Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Quietly Goes After Mac Trojan With Update

Posted by kdawson on from the nothing-to-see-here dept.

Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.

12 of 321 comments (clear)

  1. Re:If they're trying to keep it secret by Facegarden · · Score: 5, Insightful

    Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

    I would hardly call release notes for a bugfix "shoving it in their face."

    It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.

    Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.

    This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
    -Taylor

    --
    Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
  2. Re:Let's get this out of the way, shall we? by Cwix · · Score: 5, Funny

    I know.. this is Bill Gates and Linus Trovalds secret plot to make Apple look bad. Theres no such thing as mac malware, Steve Jobs would never allow it. He has out best interests at heart.. right.. RIGHT?!?!
    Anyways even if there was mac malware, They would be forthcoming, and quit claiming to be malware free... I mean they would never lie or mislead us right.. RIGHT!?!?

    Disclaimer to the mac fanbois, if you cant take a joke, don't bother replying.

    --
    You are entitled to your own opinions, not your own facts.
  3. Re:You have to wonder? by grapes911 · · Score: 5, Informative

    trojan != virus

  4. Re:You have to wonder? by kdogg73 · · Score: 5, Funny

    Sometimes a trojan prevents a virus.

    --
    Let's face it, most of us are scoffers. But moments before zero hour, it does not pay to take chances.
  5. Re:If they're trying to keep it secret by sindarta · · Score: 5, Funny

    many people go their whole lives without visiting tech sites

    They don't? What an unintresting life they must lead with their travels and friends and social life. Repulsive.

  6. Re:If they're trying to keep it secret by phantomfive · · Score: 5, Interesting

    Hiding it makes a lot of sense if you don't want to look bad,

    It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce, including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).

    It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.

    --
    Qxe4
  7. this is anything but new by v1 · · Score: 5, Informative

    There's been malware out for mac for well over a year. The big one I run into is a self-decoding shell script that installs a root cronjob to redirect your dns servers. The machines get brought into me because their web browsing has gotten slower, due to the malware dns server the machine is now using being a lot slower than their ISP's.

    I've actually ran into ONE example of a mac that was back-door'd, but thought it was an isolated targeted attack. (the victim was "high profile") But maybe it was just an early version of what's discussed in this thread.

    BUT, tossing my hat into the ring as to whether or not Apple should be "hiding" the fix... check out the latest security update from Apple. HUGE list of security patches. (over 40?) All with accreditation to the people that brought the issues to Apple. It's not like they don't have issues, and it's not like they systematically hide them. They just tend to fix them very quickly, and have very few (relatively speaking) to fix in the first place. Apple is well-known to include security updates and fixes in their OS updates, they don't all land in security updates. That's all this one was. It's very likely there were a dozen other security-related fixes made in the 10.6.4 update. This one they just happened to notice. Apple just doesn't usually put a security-fix accreditation readme in with their OS updates. Is that the real issue here I wonder?

    --
    I work for the Department of Redundancy Department.
  8. Re:Trojan for Mac had to appear some day... by cbhacking · · Score: 5, Informative

    Part of writing serious malware, the sort that uses shellcodes and relies upon particular calling conventions and memory layouts, is very platform-specific. That kind of thing has to be learned anew for every platform one wants to target, often including different architectures of a given OS.

    Trojans, on the other hand, are literally nothing other than programs that the user doesn't realize he is installing. They may attempt to hide themselves using platform-specific tricks, but at the end of the day, it's a program written like any other. OS X may emphasize Objective-C and de-emphasize its UNIX underpinnings for many things, but at the end of the day it uses a POSIX API very similar to the one found in Linux.

    Hell, I've written software for the POSIX subsystem of NT on x86, and successfully ported it to Linux on ARM, with fewer than one #ifdef per KLOC. I strongly suspect that OS X is a lot closer to Linux than SUA (Microsoft's NT Subsystem for UNIX Applications) is to Linux, yet it wasn't hard at all. It wasn't malware, but if I'd wanted to I could have invisibly slipped it into an installer for some other program and then it would have been a trojan.

    --
    There's no place I could be, since I've found Serenity...
  9. Re:You have to wonder? by Anonymous Coward · · Score: 5, Insightful

    Trojans aren't viruses.

    Please list off all the viruses that will run on Snow Leopard.

    Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.

  10. Re:Let's get this out of the way, shall we? by hairyfeet · · Score: 5, Insightful

    Actually funny you should say that, as I would say that most Windows users would be safer as they know there is malware for Windows and thus are more likely to have AV and Antimal. I had to clean up a few Macs infected with the "Mac Codec" DNSChanger awhile back, and I literally had to take them to a security site and show them a security report saying "This is Mac malware" because they completely refused to believe it was possible for a Mac to get malware, because that was what they had been told so often. One even got irate with me because "WTF is the point of spending all this money buying a Mac and a bunch of new stuff to go with it if I can still get infected!!!". I told him to go take it up with the guys at the Genius Bar, because I just fix boxes.

    So I would say, especially with Windows 7 where there are features like ASLR, NX bit, and Windows Defender by default, that Windows users are probably safer because they know of the dangers out there. Many Mac users think they can run whatever they want and do anything because "Macs can't get bugs" and are therefor less likely to have good safety practices like have an AV or worry about updates. BTW all the guys that hope for a "Year of the Linux Desktop"? Guess what inevitably comes with clueless users? Can you say malware and headaches boys and girls? Believe me, I tried converting a "must click on teh pron!" Windows user to Linux once, he managed to break the OS in just three days. No matter the OS, stupid is as stupid does.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  11. Re:One does not have to wonder by Anonymous Coward · · Score: 5, Insightful

    So you like it when the OS vendor pushes some software onto your system without any mention in the patch notes (which is the point of the article)? If so, you're posting on the wrong website.

  12. Re:Trojan for Mac had to appear some day... by Anonymous Coward · · Score: 5, Funny

    Sir, you're never going to get modded up here if you continue to insist on posting clear, intelligent and rational comments that actually discuss the issues involved, backed up by your personal knowledge and experience.