Slashdot Mirror
Fake Codec is Mac OS X Trojan
Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."
The only cure to stupidity is intelligence.
If someone is stupid enough to download something, run it and give it the admin password, it will obviously be able to take control of the machine. No operating system or security software will stop that.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
> If you're stupid enough to go through all of those steps, you deserve to be infected.
And does everyone else that your zombied machine spams or DDoS's deserve it?
25% Funny, 25% Insightful, 25% Informative, 25% Troll
There are dimwits and every market. If you think otherwise, it's because you are amongst the ranks...
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Name an operating system that can't be infected when a user gives an admin password.
Actually, the only people claiming that Macs are immune to malware, are people like you claiming others are doing so specifically so you can say these mythical people are wrong. This is a case of a program not being what it claims to be, and using social engineering to get someone to install something, make it executable, authenticate as root, and run it. No different than a year or three ago when someone came out with a fake Office for OSX package they shared on the P2P networks which was really a shell script that removed files. Not a virus - this doesn't install itself.
A "virus" with an install procedure which includes "and then become root and run it" isn't going to have legs.
and with windows... 1) Go to a porn site....
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
You find this "movie codec thingy" at a shady pr0n website (alarm #1), and it asks you to specifically download a .dmg file (alarm #2), install it with admin/root permissions (alarm #3) just to play a non-standard codec (alarm #4).
Meanwhile, by comparison, there are a whole host of Windows nasties you can get just by, say, visiting a website with a rigged IFRAME in the page.
QED: It's not a question of fanboys pooh-poohing something because it's their pet OS - it's a question of simple fucking logic.
Come back and tell us about it when OSX (eventually) has an attack vector that doesn't require the user to be a complete and utter dumbass, please.
Quo usque tandem abutere, Nimbus, patientia nostra?
As a result of "Open Safe Files" in this instance, the user has to perform something like six manual steps instead of eight. Anyone gullible enough to go through those six steps would be gullible enough to go through eight, so "Open Safe Files" isn't really making anyone less safe here.
This space unintentionally left unblank.
Not really. Is it a security exploit if the user must type in a password and install the program to make it work?
Sorry but there is nothing that an OS can do to prevent someone with admin rights from installing and running a program.
I am not a Mac User but anybody that installs a codec to view porn that they get from the porn site...
As the Honda motorcycle safty ads put oh so well.
Stupid Hurts.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Exactly. This isn't a computer virus. It's a social engineering virus.
Anyone that can write a keystroke logger program can also add wording that it's actually a codec for viewing videos. One more level of dishonesty's not going to stop them.
People often criticize Wiki, but seeing as the Wiki definition of a computer virus is "a computer program that can copy itself and infect a computer without permission or knowledge of the user", this is no virus.
Shiny. Let's be bad guys...
This is an *insecure* default setting.
What is? BY DEFAULT Safari prompts you to allow downloading things like disk images from a remote website. Then BY DEFAULT it asks you if you trust an application from wherever it came from - even allowing you at any time to revisit the web page it was downloaded from! Then after all than, if you choose to run the file in the disk image you are further prompted BY DEFAULT for an admin password.
What exactly is the DEFAULT behavior that is wrong here? Should all ability for the user to download and install applications be removed?
This is not a NEW "exploit", I remember hearing about this same exploit in a different form at least a year and a half ago. Apple had plenty of time to disable this feature
What, the ability to download an run applications?
I don't see what your complaint is on this one. Apple has made the system as secure as they can make it, at some point the rest has to be left to the user.
"There is more worth loving than we have strength to love." - Brian Jay Stanley