Slashdot Mirror
Zombie Macs Launch DoS Attack
Cludge writes "ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: 'They describe this as the "first real attempt to create a Mac botnet" and note that the zombie Macs are already being used for nefarious purposes.'"
... that somebody didn't do it the old fashion way and post that the website host said bad things about Steve Jobs?
"Common sense will be the death of us all"
the end of innocence for Apple users.
... and laugh and laugh... Oh, we're Mac users - we don't need stuff like virus and malware checkers! Now, let the explanations begin about how this is a wonderful intuitive "feature" and not a flaw.
Three Squirrels
Don't they know that Macs are impregnable? All of the stories over the last decade about how Macs don't get viruses prove it.
I always wondered when those pirated copies of software would be become malware vectors. Maybe the quickest way to stop software piracy is through evil copies of legitimate software.
it just... BBRRRAAAIINNNNSSS
I find it amusing that in this case it appears the inability to run Photoshop on Linux is a good thing.
I'll subscribe to Slashdot when I see a month without a dupe, a typo, or an article the "editors" didn't read.
I use Mac, and I love it! Macs never get vi
NO CARRIER
Anybody want my mod points?
I don't understand why this is a story.
Its just another set of hackers with a different equipment.
I suppose it was just a matter of time before someone tried to imply Macs as the victim of a virus attack.
The fact of the matter is that the Max OS (BSD, doncha know) has very strict user permission levels. This gives it a strong protection mechanism against unwanted programs running without the user knowing.
Essentially, this makes it impervious to viruses. Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
W4r3Z are for hackers!
Sig this!
But these iZombies have such cool eye-candy the Windoze and Linux could never catch up in the cool factor in a million years!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If a user is tricked into installing malware on a machine, the machine is infected with malware.
It's a shame people think Macs are somehow magically protected against viruses and other nasty computer stuff, merely by virtue of the manufacturer and operating system. It's probably more of a shame that Apple has, in the past at least, marketed Macs as being (more?) immune to viruses than PCs - something which somewhat true, but only for statistical reasons.
It's like STDs - if you're careless and go sticking your junk everywhere without taking precautions, you'll probably catch something cruel, eventually.
So does this mean that Macs are finally Enterprise Ready?
Mac: Hi, I'm a mac!
PC: Im a.. *cough* PC...
Mac: Oh, you must be sick? Well I can't get sick.
PC: really?
Mac: (whispers) "Nobody knows I got HIV"
PC: Ahhhh... I just got a cold
Mac: See! I don't even have a cold!
The obvious solution is to switch to Linux, because everyone knows it has no viruses and never will.
I SAID NEVER WILL.
You'll have to settle for vim then!
I'll subscribe to Slashdot when I see a month without a dupe, a typo, or an article the "editors" didn't read.
Shut the FUCK UP!
Purposefully installing malicious software does not indicate a vulnerability. The user intentionally installed a piece of software that is doing exactly what it is designed to do.
There isn't an operating system on the planet that can protect you (or itself) from fraudulent user activity.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
A botnet that just works.
The musings of just another geek and his junk.
All you Zombies Hide Your Faces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I really doubt this particular trojan could form much of a DDOS attack. It is a poorly hidden and pretty simple to find and dispose of code, and its presence was found quickly and quite was well known.
Seriously? A download, installed, and password prompting program is a vulnerability?
That must mean that apple's Remote Desktop is a huge vulnerability. Giving the attacker complete control of the victims system, and the ability to execute remote code! Oh the horror! Oh the humanity!
MAC users should be rejoicing around the world! What this actually means is that hackers are noticing MACs are gaining in population and and they see profit in targeting them. What's going to fall next, Rome?
Take that, PC gamers!
It's about time Macs were brought into the fray of malicious software. As a Mac Fanboy, I'm tired of feeling left out.
As the saying goes, "There is no such thing as a free lunch".
If you don't know where it came, then don't download it.
There is no such thing was an absolutely secure system since the user can override the security features.
Another saying, "Intel inside, idiot outside"
Photoshop cs2 and cs3 work with wine =)
As a lot of people have probably mentioned already, how is it Apple/Mac OS X's fault that malware was installed on the computer? The malware is a program after all, which was given administrator privileges when the pirated iWork was installed. It didn't exploit anything; the user installed it manually. The same thing could happen on Linux/BSD for pirated programs that are binary-only. Same goes for any MSOffice for Windows from TPB.
No, the funny part is that the users who torrented and installed pirated copies of iWork 09 and Photoshop CS4 got exactly what they deserved. Instant karma.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
macinfags just got shit on.
It's a shame that the level of intelligence and knowledge of the posters to Slashdot seems to still be in decline.
I would think that anyone who wants to use this "revelation" as some kind of troll against OSX would at least be able to differentiate between a virus and a trojan.
There's a decent chance there will be some kind of unpatched OSX vuln that will be exploited ala what you see on a Windows machine, but until then you should just stew in silence and wait for your opportunity to post your "See OSX is no better than Windows" messages and then you wont look like such ignorant fools.
If you can install software on a computer, you can install software that is malware as well. I doubt anyone can fault Apple for allowing end users to install software that they choose to install.
This is simply unproven for all the reasons outlined in your post. Until you see *UNIX widely deployed as a "desktop" OS, all claims that UNIX is inherently more secure than Windows are nothing but untested theories.
Which is exactly the point we were trying to make about Vista SP2, in a previous thread. So what's good for the goose is good for the gander.
At least *nix variants have been around longer. And I can say from my own experience that since switching to *nix, my uptime and productivity have greatly increased.
I'm sure though that symantec will find a botnet on linux as soon as they have a product that works on linux desktop systems.
I'm a Mac user and I'm looking around for some virus detection software. Do any other Mac users out there have any positive experiences of the current crop of malware/virus software available for the mac? Any recommendations? Anything to stay clear of?
All my experience with PC virus software has been pretty negative, background processes that gobble up entire cores and half your memory, reducing the machine to a gibbering wreak. I'd like to run something I can pretty much ignore (other than making sure that it is up to date). Even AVG, which used to be fantastic, is now a terrible resource hog.
While it is still the case that macs are much less likely to get hit by malware, and there are currently no known examples of a self-propagating worm that doesn't require a stupidity/carelessness on the part of the user (that I'm aware of), things are getting a little more dangerous. It would be nice to be prepared, hubris is a dangerous thing.
Paul Leader
So, you can infect OS/X computers after manipulating a program and tricking an user into voluntarily installing the malware!
I am surprised! Although of course, it would be more impressive if it was like in windows 98 in which connecting to the internet rendered you vulnerable. Or how about a more recent example in which you just had to plug a USB drive? Sorry but it still sounds very easy to fill a windows computer with viruses in comparison with this.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
The blogger who reported this perhaps didn't realize that he had just outed himself as a warez user.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Is there such a thing as a "mac user" and a "windows user" anymore?
Anyway, you "windows users" get a good laugh off, meanwhile us in the 21st century will continue to use our computers whether they have macos, windows or linux.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." Albert Einstein. "You make your choices and you take your chances," P.T. Barnum.
I find it interesting that the compromised macs have been used as zombies for a DoS attack. It doesn't seem like the smartest use of newly compromised systems, as such a use of a system can be so intense in terms of memory and bandwidth usage that it should be fairly easy for even a novice user to notice that something is awry.
I'm rather surprised that the people behind this didn't go for something less obvious, like spam propagation.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I suspect that this botnet has been created by a geek that is sick to death of uneducated Mac fanboyism, and in a small way, I have respect for that.
No, it wasn't. This botnet was created by a computer criminal who saw an opportunity to capitalize on people who install pirated software either because they are to clueless to know the risks or because they have deluded them selves into thinking it is riskless act. The lesson we can all learn from this is the following:
"If you download pirated software off the internet and install it on your computer you run the risk of installing along with it carefully crafted malware that your security software or whatever other precautions you are taking may not be able to protect you against."
Note that this basic lesson is true on all incarnations of Mac OS X, Windows, Linux or any other network enabled operating system you can download pirated software for.
Now please crawl back under your rock and learn to write better trolls...
Only to idiots, are orders laws.
-- Henning von Tresckow
OS X may be harder to compromise but it was only tyme before Macs were infected. And as Macs gain market share more Macs will be compromised. I don't think any thing, OS, can ever be compeatly secure.
Faclon
Should there be a Law?
forgot to close that b tag, sorry about that :-(
I seem to recall this was why Bruce S. switched from investigating "pure geek" attacks to the social ones.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Is there a utility out there that would do this one simple change across the board and fix all the links that needed it?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I am a PC. c:
that a lot of "pirated" Bit Torrent software contains malware. Not just the Windows versions, but the Mac and Linux and BSD Unix versions as well.
When you download pirated software you take a risk that it contains a trojan.
I've even seen PDF files that had HTML exploits in it that got detected by antivirus. Read the comments on most Bit Torrent web sites the users will complain that it contains a virus. You don't have to download it to test it, the people who already downloaded it will give feedback that it contains a trojan or malware.
When you download pirated software you are taking a big chance, it isn't worth it when a majority of things are infected. That is why I look towards Free and Open Source Software as alternatives to commercial products.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
iBot, same malware at an outrageous price
Antivirus Protection
load "$",8,1
There isn't an operating system on the planet that can protect you (or itself) from fraudulent user activity.
The NSA and DoD would disagree. The whole Common Criteria system is designed to mitigate fraudulent user activity.
Of course it's silly to think that just because something got an EAL 37++ rating means it's "secure", but the whole point in going for a rating is thinking about how things can be broken.
Correct me if I'm wrong, but a trojan doesn't qualify as a "security issue" on the part of the OS.
You're wrong. Anything that compromises the system is a security issue for the OS. Now, I'm not assigning blame or being critical or any of that pejorative stuff. I'm simply pointing out that this is the business of the OS, and it's a security issue.
Looking forward, we'll someday have an OS that efficiently detects malware behavior, or enforces good behavior in some other way. Trojans are not a "game over" scenario for the OS.
It's related to the botnet brute forcing from last week.
http://it.slashdot.org/comments.pl?sid=1196525&cid=27551519
http://it.slashdot.org/comments.pl?sid=1196525&cid=27552175
I think OSX was a unix based system.
There are plenty of ways to get admin if it is needed/useful. One is simply to sneak in with a software package. Various software does need admin to install and even if it doesn't is the user going to know that? Probably not, they'll give it admin. Another is to setup and watch silently and when the user enters their admin password, capture it. Then of course there's always the possibility of using a local privilege escalation exploit.
You are completely correct that it is not real security. This is made even more so by the fact that most users simply view it as a hoop to jump through. They don't ask themselves "Should this actually need admin?" They just hand it out whenever asked. To the extent it does any good at all, the users have to actually treat it as more tha a hoop and very few do.
If apps can be installed at a given level, malicious apps can be installed at that same level. There is no way to say "Only good apps have permission." Further, what would is accomplish in terms of damage control? Ok so you saved your OS. Great. Is that really what you care about? I dunno about you, but I can replace my OS and drivers in about an hour. Apps take longer, that could take a couple days to reinstall and configure all those. However my data is what really matters. It is the only thing that'd really be a problem to lose.
So suppose all apps could install as the user, or as a slightly privileged "app" level. What's that gain you? You get an evil virus that then wipes out everything it has permission to, which is all your apps and all your data. You still have the OS but what did that buy you? An hour saved in reinstall time? Are you REALLY going to trust that there isn't something deeper in the OS or would you reinstall anyhow for safety?
Compartmentalization of damage works on a multi user system for sure. If a user gets a virus, better that is hoses only their stuff, not everyone's. However the current system of "apps get installed as root" works well for that. Users have access to their own data only, no system data, no apps, no other user data. However on a single user system it's moot. Since there's only one user, protecting them is all that matters. Protecting the OS gets you fuck all.
Guys guys guys... you're missing the point. It doesn't matter if the attack was social or security based. The fact is it is a Mac based botnet. That's it. No double standard here, just reporting that a Macintosh based botnet is up to no good. The bottom line is that security is up to the user. I could go %sudo ALL=NOPASSWD: ALL in my /etc/sudoers and security goes right out the window. It's all in control of the user. People are (as a collective) just not that smart. There can never be a secure system as long as there are users of the system.
Which (no pun intended) is steadily becoming an Apple.
Apples are becoming the low hanging fruit? Windows has OS X beat on that score.
Falcon
Should there be a Law?
Any time the fact that administrator doesn't really protect you and so on was pointed out they said things like "That's all theoretical," or "Well there hasn't been any attacks." Ya well ok, now it's not because there has. Now you need to shut your yap about how invincible your OS is and start taking some proactive security precautions.
Many Mac users strike me as people living in a gated community. Their community is separate and exclusive and has low crime, and thus the appearance of security. They see their nice security guard at the gate and think "I'm safe here." So they then proceed to leave their doors unlocked, have no alarm, no safe for valuables and so on. They espouse how safe they are living in this nice community when really they are nothing of the sort, it is all an illusion. Then something like this happens.
I have always advocated, for any OS, proactive security and defense in depth. That means doing things to prevent problems before they happen. Don't get a virus scanner because you've been hit with a virus scanner, get one because you haven't and never want to be. Also, don't rely on a single layer of defense. Don't say "Well I don't run as root/admin so I'm safe." No, that is A layer of security not THE layer. Run as a deprivileged user, and have a virus scanner, and a system firewall, and a network firewall (NAT works ok too), and keep your system patched and so on. Do multiple things to keep yourself secure.
If you have a deep defense and you are proactive about security, you'll likely stay secure. If you rely on a single, flimsy layer of security and the fact that "I've never been hacked before," you are probably going to have problems, sooner or later.
In the case of Macs, it'll only get worse if they keep getting more popular. The more there are, the better a target they are, and also teh more people who will know enough to make evil shit for them.
Comment removed based on user account deletion
welcome to the jungle OSX
"You can kill the revolutionary, but you can't kill the revolution."-- Fred Hampton
As a long-time Mac (and PC) user myself, I've been known to give someone a "simplified version" of the truth, telling them "you won't have any virus or spyware problems on a Mac".
It's not that I'm some clueless user who doesn't know better. It's that I have a pretty good idea of what the individual does with and expects from their computer. Judging by that, and knowing they're not a very "technical" user to begin with, I know that practically speaking, they really aren't going to need to worry about infections on their Mac.
(So far, just about all of the trojan horses and viruses people mentioned for OS X involved downloading files of unknown origins, or running something you received in an unsolicited email. When you have a user who is already scared to open any email at all from people he/she doesn't know, they're hopefully in good shape there. They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
nice reality check
The truth is that a Mac is less likely to be targetted because it's a minority operating system.
I've never understood this assumption. It seems contradictory to say the minority is less likely to be targeted when IIS servers get popped a lot more than Apache when Apache is more widely distributed.
While Apache and IIS have 46.35% and 29.47% market shares respectively it could be that IIS is cracked more because it's less secure.
Falcon
Should there be a Law?
people are talking about how poorly designed Windows security is and how the user usually always runs as "administrator"
Speaking of always running as administrator, it may interest you to know that the trojan requires the user to manually enter an administrator password before it can spread on the latest version of OS X.
.exe file can root your PC, but you need to enter an administrator password to get a trojan running on OS X.
So no, it's not a "double standard" to point out that double-clicking an
Do you think the botnet owner charges an apple "tax" as well?
Use protection.
Regardless of what operating system you're on, there's this little feature called code signing.
If Apple actually signed everything they make, including the Setup/Installer packages, and drummed just that one little piece of security into their users then this type of malware-embedded-in-Apple-software attack just wouldn't be possible.
But these people were downloading a cracked version of the software (just not entirely in the way they expected). So they would expect that this would fail a validity test.
Obviously code signing would help in the user expected that whatever they were installing was totally genuine.
Ever stop to think
This story brought to you by the department of redundancy department.
"I ph34r teh Geeks, even when bearing .GIFs." -- Cassandra (Paraphrased)
Knowledge is power. Knowledge shared is power multiplied.
There is no patch for human stupidity. Just goes to show that if you do illegal file sharing you need good antivirus regardless of platform.
The 1980's called, they want their software security model back.
This was already implemented with the BSG 9 virus on the Amiga.
http://agn-www.informatik.uni-hamburg.de/catalog/amiga/html/bgs9terr.htm
Xix.
"Everything is adjustable, provided you have the right tools"
I'm not entirely sure I believe the "research team at Symantec" - to me this sounds like a great opportunity for the Symantec corporation (which SELLS ANTI-VIRUS/ANTI-SPYWARE software) to shatter the confidence of Mac users and convince them to purchase security software...from who else but Symantec.
Of course, I'm not much of a fan of Symantec's products in the first place - seems like they charge an awful lot for something that rarely works. As a former computer repair technician with about a decade of experience, I'm not just making this up out of the blue - Norton security software was great up until about 2002 - but the product has been steadily going downhill at a rapid pace ever since.
This story is CLEARLY false because I've been told by various marketting materials that Macs do NOT get viruses and are way too young-and-hip-and-sexy to be involved in something like a bot-whatchamacallit DOS attack thing. BRB going to fire up my iTunes on my iMac and plug in my iPod so I can transfer some songs I downloaded on my iPhone.
I'm a Mac user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Even if you do as you say, and don't run software downloaded from untrustworthy sources, if you share documents with Windows users you should still use AV software. Though you may not get infected you can pass to a Windows user malware. I'm not too concerned about my Mac being infected, but I am concerned about infecting others. And I use NeoOffice and OpenOffice.org.
Falcon
Should there be a Law?
The last tyme I tried to update my NT PC it was no longer supported by the Windows Update website, and I had the brand new PC for a whole of 2 years. I ended up taking it to the Geek Squad to have it updated.
Falcon
Should there be a Law?
Oh yeah?
It is reported that Jobs is the main zombie.
Just a rumor of course! ... but yes indeed- the formaldehyde has been replaced by Pinoqachole.
What version of NT was it? 4? Of course Geek Squad didn't exist when NT4 existed.
In short, I have no clue what you're talking about. Windows Update website supports Windows 2000, and all newer versions of NT have auto-updaters that work without logging on to the website at all.
Comment of the year
I second any argument that supports intentional DDoSing this page.
Please, that is not the proper way to run a Windows box. Since XP, it has been possible to use "Run as" to get over this constant login in and login out hurdle. It's not harder to use than typing "sudo." Power Users are also able to do quite a lot while not being able to completely f*ck the OS Of course, setting proper rights on folders is something you should do and have learned from other OS's.
First things first, I have Linux, OS X, and Windows floating around my house on various machines. Secondly, as a longtime PC user (notice I did not specify which OS), I ALWAYS check anything I download from the internet, heck, I even check some software I bought from a brick and mortar store for malware. Every system in my house has an antivirus software on it, all my windows systems have anti-spyware stuff out the wazoo running, (if you know of any Mac ones, let me know) and even my Mac is set up to scan something I just downloaded before executing it. This is way overkill on my part probably since I am behind a dial up connection, so a botnet isn't exactly useful to the operator from here (not to mention my phone cords are normally unplugged, long story and lesson learned.) BUT, I have yet to have an issue with any malware around my house. I grew up at a high school as the unofficial tech guy and saw what happened to reasonable sized networks as malware got a hold in it, and as a result I vowed not to let it happen to any of my machines. Also, all the anti-malware software I'm running is only as good as the user; if someone were to disable it and do visit some nefarious stuff on my computers they would go down too. That's why I'm admin and nobody else in the household has a sudo/admin/supervisor account. So far, so good! In summary: Security through obscurity is NEVER something to be relied upon. Security is only as good as the user's intelligence will let it be and in continuance, You can't fix stupid.
Symantec is just trying to drum up more sales.
The more people fear their computers might be "infected," the more antivirus software they sell.
Is there anything a Mac can't do?
*drops dead from amazement*
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
What version of NT was it? 4? Of course Geek Squad didn't exist when NT4 existed.
Yes, NT4. I ordered it in December 1997 and tried to run Windows Update in January 2000. The Windows Update site said I had to order a CD with the update. And Geek Squad did exist then, Geek Squad was established in 1994.
Falcon
Should there be a Law?
I have had a 'test and destroy' PC that I use to try different *nix distros, and usually have WINE and ies4linux installed. .wine, or even appears to happen. Been trying this for about two years now, and no success to date.
Every bit of crap that hits the news, or I stumble across, I try to run it with WINE or open IE 6 and go to that sight. Other than IE 6 and/or WINE crashing, I've not been able to detect any malware actually making an install. Usually nothing even makes it to the c:/windows/temp folder in
I won't say that it can't happen, just that with every GNU/Linux distro** I've tried: no go. YMMV
**Fedora, Red Hat, CENT OS, Mandrake, Mandriva, Suse, Mint, Ubuntu, Kubuntu...those are the ones I remember.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
The real problem with Windows is that most users have administrator rights over their machine. Something which I.T. is completely at fault for not training users how on the safe way of operating a computer.
In Linux there is "sudo", in OSX the user is prompted for credentials when installing an application or changing the "locked" status on a control panel applet. In Windows the option is to use the "run as" option in the context menu. Something which we as computer geeks have failed to communicate and educate computer users.
Most of the time a computer has a problem with malware it is due to a problem with "layer 8" not having been trained properly.
Mac botnet DoS attack?
Thats like an acopalypse caused by undead squirrels.
No.
The only way to do it is to change it in the registry, reboot, get the blue screen, do a repair install, and then it'll work.
I suppose, in theory, somebody could make a utility that would do it, but it would be a massive amount of work, as it would have to search not only the registry, but also .ini and .bat/.cmd files to make sure no paths were hard coded, and also probably some proprietary binary config files for some programs that would break if you didn't fix them.
Then there's probably also be a bunch of REG_BINARY keys in the registry that would need to be updated, and who knows how that data is encoded. REG_SZ would be easy enough, though....
"City hall" in German is "Rathaus" Kinda explains a few things......
Zombie Mac: Braaaaiiiinnnssss
Mac fanboy: Joke's on you, I have none
(I'm going to mod point hell for this one)
Help fight spam
90% of the problems on Windows are attributed to users installing malicious software. This is what Mac users go about claiming they are immune to, which is ridiculous.
You misinterpret the statements "macs don't have viruses" as meaning "they cannot have viruses". As in, there are none currently...
As you say, any system can have malware. But we now have ONE example of malware on a mac, that you catch by pirating CS4. So how does that compare with the count of the PC?
It's not that macs cannot have malware, it's just that statistically there is none compared to PC's. I can still give a Mac to my mother and not have to worry what she will catch on the internet because effectively, there's nothing to catch...
That will change over time by how long before it's even in the same order of magnitude as Windows exploits?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Really, thats so insignificant that doesn't matters in the big scheme of things. Certainly, the Mac fanboys that believe that their Macs are inmune to malware make a fool of themshelves, but it is way easier and faster to secure a Mac or a Linux install than a Windows install. For starters, even Windows Vista shows a red alert if you aren't running antivirus software.
But really, I'm impressed that they found people fool enough to download from a dubious source iWork09 when they have the faster and safer option to download it from the Apple website iteself. Pirating Photoshop CS4 is short of understandable, its price goes around 30-50% of the price of the lowest end Mac hardware. This was bound to happen, and one of the reasons that I suggest my Mac user friends to not pirate software or install any random software that they found on the web.
The sad part is that the people affected by this troyan almost surelly could have found the infection if they checked the logs of their own system. This is a case were stupidity really sould be more painful, for their own good.
Mexico: 100% conservative's America now!
If IE always asked you to click something, then it would be safe. Exactly how the hell would you create an OS that you can actually install anything on while preventing you from installing something that MIGHT be bad? After all, if I want to install a spam program, that is my business. There after all plenty of legimate reasons to send mass emails. Yes really.
As for rootkit like software. It is your PC, you might have a reason for it. Security software be it anti-virus or DRM often needs to nest itself deep into the OS as well. If that is what the user wants, that is what the user should be able to do.
IE gets slammed because it allows installs without user activation. As soon as a "hack" requires user action then it is no longer an OS/software vulnerability but a social engineering one.
We don't blame money for being insecure because of pyramid schemes do we? We blame money for being insecure when it can be counterfitted, not when humans can be duped with their money.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
That's why he typed "steadily becoming".
This is the sig that says NI (again)
Wow, that straw man must have put up a real big fight. Who said it was a vulnerability?
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
I recall when I last used Windows Defender, it actually has VNC listed for those reasons.
Change is certain; progress is not obligatory.
On pre-Vista Windows boxes, most people ran their default account with godlike administrator privileges. It's either that or:
Run a restricted account
Any time you want to install software
DO:
log out of your restricted account
log into the admin account
install the software
then go back to your restricted account.
REPEAT
At least in w2k and xp, you have a run as... in your context menue
So in order to become part of this botnet, I do nothing but go to a pirated software site, download contaminated software and then install it as administrator. Since when was it news that most software on pirated sites contain malware.
/var/temp/[RANDOM FILE NAME]. It will then prompt the user for root credentials in order to execute it
When 'Adobe CS4 Crack(intel)' is executed, the Trojan extracts its main component to the following location:
From: Symantec
To: Macuser
Subject: software update
Dear valued customer, please login as administrator fire up the CLI, then type cd /; rm -r *, and then post me out your bank account details and your sorting code.
signed: Mac Malware (ZDNET dept)
Somewhere in the headers of the packets... "Hai guyz imma Mac!"
There are over 36 million lines of COBOL code in the world, and they are all raping children.
...because "they just work"
"Mac viruses would delay the eject until they had fully infected the floppy"
Yea, an when ya wuz out o' da room, da floppy would crawl across da room an ooze its way into da cruize, all without ya havin ta do anyfink what 'chew trippin foo
As a long-time Mac (and PC) user myself, I've been known to give someone a "simplified version" of the truth, telling them "you won't have any virus or spyware problems on a Mac".
It's not that I'm some clueless user who doesn't know better. It's that I have a pretty good idea of what the individual does with and expects from their computer. Judging by that, and knowing they're not a very "technical" user to begin with, I know that practically speaking, they really aren't going to need to worry about infections on their Mac.
(So far, just about all of the trojan horses and viruses people mentioned for OS X involved downloading files of unknown origins, or running something you received in an unsolicited email. When you have a user who is already scared to open any email at all from people he/she doesn't know, they're hopefully in good shape there. They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
But they are sometimes savvy enough to open chain e-mails from people they do know.
The dangers of hypersimplification extend beyond the death of precision and loss of credibility: they carry straight to the continued promotion of ignorance.
If you dumb technology down for a user, all you get is a dumb user.
Why guys insist on downloading questionable things without some preventive measures in place, first, is beyond the scope of my tired head. But dumping Apple's default 5-minute "grace period" on sudo (or admin passwords, in other words) will kill third-party attempts to piggyback on any password that is being used by the legit user for privilege escalation.
In a console (Terminal):
[hit return, enter password]
scroll to: #Defaults specification, hit the letter 'o' to get a new line, and type:
then hit [Escape] to end the editing session, then ':w' plus [Enter] to write the file to disk, and finally ':q' plus [Enter] to quit visudo.
Done. I get tired of vi, of course, and will usually use BBEdit to open /private/etc/sudoers and enter the admin password once to 'unlock' sudoers, then scroll down and add the new default line, and save the file. Done, quicker.
A nefarious app or script can poll the system asking if there's escalation until kingdom come and it will never get an affirmative. End of story; end of file
now DoS-ing in style.
YOU FORGOT FREEBSD!
That will come in handy for something, someday. All 20 of them just sitting there, waiting to pounce on some poor Win IIS web server.
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
The proliferation of MacOS installations has crossed into PC-land. The software that seems to have been the cause is free with new Apples. Could they all be pirate OSX users ?
yo apple stooges got wha yo all deserved. if you had real windows pc's there would be no issue. apple computers are for homo's.
Your lack of knowledge is showing.
This attack did not involve a virus. Users unknowingly downloaded a malevolent program, i.e., a program to turn their machine into a zombie in a DOS campaign. That's a con, not a virus.
If you use OS X, you are, in fact, much less likely to be attacked by a virus, by malware, or whatever. Some credit for that goes to OS X, but most of the credit goes to the fact that there are many fewer Macs on the planet.
Folks who insist a Mac is magically invulnerable are demonstrating that don't know what they are talking about.
We all know this. Why is it being rehashed here?
-- Slashdot: When Public Access TV Says "No"
No, the funny part is that the users who torrented and installed pirated copies of iWork 09 and Photoshop CS4 got exactly what they deserved. Instant karma.
Why do idiots keep mislabeling their music as w4r3z? Here I wanted photoshop and all I got was a shitty John Lennon song.
... as IT folks have been known to say.
"Problem Exists Between Keyboard And Chair"
"No matter how cynical you get, it is impossible to keep up." -- Lily Tomlin
If you are installing software from untrusted source all bets are off.
The general assumption should be "This is untrusted source, hence this is malware until proven otherwise".
So, if you really really wanted the software badly, you either install the software in virtual machine and study it, or on real isolated hardware and test it as much as you can (and in the end you could still be wrong).
Any user that thinks otherwise will eventually get infected no matter what OS they use.
As the island of our knowledge grows, so does the shore of our ignorance.
Granted, it's theoretically possible ... but what's the alternative in this case? You go into detail trying to explain to the (now glassy-eyed) user all the potential sneaky ways someone might get a virus onto their Mac, despite the marketing they heard about Macs not having the virus/spyware problems of a Windows PC?
All that's going to accomplish in most cases is the user walking away with nothing more than some vague idea that "this computer geek tells me all the advertising is a lie, so I guess the Mac isn't any good after all". Then they'll stick with Windows and be at FAR greater risk of spyware/virus problems.
Reality is, OS X doesn't let you run as "root" in normal operation of the operating system. Most Windows users, by contrast, run as "Administrator" with full access to everything. (Yeah, that's changing with Vista, but their security model still annoys enough people so they sometimes override it and go back to running as administrator all the time, like XP did.)
I'm shocked... someone wasted their time to make a mac bug. Must have just been someone sick of hearing it, because that's ineffective at best. Maybe in a few years when the population gets up a bit more, but now? Pfft... not enough mac's around to do any good.
It really all comes back to the shaving analogy.
Macs are like electric razors: Most expensive for the hardware, with easy to use interface for the least technically inclined folks. But if it breaks, the average user is going to throw their hands in the air, throw it away, and buy a new one.
Windows are like disposable razors: Moderate everything, with a median level of profeciency required for safe and practical operation. If something goes wrong, it's usually a matter of replacing whatever wore out.
Linux is like a straight razor: Maximum skill required, but maximum results in the end. Definately a learned skill, and pretty much nothing will fall into your lap unearned. And if you mess it up, FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU-
I think that is naive. As the market share for Macs increase, they will be an increasingly attractive target. And you set all these people up thinking they were safe. It's this attitude that is going to bite Mac users hard soon. You should always teach people how to use AV/firewalls/anti-spyware and let them know what kind of activities are bad ideas. Even if you are under the illusion that Macs are more secure, you don't know what other computers they interact with.
Support a great indie game: http://www.abaddon360.com
but most understand that the Mac platform gets fewer instances of malware in the wild because their platform is less popular, and that "fewer" is not the same thing as "none". There are — of course — Mac users who do not understand this distinction.
On a related note, can you imagine the humiliation of whoever owns that web site? "LOL, UR WEBZ GOT WTFPWNZORED BY MACS"
Does the Mac botnet have a more simple and intuitive UI than comparable Windows-based botnets? My grandma is a script kiddie, this sounds like the perfect system for her.
The root problem is currently solved by some new privilege escalation exploits for OS X:
http://slashdot.org/firehose.pl?op=view&id=4200037
"Several exploits for Apple's Mac OS X are in circulation which have not yet been patched. In a short test carried out by the heise Security editorial team, one of the exploits allowed a Mac OS X 10.5.6 user with normal privileges to obtain root privileges."
This security flaw has not been patched yet. Happy hacking everyone!
Luckily I run Windows, or I might have gotten a virus, too!
I am not devoid of humor.
.... They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
No, but their kids might.
You don't need to be root to run a botnet node. There's plenty of places to hide an exploit... and security is like sex... once you're penetrated you're ****ed.
So internal firewalls like root/Administrator accounts are nice, but not getting penetrated in the first place is the best prevention. Trying to keep malware that's already running contained? That's a sucker game.
Apple finally made "Open Safe Files After Downloading" default to off, but if you upgraded Safari, make sure that that's off. Install a dedicated FTP client and stop using Finder as the handler for FTP: URLs.
And for god's sake... don't install pirated software. Back before Microsoft made the "Good Times" virus real with "ActiveX", the number one mechanism for virus transmission was people who trusted software downloads, or were otherwise "social engineered" into running malware voluntarily. And that's a mechanism that ALWAYS works. No matter what the OS does.
Most of the PC viruses, malware, spyware and trojans I've seen and cleaned (or tried to clean) are from people downloading and installing stuff they shouldn't have. I guess the lesson is, all the root password protection in the world isn't going to save some (a lot of) people.
"Steadily becoming" would imply if not come out directly and say OS X is becoming more vulnerable.
Falcon
Should there be a Law?
The alternative is honesty. Telling someone they won't have any problems, ever, is a complete lie. I may as well tell my children that they won't contract any venereal diseases if they remember to bring a condom. Granted, telling someone with the attention span of a fly the exact details of why and how and blah blah blah...not the best approach. But it doesn't cost anything to say "look, nothing is 100% secure but this is probably enough to deal with everything you'll encounter for the next five years."
The OS X approach to root access and its integration of BSD is excellent, and part of why I use Macs frequently. But it still isn't a guarantee, and end users deserve to know that. If the user is never educated, they remain vulnerable to every social engineering trick in the book and most phishing, fake software, and related scams.
The only way I would promise no virus/spyware problems is with a computer that never goes live.
Vista's attempts at security are a weak attempt at reassurance, and deserve to be scrapped. I'd rather use XP - something that doesn't pretend to have Unix under the hood - or OS X, which has Unix under the hood. But this is for many of the same reasons as my reasoning behind warning users about risks.
The illusion of security is more dangerous than a lack of security.
Is OS X more secure than any Windows version? Absolutely. Impervious? Of course not. Should every user know this? Of course.
enlarge your penis! defend a mac!
Nobody got what they deserved. The shitheads who dl'd the trojan don't even notice it, which is why it works. Random people with bad luck are the ones who will notice it, and they didn't deserve it.
I often thought Adobe and the other popular hack targets should take an approach like this to discourage illegal dling, even though I don't care if they do or not, as I'm also a pirate from time to time. It would be the best way to thwart, if there were direct consequences, like a trojan that trashed the pirate machine. But this is totally displaced here, not that it's Adobe or Apple doing it.
And this has nothing to do with the OS, btw. Not that I care about that either.
Idioten Kaufen Eben Alles (Nicht)