mac OS X Trojan
Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."
Am I the only one to think 'finally'?
I thought Macs didn't get viruses or worms and that they "just worked".
In my Macintosh? It's more likely than you think.
Comment removed based on user account deletion
If you're stupid enough to go through all of those steps, you deserve to be infected.
Err... why is this news? Sites have been trying to do this to all variety of computer for some time now. Did I miss something?
---Vote None of the Above---
The only cure to stupidity is intelligence.
If someone is stupid enough to download something, run it and give it the admin password, it will obviously be able to take control of the machine. No operating system or security software will stop that.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
I've seen this story on several Apple/Mac related news sites yet, and the majority of the comments consisted of Apple apologists telling each other "nothing to worry about, because you still have to enter your admin password".
/. crowd will be any different.
I wonder if the
I don't know anything about the Mac OS X but is all the extra steps the article points out. Are they normally needed to install lets say a normal codec? Vista reminds me of the same thing that while it may actually be more secure then previous versions users are still going to think that after seeing these screen after many times while trying to install other "normal" programs they will not take it as a caution any more but just enter in their information as soon as the login screen pop-up.
Where is the "haha" tag for this post? WHERE?!
The summary is misleading, it does not give full control of the computer to the attacker, but changes the DNS server for phishing.
It could just as easily install a VNC server I suppose.
Does it work on Vista?
Um, no.
The trojan directs all DNS traffic to DNS servers that will route traffic to phishing sites or porn sites...
Not really "full control of the machine" *rolls eyes*
Much like the default QuickTime setting to "autoplay" content, long after the autostart worm came and went (MacOS 8-9 days), the continued default to open "Safe" files is something I have on my new Mac set-up checklist to turn off..
The only news here is that even in 10.5, Apple has refused to get rid of this default... sigh.
Full control of DNS, yes. As far as I've seen, it's not a remote root exploit or anything. It just installs global DNS servers that cannot be easily removed or even noticed.
Jory
That's like saying that Troy had to put their enemies in the horse, then drag it up to the gate, drag it through and then offer a soft cushy landing spot for warriors coming out of the horse.
"Why you think the net was born?" _________________
Five points for finishing the line, an extra 10 for naming the reference (and no, a certain MMORPG does NOT count).
"So after all this, you make my case for me. To end this stalemate, you must die..."
I saw this posted on security focus like hours ago..
To get infected, you have to:
.DMG file. .DMG
1) Go to a porn site
2) Download a plugin from the porn site
3) Click "OK" that you are downloading a
4) Mount the
5) Go back to the Finder
6) Double-click the installer
7) Type in your account password
8) Click next a few times
Calling this, "In the Wild," is laughable. How did the porn site "get infected"? I'll bet anything that the porn site(s) in question know exactly what they are doing...
The Right Reverend K. Reid Wightman,
If Apple really wants to continue to provide users with the "Open Safe Files" option in Safari, it would make a whole lot of sense to associate that feature with a white list of approved domain names like apple.com, adobe.com, etc.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
porn, porn, porn
Avenue Q
What do I win?
Ultracodec1000 > all your base.
-Matthew Riley "TofuMatt" MacPherson
I have a website
Comment removed based on user account deletion
Your subject seems to suggest that you believe that now that there's actual a piece of Mac malware in the wild, things with snowball, and there will be more and more. Is there any logical reason to believe that this is the case? In the latter days of pre-X Mac OS, there was some malware program or other released every year or three, but the rate never seemed to climb.
Any Mac haters gleefully hoping that this is the start of a Mac threat environment similar to the Windows threat environment is probably going to be quite disappointed.
This space unintentionally left unblank.
Avenue Q
What do I win? Do you really have to ask?
More Twoson than Cupertino
"Sure, Russian porn site offering me 'free' videos ripped from US porn producers ... I trust you to give me software to install in order to watch your video. Wait, I'm using a Mac - which ships with nearly every conceivable video codec I'd ever need to produce and edit professional video because It Just Works. What are the chances that Russian Mafia are one-up on Apple for a video codec I'd need?"
Malware does not equal virus, iit does not "break" into a machine through security holes, it hacks the wetware between the monitor and the seat, convincing them to consent to the install.
It's impossible to make a machine fully idiot proof, but in the past couple versions apple has added 3 new "nag" boxes to safari in attempts to warn people.
Anyone who goes through that many screens deserves to have it installed.
I don't install any media player or codec if it asks for root permission.
even flip4mac doesn't require full permissions.
you drop the free component into your home's library folder and it runs in user space when websites call for wmv decoding.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
I feel a great disturbance in the Reality Distortion Field. As if millions of Mac Fanboys cried out in terror, and were suddenly silenced.
15 points... duh.
please me, have no regrets.
Right now you have to convince people to install the trojan.
... I don't see the growth rate being above the disinfection rate.
Okay, that will give you X% of all the Mac users out there.
Then what? How do you increase X?
With Windows, the trojans scan the hard drive for email addresses and send out links to every address it can find. That depends upon unpatched exploits in IE or you having friends who are as dumb as you.
If the same happens here
that this will move from the pr0n sites into the mainstream video sites?
We're simply talking about social engineering. Windows, OS X, *BSD, Linux (and probably most other operating systems out there) are all vulnerable to this sort of attack, there's just little in the way of motivation to actually do it.
The part where the dmg is automatically opened is the only thing that even resembles a vulnerability as such, though it should actually be filed under "insecure default settings" rather than a vulnerability per se. This said, both linked articles are quite sparse with information regarding the actual installation. From my experience Safari should say something about the archive/disk image containing an application before actually mounting the dmg, and then prompting for an administrator password for the package to be installed. If either of these steps are compromised, you can call this interesting, because there's an exploit at work. If not, then it's a bog standard social engineering attack, to which every platform is vulnerable. The only news here are that you can't browse the web with your Mac in a completely carefree manner anymore, because there are some Bad Things out there targeting you.
Before the installer is launched, I'm fairly certain the user is first prompted with, `".dmg" contains an application. Are you sure you want to continue download ".dmg"?` Unless that was cleverly disabled on their half. Regardless, you still have to give the installer permission by typing in your admin login and password.
If you've gotten that far with your randomly downloaded file from some random untrusted porn site, I hope it bricks your computer as a valuable lesson.
On the bright side, at least it isn't a "run the installer with root privileges and kernel/driver access even though the user isn't an admin" issue, like another operating system I read about...
Since Mac users are too smug for porn I guess this won't be that bad
People I did "tech support" for after hours would often call me because their computers were infected with a virus. I repeatedly suggested they avoid the pr0n sites, or at least not click "OK", "Yes", "Accept" or whatever to every popup they encountered. It was a waste of my time and they continued to infect their computers. Eventually I just told those people not to call me again, so now they have to haul their systems into the nearest town and pay some guy to wipe their drives and reinstalls the OS (no backups, or recovery attempts, he just wipes the HDD...I don't think he knows how to do anything else).
The well-written parent message sums it up.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
If it's possible for a Mac to get infected without the user's knowledge, then that qualifies as "in the wild".
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
malware does not equal virus.
virii exploit security holes to install themselves forcibly and covertly.
malware exploits the gullibility of users to gain access to a machine.
virii hack the software or firmware of a given machine
malware hacks the wetware between the monitor and the seat.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
One thing I noticed was that the more times a user has to enter their security password the more likely they become complacent and assume that any install is going to require it and any install that occurs is going to be safe.
Basically what sunk later attempts by Microsoft to patch security. As soon as they added "warnings" (aka popups) people got into the habit of clicking yes and thereby undoing any chance the programmers had at protecting users from being stupid. You can even blame this behavior on EULA's which require click through - people do this automatically.
As the Mac gains in popularity the numbers of careless people will go up and infections like this will occur more often. The key is finding a way to train the user that its WRONG. That or finding a way to have the OS run objects installed in some form of "safe mode" for a time without letting the user in on it.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
- This is an *insecure* default setting. I don't care if it asks you for an admin password, automatically running things downloaded from the internet shouldn't ever be a "default".
- This is not a NEW "exploit", I remember hearing about this same exploit in a different form at least a year and a half ago. Apple had plenty of time to disable this feature (or at least turn it off so people would HAVE to do the "dumb" thing and re-enable it) and they have not.
- The asshats who write these trojans cost EVERYBODY time, money, and effort. If it were limited in effect to the dumb user, a la "oops, I deleted some files I didn't want to delete!", it would be *slightly* better. But identity theft, break-ins, DDoS attacks, spam, etc. are all costly effects of these "dumb" users "getting what they deserve."
I'm an apple user. I own several of their systems, and find them -- on the whole -- to be incredibly fun and easy to use. But Apple shouldn't get a free pass on this (nor should Microsoft, nor should Canonical or any other Linux distro). By setting this trivial "convenience" up by default, they've made their system more insecure. Yes, there are still people who will double-goddamn-click on anything and everything, but let's at least make it harder for the simpletons to inconvenience all of us. It would be a fairly simple fix for them to make, and one which they should have made a long time back.If it barely spreads then the security model is relatively successful. If it spreads like wildfire, creating a 50 million machine monster supercomputer at the hands of international criminal cartels, then the security model could be said to have been less than successful.
Deleted
Yes, but hasn't Intego tried to scare Mac users into purchasing their virus protection before? In fact, they've done this quite a bit. Check out their report and pay close attention to the "Means of protection" paragraph at the end of the article.
The news is Intego attempting to scare up business, this is not a Mac virus, especially when you have to do quite a few stupid things along with giving permission to install from an admin. My goodnes...
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
The "Target" here must be a user with administrative rights to the console. No admin rights, no install.
With a name like UltraCodec, you KNOW it has to be good!
The original generic sig.
So Windows fan-bois, ask yourself the question: Would Mac-users now want to switch with you when it comes to malware? 1 troyan versus tons of bad stuff? That is a no-brainer except for no-brainers. But is this troyan a problem for Mac-usin', Porn-surfin' slashdotters (now you know why Apple promotes big 30" screens, right? Never seen an add that bigger is better?)? No. When surfing for those pictures that sneakily attempt to promote that breast-milk is best, Safari's Private browsing setting can be used. No stuff is downloaded to the hard disk. That includes no malware.
Bert
Nice Try tho...
Fiat Homos et Pereat Theos
The Windows way. None of this download, mount, open, click, password, click, click nonsense.
Who says Macs "just work"? Obviously they don't for trojans!
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Yes, but hasn't Intego tried to scare Mac users into purchasing their virus protection before? In fact, they've done this quite a bit. Check out their report and pay close attention to the "Means of protection" paragraph at the end of the article.
The news is Intego attempting to scare up business, this is not a Mac virus, especially when you have to do quite a few stupid things along with giving permission to install from an admin. My goodnes...
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
I created a virus for linux its gonna be on slashdot next week. (run as root please) #!/bin/sh sudo rm -r /
But easy to remove.
What dumbass can't spell "wild"?
;)
Oh hell I guess it's me...
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Wow! So you can install a Trojan with admin privs? You could also install a new OS. Would you consider that a vulnerability?
No more shall we endure your taunts of being too obscure a minority to content with! Even the Russian Mafia thinks we're worth taking notice of now.
...Now we too shall now the bane of being pestered by colleagues and neighbours to help them score pirate software and to undo the embarrassing things they do their machines.
These stories are free but worth money.
The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec
.damage file. They should have never named it .dmg, it just begs to be used to .damage something!
.dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed
.damaged Trojan, or you may become infected.
I always knew there was something phishy about a
the
Lesson learned - NEVER mount a
He who knows best knows how little he knows. - Thomas Jefferson
Fix your website... it keeps giving me the default Apache test page for some reason.
(kidding!)
Quo usque tandem abutere, Nimbus, patientia nostra?
Your argument isn't as original as you'd like. It's also flawed. Just compare Apache to IIS. Apache has much greater market share, but IIS get exploited like Swiss cheese. How do you explain that?
Another counter argument: Although Linux has a much smaller installed base than Windows, a cracker could stand to gain much more by exploiting Linux. Imagine the wealth of sensitive data hosted on Linux servers.
Raj Against the Machine! http://social-butterfly.appspot.com/
The effectiveness of this trojan is going to be how similar the above steps are to what you'd be asked if you were installing a legitimate codec.
If you thought you'd downloaded a codec and those are the steps required to install a codec, then people will do precisely that.
Not that I'm picking on Apple here, it's exactly the same on Vista. If you present some malicious code as something that requires root access to install, then people will blindy install it. Not quite sure what the solution is to this problem, apart from maybe an extension of the authorization process. Maybe instead of just asking for admin, it should ask "It looks like you're trying to install something to do with Networking -> DNS"... actually the more I read that I get vision of Clippy.
First, came the news that Mac sales has risen by 2/3 from last year, so that one in 12 new PCs sold in the U.S. is now a Mac. Now the user base of the Mac platform has risen to the point where it's worth developing malware for it! If malware developers are taking notice, legitimate application developers can't be far behind. Rejoice, Mac fanatics: you're finally a mainstream platform!
Yeah, I agree with most posters. It doesn't really count if the user has to run it manually, and run as root to get it to work. It's a problem with the user, not the OS - any OS is vulnerable when the user is not privy to this kind of attack.
Shameless plug alert: Game server control panel
As a mac user user you normally end up downloading a load of shareware as there isn't much proper software out there. Certainly some of it require admin privileges to install and run. That dialog box asking for the admin password is NOT the same as a warning saying "do not install this". It just means you have to enter the password to continue. I can't remember, does Flip4Mac require a password to install? That is a codec and a good comparison.
I have excellent Karma and I am not afraid to Troll it.
Really, this might as well be the "Amish Trojan" already in the wild. Sample email:
/\m15h H4x0rz
Dear English,
You have just received the "Amish Trojan". Seeing as we don't have programmers (or computers), this trojan operates on the honor system. So, please foward this to all of your friends, and then delete all of the files from your hard drive.
Thank you.
Teh
Everything on the internet can be found for free somewhere / somehow but some people like to pay for convience, quality, or to support the "artists". Just providing the other point of view. Its pretty arrogent for you to sit there and think you know better than everyone else, and everyone who disagree's is wrong, what about people who have interests that can't be filled with WoW on entsity.net? :P
I've seen the same thing for the windows platform. I remember that it wanted to install something called Seekmo. I laughed and read the page source. Then I bypassed the scripting and downloaded the file directly just to spite them.
I know it's been said before, but it bears saying again: this is considered "in-the-wild"?
When a virus has to ask a user to install it, it becomes purely a social engineering attack. In my opinion, if anything this says something positive about the security of OS X itself, in that is apparent weakest link occurs between the chair and the keyboard.
>> Meanwhile, by comparison, there are a whole host of Windows nasties you can get just by, say, visiting a website with a rigged IFRAME in the page.
Meanwhile, by comparison, there are a whole host of Windows nasties you can get just by, say, visiting a website on IE with a rigged IFRAME in the page.
Now take your FUD to another Macbois and laugh at the Windows users.
I did not say that they did. I said that the trojan scanned the hard drive of the infected computer to find anything that looked like an email address so it could send links to those addresses.
If someone clicked on one of those links AND had a version of IE that was exploitable, then they were infected.
That is how X increases in the Windows segment.
Yes they can. But they still depend upon a browser vulnerability in that scenario. Microsoft's decisions with IE (ActiveX, "integrating" it into the OS) means that the exploits are worse with IE than with, say, Firefox.
Targeting it does not matter. What matters is how to increase X%.
If the infection rate is below the disinfection rate, the trojan dies "in the wild".
Yeah. You go with that.
Actually, it appears that your argument is the one that is empty.
Getting ONE person to infect his Mac is not much of an achievement. With enough users, eventually you'll find one dumb enough for fall for any scam.
What matters is how fast it will spread.
So far, this trojan has demonstrated that Mac's are extremely secure. The trojan is not spreading.
Compare that with the Storm Worm.
And who is saying that 100% security is needed?
Security is a PROCESS. Not an end-item.
All that is needed is for Mac's to have an infection rate that is BELOW the disinfection rate. The the viruses and trojans and worms will all die "in the wild".
No need to make any claims about "100% secure" or not. It's the infection rate that matters. Does it spread faster than it is removed? If it does not, then it is not a threat. If it is not a threat, then the Mac is still considered "secure" by its user.
I don't know about you, but if grandmagoldenshowers.com recommends that I download software, I do. If my operating system give me a detailed warning about the software that I downloaded from the porn site, I disregard it. And if I'm forced to authenticate the installation, I do.
Porn sites have given me hours of free orgasms at my desk, why wouldn't I blindly trust them?
Oh and I also always give my credit card and social security number to Ebay when they're having problems with my account and they direct me to www.secureauthenticate.ebay.com.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
I hate this ignorant attitude that unless something happens automatically it won't happen. Sorry, but most trojans go in the front door, not the back one (hence the name "trojan"). Better than 90% of the infected computers I encounter are infected with something the user had to take an active hand in installing.
One of my all time favourites was an e-mail virus. This happened after we installed our spam filter, which is also a virus scanner, so it was a surprise to us since installing it had dropped the occurrence to zero prior to this (no matter how many times we harp on them, many people refuse to run virus scanners). At any rate the way this file got around the virus scanner was by sticking itself in an encrypted zip file. It would then put the password to decrypt in the e-mail message.
So what a user had to do was get the e-mail, save the attachment, try to open it, look in the e-mail for the password, enter the password, get the exe, ignore everything we told them about not running exes and then run the exe. Quite complicated yet a number of people (4 if I remember correctly) did it. They assumed it HAD to be legit.
Well, same shit here. This is just proof that no, requiring an admin password doesn't make your system magically secure if the admin is willing to give it up. All they did is present the user with a mildly plausible scenario (that you need a new video codec) and bait that the users wanted (a porn video) and there you go.
This is simply proof of what many of us have been saying for a long time: Things like needing to enter an admin password are just hoops for a normal user to jump through. They do nothing to enhance security if there isn't a skilled operator. It isn't some magic security shield that will protect you from evil stuff. The power to install software implies the power to install bad software. The power to control a system implies the power to damage the system, and so on.
There's been a lot of make-believe going on that MacOS is immune to spyware/trojans because of its design, specifically the privilege escalation thing. This is proof that's not the case. You can put as many hoops up as you want, if the users want what's at the other end bad enough, they'll jump through them without looking to see if they are on fire.
Sir, you may well be the Richard M Stallman of Pr0n.
Rich And Stupid is not so bad as Working For Rich And Stupid.
Actually, it sounds like the user is prompted to install it. There's no local priv escalation vulnerability, unless you count the local user installing the plugin a privilege escalation vulnerability (which, in essence, they are).
It's amusing, because installing a codec for some bizarre video format is something that people would do. Soon, there'll be a "Flesh Player8.0" that you'll need to install, made by "Micromedia"!
just enable the root account and type that into the terminal.
-- Boycott Shell
hmmm... in which year are you lving? IIS 7 and 8 are reported with 0 critical vulnerabilities and have not been seriously threatened. Now if you tell me II4, then... that was another five cents.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
porn looks better on Windows, geeky on Linux, and totally gay on Apple!
My friend accidently installed this on his mac. I'm glad to hear it is not going to send itself to everyone on my mailing list!
Here is some advise for those of you who got infected like me:
I found a great mac-friendly site at www.safepornsurfer.com, which has a fix for this trojan.
All you have to do is install their SafePornSurfer Application, which will run in the background and fix this and all
other problems you might install by accident when your friend is surfing porn sites.
All you have to do is double-click on the downloaded DMG, click on the installer, supply your username and password
(this is to help the program block all those nasty malware trojans), then keep clicking on OK.
Easy, just as a Mac should be.
Aren't these guys great for helping out their fellow mac users by writing such a great program?
I quickly emailed everyone on my contact list (everyone that isn't a stupid windows user that is)
the link and highly recommended that they install it.
I was scared for a minute, but I'm relieved this phase of bad Mac security is now over.
I'm glad to know that I'm again perfectly safe doing whatever I want on my new Mac!
I wouldn't say free, because your paying for it by looking at the ads on the side of the screen, but two that come to mind are www.newbienudes.com and www.postyourgirls.com
1) give money to Apple
2) cluelessly download a new codec
3) ????
4) get pwned
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
You're just making yourself look like a troll by using "p0rn" over and over. "Porn" isn't censored, you know. (at least, the good stuff isn't)
"Porn, Porn, Porn!"
Trekkie Monster, Avenue Q
However, for the MMORPG ref, the World of Warcraft video made from this song is also quite amusing.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Oh please, this has been so thoroughly debunked you should be ashamed for even thinking it, let alone posting it in public view.
What are 'writters'? What is 'Mak or Linuzzz'?
You can't take the sky from me...
Well, if the Internets are going to replace people in relationships, then those without relationships have to go SOMEwhere. Maybe they will find their wet, queasy feeling moments after DOWNloading the softwear onto their hardware.
Now, what WOULD be scary is if the REALDOLL came, err, umm, ARRived with trojans and malewear, umm, malware. "Excuse, me, butt, I need your assword and for you to turn over for my social reengineering progam to bootstrap you."
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
You can't take the sky from me...
"The target must click through a series of screens"
And engage in a specific pattern of toe-tapping and handwaving.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
I thought that, given their hip status, that they'd be having sex instead of watching porn. Does this make them as pathetic as Windows users, yet?
What you describe is more like a year or two ago, now anyone who wants Divx or other odd formats just installs Perion and they are done. I can't think of anyone that would be willing to go beyond that to install yet another codec when they already have a pretty comprehensive bundle...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is an *insecure* default setting.
What is? BY DEFAULT Safari prompts you to allow downloading things like disk images from a remote website. Then BY DEFAULT it asks you if you trust an application from wherever it came from - even allowing you at any time to revisit the web page it was downloaded from! Then after all than, if you choose to run the file in the disk image you are further prompted BY DEFAULT for an admin password.
What exactly is the DEFAULT behavior that is wrong here? Should all ability for the user to download and install applications be removed?
This is not a NEW "exploit", I remember hearing about this same exploit in a different form at least a year and a half ago. Apple had plenty of time to disable this feature
What, the ability to download an run applications?
I don't see what your complaint is on this one. Apple has made the system as secure as they can make it, at some point the rest has to be left to the user.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I've found a great way of getting free pr0n and warez on Mac OSX. Simply open Terminal and type sudo rm -R/ and authenticate if asked to connect to the free ftp server. Works like a charm for me.
There, can someone write a story about this now.
spoonerize "magic trackpad"
Let's put it another way. If Windows controls 90-ish% of all computers, then it would make sense that somewhere about 90-95% of the viruses would be Windows targets. Yet there are still ZERO serious OS X infections since the early 2000s. There are 100million + macs in use right now and 2 million macs sold last quarter, most of them being more vulnerable laptop versions used in public wifi spots a lot. Why haven't any of these suckers being brought down?
Why do you think it's called a ... trojan?
http://www.bash.org/?5489
Is the kind of video I would need a special codec to view? Gimme a link and I'll install it.
Shop as usual. And avoid panic buying.
"If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched."
"...the installer is launched."
The use of passive voice makes this sentence incorrect. The user must click on the installer icon to launch the installer; the bad program will not install itself without user interaction.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Sorry. I was talking about THIS MACARENA virus. Oh, and here we have one more: The Leap virus. Nah...it's an illusion... NOT. But because the critical mass of MakOs is so little that if the virus spreads on the internet the pprobability of it landing on one of the 5 MakOS users in the worls is... lets see... almost zero, cero, null, noll, nil.... Easy like that.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
This is a very good argument for making all software free. Whilst Windows has been insecure by design, where just browsing around can cause system compromise, the one universal method to compromise a system is to install software which has been altered. About half of the people I know own and use macs. They paid extra to get one, but most of them didn't buy their photoshop suite, their office suite, etc etc., because they are ordinary home users, they have limited funds and the temptation of saving hundreds of dollars is too much. They don't have a cleanly licensed system anymore. They will always say yes to more pirated software. They are sitters for trojans.
Then my 'linux' friends. Do they need to buy a photoshop suite? No. Do they need to buy an office suite? No, they all came with the system. Do they need to buy games? Who cares, they had extra $$$ left over because they bought a whitebox and now they have an Xbox or some other thing. As for solitaire and sudoku and other coffee-break games, they can find it in their package manager.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
...a virus. It is also not a vulnerability in the OS.
Karma Schmarma
*Take in any context you like.
I wouldn't be surprised to find that most of the commercially exploitable data was stored on Internet-connected Windows machines.
The people using Linux will usually be smart enough to store the data in a database, behind the firewall separating the "green" network from the DMZ. In fact, a large proportion of those will only have the HTTP concentrator/reverse proxy sitting on a world-visible address with the rest of the operation hidden on private networks or on the other side of data diodes.
By their technical nature, the Linux users will understand what is meant by, "security is like an onion." The Windows users will be the ones asking, "oh? it stinks?"
Moderators are on crack again. Where is the troll here? This was quite a good and , may I add, interesting post.
"What's the sound of a thousand eyes rolling?"
:(
Jeez, I don't know, but it probably sounds pretty damn disgusting. Gross!
This basic "social engineering"-based trojan is old news.
I remember back when I ran a Hotline server (with fully legal files of course) from around 1997-2001, and people would try to "hack" my server by uploading these well-disguised "utilities" that were actually AppleScript applets that, when executed, would secretely add a maximum-priveleged admin account to the HL server. Someone would upload one of those and go "Hey dude check out this sweet [game/app/whatever], it's pretty cool!"... Of course, I always highly scrutinized user uploads and managed to catch them every time (fortunately), but the trojans were pretty damn convincing in terms of seeming genuine. Legit-looking application icon and detailed info with copyright etc. for whatever program the applet was masquerading as.
I'm sure a lot of other former Hotline server admins will remember the exact same thing, and I'm sure a lot of people unsuspectingly ran these malicious apps back in the day, not realizing how easy it was to disguise an app and conceal its actual purpose.
Anyway, needless to say, this type of trojan is old news. The only good thing about all the "OMFG" news-reporting is that users will be a little more vigilant about what they download and run, hopefully. Besides that, it's a complete non-item.
here, I'll say it. my Mac is IMMUNE. :-)
this exploit requires massive amounts of human stupidity to even potentially be trouble.
oh, and people that are this stupid are still using windows
IMMUNE LINE 1-800-GET-AMAC
hey virus....bite me!
I-M-M-U-N-E
(this posting was typed real slow to assist the those reading this with IE)
Just wondering...does Symantec has any antivirus software for Mac ?
Default your Oracle EBS with success !
This virus works on the honor system:
If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random.
I am pleased to see these nonsense osx malware stories have at least decreased in regularity.
...I agree, this takes a total moron to allow this to happen. It is not the same as MSWindows being open to assault just by ActiveX and visiting a site.
But face it, there are a lot of stupid people out there. There are people that will click through this to get to the goodies only to be raped in return. There are people that believe OS X is perma-secure, hell there are people that believe if they buy a Mac and put windows on it they're more secure somehow than everyone else running Windows. There are a lot of stupid people.
And all this really means is that the people that want to do bad things to your system are now looking at OS X more seriously now. It's going to get worse before it gets better.
The only thing I can say is a boon is that unlike Vista, when I installed OS X on my MacBook, it got faster. And when I do have to deal with real assaults, Apple has made me more equipped to recover. The same goes for my linux and unix installs at work. With Windows, it's generally the OS's vulnerability (as opposed to some side component) and I have to wait for MS to deliver a fix. The sooner I leave Windows behind, the sooner I think I'll be happy.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
Go to JailbreakMe.com on an iPhone or iPod touch and get your device totally owned. I know it's not specifically related to this discussion, but Windows isn't really either.
Most citizens seem to think it is much better to just buy the tank and drool as you drive. It's for the children and all. Bleh.
Blar.
Really...
.dmg.
I'd sooner lay down and spread my ass cheeks in an AIDS ward than I install a strange
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Dammit, they found my one weakness.....
Be gone from my sight or prepare to feel my flaming wraith!
Modern Macs may have few viruses, trojans, etc. (a 68000 based Mac is where I first saw a virus myself, but I know OS/X is much better.)
However, I have also never seen a unicorn with rabies.
A Mac virus won't spread via the 'net because the odds of a random connection leading to another Mac is much smaller than hitting a PC.
What I would find interesting is a multi-platform worm/virus (which would be easier with newer Macs being x86 based (are there 64 bit Macs? what's their RAM limit?)) Not something high level, like a Word-macro or Java virus, but something that when executing on a PC, keeps it's Mac payload as data, and vice-versa, maybe even using 'boot-camp' machines to cross bounderies.
I think IPv6 may do a lot to reduce internet worms; first, by eliminating non-compatible worms, secondly, by making scanning the global IP address space take about 79228162514264337593543950336 times as many probes. But address books and such will still be sources of targets.
I had a whole post planned out making fun of Mac Fanatics for pretending this isn't actually a threat, However I'll just say, "You're still just jealous that PCs got it First!"
Bottom line -- unless the Linux ecosystem becomes much more homogenized, the ELF format is too brittle to support a virus or worm which doesn't download source and compile itself.
Put identity in the browser.
...people use Safari?
of an uptake up apple systems, is the increase of viruses and spyware on the platform. Viruses can only exist if there's a certain density of compatible systems on the network.
It's good to see there's some flame bait for the Mac fanboys on slashdot to chew on for a while. It's hillarious to see the responses: "They would have to download a .dmg file, mount it, install the app, and then give the admin password. Who does that?"
as if this is some HUGE hurdle to jump over to get infected. You might as well say in order to get infected on a Windows box, first you actually have to PLUG IN your ethernet cable, or even connect to a wireless network. Then you have to actually TURN THE MACHINE ON!
Is it so unreasonable to expect that with the Mac user base a) growing and b)consisting for the most part of people who don't want to have to worry about malware that most of these users wouldn't think twice about having to go through these steps?
I just hope they stop with the no-viruses-on-mac ads soon, as their bluff will soon be called.
-=Curtis=-
Maybe you should check out "your OS" that you're so proud of with consistently open holes in their "data center" server. http://secunia.com/product/1174/?task=statistics Yes, I too once was a MS developer, blah, blah, blah. 20 years working with that crap.
I say things which affects my Karma negatively. (and I don't care) For instance; All religion is false.
Isn't this essentially equivalent to having .exe's listed as "Safe" files on a Windows machine?
Am I the only one that thinks it's strange that enabling auto-opening of "safe" files will cause it to automatically mount and execute an installer? Does this happen if it's not a user-initiated download? Is "the Installer" a piece of Apple software (package management type thing) or is this more like Autorun in Windows?
Is the default setting for Safari to open Safe files automatically after download, or does the user have to enable this option?
This is a really interesting situation. There has always been smugness with the Mac community about OS X and getting pwn3d. The guys at Apple are mostly to blame for this. Instead of Apple telling it's minions that yes in fact there is a threat to users of the Mac OS X system (as in every operating system) so you should add layers of security to protect yourself. I have to admit the Mac OS X system seems to be one of the more secure platforms and that is great. But Apple is setting it's users up for failure.
I work in an office that handles computer security for a large network and have noticed that users tend to not install Anti-Virus software on their Mac systems. Apple has made them think they are superman or something. This will end up being a big mistake. Social engineering is one of the biggest attack vectors right now for malware so this new Trojan falls right into a nice comfy spot. And since Apple is making their users think they are made of Kryptonite it is likely that social engineering will work better on Mac users. As more evil doers create more variants of this type of Trojan they will use different methods to get users to open the file and install it. If you don't have AV installed how are you supposed to know that something evil is on your system? Your average Mac user won't have a clue.
This could in fact be a turning point if more malware is written for the Mac. Right now the biggest target is Windows and it is social engineering (not vulnerabilities) that is the most successful. It would be 'due diligence' to install Anti Virus!
crap, as usual, and slow to get into /. the trojan messes with the proxy settings and keeps you pointed at porn sites, it does NOT have FULL control over your machine.
There was an unknown error in the submission.
better not engage in that tapping & waving in a public restroom;-)
This think has it all except the Terms and Conditions agreement during the install.. $5 says that the removal tool is sponsored by the same website... -Z
yess www.yessmoney.com
Using the story of troy to define a trojan virus? Brilliant!
That's interesting, because that's exactly how Steve is selling his warez.
That's interesting, because on Apple's very own site, it says "no computer connected to the Internet will ever be 100% immune from attack."
http://www.apple.com/getamac/viruses.html
So who is these Steve you're talking about, and how is he relevant to Apple?
mean, you can install a Trojan like that any Unix-like OS (other than OS X) if you follow ALL the necessary steps to install it. The problem is not whether it's possible to install a Trojan on certain operating systems; the problem is the easiness of how it can be done. In Mac OS X you have to click through several screens to "get infected" while on Windows you're only one click away of getting infected. That's the difference.
Insanity: doing the same thing over and over again and expecting different results.
I would call it a classice, "User IQ error".
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
The guys at Apple are mostly to blame for this. Instead of Apple telling it's minions that yes in fact there is a threat to users of the Mac OS X system (as in every operating system) so you should add layers of security to protect yourself. I have to admit the Mac OS X system seems to be one of the more secure platforms and that is great. But Apple is setting it's users up for failure.
There is a threat, and it comes from Apple, but it's got nothing to do with adding layers of security or not adding layers of security. It has to do with Apple borrowing a bad security model from Windows... the idea that warning dialogs are an alternative to inherently secure design. I've been predicting that the vulnerability that this program used to launch the installer would be used in an attack on OS X since 2004. Instead of fixing the vulnerability (even in part, by eliminating 'Open "Safe" files after downloading') Apple has decided to add warning dialogs when the computer wants to do something that might have been requested as a result of this vulnerability.
http://www.scarydevil.com/~peter/io/osx-security.html and following articles.
What differentiates this social engineering attack from others (like the AIM worm) is that it's initiated without any explicit user action. The user is faced with a decision, and has been trained to make the wrong decision in this situation. This is the Windows model. The Mac model, traditionally, has been to do what the user requests when the user requests it, and if it seems like a dialog might be needed, look for a way to avoid it... for example, Macs don't ask before moving files to the trash, or before emptying the trash, because these operations are separate and both have to be performed before there is data loss. In this situation, the solution is to download the file to a standard location, but let the user request that it be opened as a separate operation.
In the browser I normally use on OSX, Camino, this is how it normally works... and the option to behave like Safari has a warning that this is dangerous.
Luckily, Apple seems to have decided to back away from the dangerous operation, making it off by default. The preference is apparently not universal... I've had Dashboard widgets installed even when it was off... and, unfortunately, all the stupid security dialogs they added while they were trying to avoid making that decision are still there. But it's a start.
Antivirus software is not useful in this situation. Antivirus software is not a useful tool at all until after there is a population of viruses for it to test for, and it's a bad idea to even consider deploying it before then because false positives and bugs in the antivirus are more likely to cause problems than accidentally getting a virus. I would recommend against using antivirus software on the Mac at the current time.
First of all you are absolutely incorrect by saying there are no Mac OS X viruses out there.
There are no viruses for OS X propogating in the wild.
Secondly there are a lot of tools that get planted on ALL systems that Anti-Virus can detect.
You don't need anti-virus software to detect rootkit tools. If you are concerned about them, it is far safer to install a rootkit detector, which doesn't patch the system to override system and library calls (and we just had a vivid blue demonstration of how good an idea that is) and run continuously in the background chewing up CPU time.
Mac OS X is susceptible to attack and ignoring that isn't going to help your security posture.
You don't make a system secure by "testing in" security after the fact. You do it with secure design. The security hole involved here is an obvious bad design that I've been blogging about since June 2004. Luckily, unlike the same hole that exists in Windows, you can turn it off in OS X and it's now off by default.
Multiple layers of protection, yes, but make sure they're appropriate ones. It's as bad an idea to install antivirus to look for rootkits as to take antibiotics for the flu.
i think it's funny how apple users assume all apple users know about all the good software that covers "everything".
Of course they dont. But anyone who needs more codecs (and lets face it, this means bittorrent users) quickly discover codec packs like Perion because they are widely discussed - or the install Flip4Mac and Divx and are done with it.
And you have to think more than twice, you have to agree to go to a web page and then download the "codec" and then agree to open that DMG and then seek to run the installer and then agree to admin. It's a lot of steps and it makes you think. And I don't think any of the users it's aimed at (porn browsers) are actually going to fall for it or at best a very, very small percentage.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Blah, blah, blah (Oh, yeah, please enter your administrator password here:__________________, and your Windows XP Key here:_____ _______ _______ ________ _______, then copy this line to an email and send it to me. After verifying your entry, I will send you free naked pix of Brittany and Paris*)
Much silly discussion of the difference between a trojan and a virus, and comparisons of stupidity between Mac, Windows and Linux users. Yawn. Worthless, under the circumstances.
Here's the most important thing. How hard is it to remove from the machine? Will the OS require wiping to remove it? Will expensive software have to be purchased to clean it off?
No. A bit of Terminal work will suffice. http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php. The guy who wrote this deliberately infected his machine and then cleaned it off.
The biggest problem with Windows Malware isn't just that there is so much of it--it's that it is such a PITA to remove once somebody screws up and gets their machine infected. Well, actually, that may not be such a problem. I get a lot of business cleaning off malware on Windows machines.
*The naked pix will be of the designated geographical regions of France, using Google Earth--what were you thinking I was going to send?
Fundamentalism is a crime against humanity
The solution to this problem is simple:
Now that the porn market has "penetrated" the Mac's operating system. What else can't it do? It popularized the internet, destroyed BetaMax... If the porn industry wanted to participate in Google's Lunar Landing contest i'm sure they'd have a shot at winning, though their ship would probably look suspiciously phallic...