Slashdot Mirror


Two Trojans For Mac OS X

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

10 of 326 comments (clear)

  1. users by Anonymous Coward · · Score: 5, Funny

    Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password. Are you sure? After all, we are talking about *mac* users. :P

    Let the flamewars begin!

  2. Two Trojans For Mac OS X Users by stuntmanmike · · Score: 5, Funny

    One for you, one for your partner.

  3. Worst. Trojan. Ever. by Anonymous Coward · · Score: 5, Funny

    The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer.
    Worst. Trojan. Ever.

    Hey guys, I've got a great new idea for a worm, I'm gonna start a e-mail chain letter that tells people they'll have bad 7 years bad luck if they don't forward the e-mail to 10 friends and send me their root passwords, IP address and their bank account and credit card numbers. It's sure to be a smashing success!
  4. Lame by grusin · · Score: 5, Funny

    On windows they do that without asking for password

  5. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · · Score: 5, Funny

    User Id: Anonymous Coward
    Password is blank.

    I hope you fix my preferences soon, my karma never seems to go up, no matter how much I get modded up.

  6. Re:Proof of Concept Slashdot Trojan by Hal_Porter · · Score: 5, Funny

    O/T but have you noticed how if you post sensitive information like your password here SlashCode filters it to X's. Very nice idea.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  7. Re:Proof of Concept Slashdot Trojan by mrbluze · · Score: 5, Funny

    1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Is your luggage by any chance in the form of a wooden horse?
    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  8. You'd be amazed how dumb users are by Sycraft-fu · · Score: 5, Funny

    I swear, some people go out of their way to infect their machines. The one that stands out in my mind the most was a virus for Windows a number of years ago. Came as an attachment in a message that said "Hi I send you the file in order to have your advice." So never mind the bad grammar and such, but before campus got hit we got wind of the thing and sent out an e-mail message to all users saying "Don't open this shit it's bad news." One of the users called in saying she was having problems with e-mail, we came and looked. The "problem" was that she wasn't an admin and so, thankfully, couldn't run the damn virus.

    Or somewhat more recently we had a virus that slipped by our e-mail scanner. It did so by sending itself in encrypted zip files, and then putting the decryption key in the message. That meant you had to open the mail, save the zip, open the zip, enter the code, extract the executable, and run it. Two users did just that and got infected.

    So while it seems armature to do a "Download this then enter your password," kind of trojan, that shit works waaaay more than you'd think.

  9. Re:Proof of Concept Slashdot Trojan by fatphil · · Score: 5, Funny

    Obligatory: http://www.bash.org/?244321

    --
    Also FatPhil on SoylentNews, id 863
  10. Re:Apple spin by doyoulikeworms · · Score: 5, Funny

    iTrojan - It just works.