Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Trojans For Mac OS X

Posted by kdawson on from the knock-knock-who's-there-trojan dept.

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

21 of 326 comments (clear)

  1. users by Anonymous Coward · · Score: 5, Funny

    Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password. Are you sure? After all, we are talking about *mac* users. :P

    Let the flamewars begin!

  2. Two Trojans For Mac OS X Users by stuntmanmike · · Score: 5, Funny

    One for you, one for your partner.

    1. Re:Two Trojans For Mac OS X Users by Anonymous Coward · · Score: 2, Funny

      And ribbed for the mac users pleasure!

      Seriously, OS X is a unix system, so anything that works on it will work also work on Linux. More slashdot readers should be concerned.

  3. Worst. Trojan. Ever. by Anonymous Coward · · Score: 5, Funny

    The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer.
    Worst. Trojan. Ever.

    Hey guys, I've got a great new idea for a worm, I'm gonna start a e-mail chain letter that tells people they'll have bad 7 years bad luck if they don't forward the e-mail to 10 friends and send me their root passwords, IP address and their bank account and credit card numbers. It's sure to be a smashing success!
    1. Re:Worst. Trojan. Ever. by Steauengeglase · · Score: 3, Funny

      Just like a Mac fan. Complain that 3rd party Trojans aren't good enough for them.

  4. Lame by grusin · · Score: 5, Funny

    On windows they do that without asking for password

  5. Re:Proof of Concept Slashdot Trojan by i'm+lost · · Score: 3, Funny

    I need my preferences fixed. My password is 12345.

  6. Apple spin by Centurix · · Score: 3, Funny

    iTrojan, custom trojan, personally designed by Steve Jobs' evil twin Rodney Jobs, the UI would be beautiful, white, sterile. Mass infection through Starbucks WiFi.

    --
    Task Mangler
    1. Re:Apple spin by doyoulikeworms · · Score: 5, Funny

      iTrojan - It just works.

    2. Re:Apple spin by AioKits · · Score: 2, Funny

      By chance, does Rodney Jobs have a goatee?

      --
      "Quote me as saying I was mis-quoted." -Groucho Marx
    3. Re:Apple spin by neomunk · · Score: 2, Funny

      pssst; iSex is called "cyber" and there is NO protection that will stop your 19 y/o female bisexual cheerleader cyber-partner from turning back into the male 45 y/o laid-off McDonald's manager when "she's" done.

  7. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · · Score: 4, Funny

    That sounds like a combination an idiot would have on his luggage.

  8. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · · Score: 5, Funny

    User Id: Anonymous Coward
    Password is blank.

    I hope you fix my preferences soon, my karma never seems to go up, no matter how much I get modded up.

  9. Re:Proof of Concept Slashdot Trojan by weicco · · Score: 4, Funny

    1 2 3 4 5? That's amazing! I've got the same combination on my luggage!

    --
    You don't know what you don't know.
  10. Re:Proof of Concept Slashdot Trojan by JohnBailey · · Score: 4, Funny

    Wow.. thanks for the heads up.. my password is "********"

    --
    It is difficult to get a man to understand something when his job depends on not understanding it.
  11. Re:Proof of Concept Slashdot Trojan by Hal_Porter · · Score: 5, Funny

    O/T but have you noticed how if you post sensitive information like your password here SlashCode filters it to X's. Very nice idea.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  12. Re:Proof of Concept Slashdot Trojan by mrbluze · · Score: 5, Funny

    1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Is your luggage by any chance in the form of a wooden horse?
    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  13. You'd be amazed how dumb users are by Sycraft-fu · · Score: 5, Funny

    I swear, some people go out of their way to infect their machines. The one that stands out in my mind the most was a virus for Windows a number of years ago. Came as an attachment in a message that said "Hi I send you the file in order to have your advice." So never mind the bad grammar and such, but before campus got hit we got wind of the thing and sent out an e-mail message to all users saying "Don't open this shit it's bad news." One of the users called in saying she was having problems with e-mail, we came and looked. The "problem" was that she wasn't an admin and so, thankfully, couldn't run the damn virus.

    Or somewhat more recently we had a virus that slipped by our e-mail scanner. It did so by sending itself in encrypted zip files, and then putting the decryption key in the message. That meant you had to open the mail, save the zip, open the zip, enter the code, extract the executable, and run it. Two users did just that and got infected.

    So while it seems armature to do a "Download this then enter your password," kind of trojan, that shit works waaaay more than you'd think.

  14. Re:Proof of Concept Slashdot Trojan by fatphil · · Score: 5, Funny

    Obligatory: http://www.bash.org/?244321

    --
    Also FatPhil on SoylentNews, id 863
  15. Re:Yawn by Admiral+Ag · · Score: 4, Funny

    "Maybe a boat of Tahiitian hookers shipwrecks on the island?"

    So you're the guy with the device that can read my dreams. Please stop.

    --
    "by that I mean people who don't sit on slashdot all day wondering why everyone else isn't building robots" DECS
  16. Re:Proof of Concept Slashdot Trojan by 0100010001010011 · · Score: 4, Funny

    <Cthon98> hey, if you type in your pw, it will show as stars
    <Cthon98> ********* see!
    <AzureDiamond> hunter2
    <AzureDiamond> doesnt look like stars to me
    <Cthon98> <AzureDiamond> *******
    <Cthon98> thats what I see
    <AzureDiamond> oh, really?
    <Cthon98> Absolutely
    <AzureDiamond> you can go hunter2 my hunter2-ing hunter2
    <AzureDiamond> haha, does that look funny to you?
    <Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
    <AzureDiamond> thats neat, I didnt know IRC did that
    <Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
    <AzureDiamond> awesome!
    <AzureDiamond> wait, how do you know my pw?
    <Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
    <AzureDiamond> oh, ok.

    (For those that don't want to copy and paste)