Slashdot Mirror
Backdoor Trojan For Windows Ported To Mac OS
An anonymous reader writes "A Remote Access Trojan (RAT) for Windows, known as darkComet, has been ported to Mac OS X. The new backdoor Trojan is not yet finished, but it could be indicative of more underground programmers attempting to take advantage of Apple's growing market share."
darkComet (aka darkComet-RAT) is the name of a remote administration tool, which BlackHoleRAT's control functionality is derived from. The trojan is actually called BlackHoleRAT, but regardless, here's an article link.
And, while I'm going, the distortion of the term "trojan" is starting to test my patience. A trojan horse is a piece of software that is deceptive in nature, one which appears to perform a desirable function, but, in fact, steals information or harms the system its occupying. This application, darkComet-RAT, is referred to as a trojan itself all over the web in news articles relating to this beta of "BlackHoleRAT," which is NOT the case. darkComet-RAT is a legit remote administration tool, similiar in functionality to VNC, and should be treated as such.
I understand this butchering of the acronym "RAT," between its use as "Remote Administration Tool" and "Remote Access Trojan" may be confusing, as with all acronyms that use the same letters, but please, for the love of god, do some damn fact checking, and this would be less likely to happen.
Grumble grumble grumble.
vos nescitis quicquam, nec cogitatis quia expedit nobis ut unus moriatur homo pro populo et non tota gens pereat.
Macfags probably ported it themselves. They just feel left out, you know?
...it could be Sophos trying to drum up trade...
Normally, I'd read The Fine Article just to get a hint of what this story means, but there isn't any links and the summary is vapid and useless. It is a non-story. Allow me to distill its meaning: "A piece of malware (a remote access backdoor ill-defined thingy that probably isn't a trojan) for windows was ported to mac. This is probably bad. Considering Apple's 'growing market share', what could it mean?"
Bravo slashdot. A new low.
You should turn signatures off.
...they should note that the vast, VAST majority of it is iOS, not Mac OS X...
Slow day, cmdrtaco??
Beware, the sky is falling. All those other eeevul backdoor programs like SSH also work on a Mac.
The zealotry was on show yesterday in the OS X article where it was stated that OS X is more insecure than windows. This has been known for a long time...due to the lack of marketshare distributed attacks are not prevalent, but due to Apple's shitty security practices it was trivial to take over OS X at any given time with a targeted attack. Have they even gotten around to having full ASLR and DEP yet? No.
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS, while OS X doesn't even have basic protections in place and claims to be secure, simply taking advantage of the fact that they are not targeted as much.
Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.
Now I'm just waiting to be modded troll....
If you ignore ACs because they are anonymous - you're an idiot.
Condoms should always be used when going in the back door. You never know what windows can spread if practicing unsafe sex!
Boy, what I got was not what I was after....
Last week I installed several FireFox plugins. One of them managed to send out spam to all my contacts, using each of my email accounts. This is on a fully up-to-date Mac. How in the world does a browser plugin get that much access?
MacOS X actually comes bundled with a tool that is able to wipe the entire hard disk! Up till now this has not caused widespread mayhem yet, but considering Apple's growing market share...
I wish I had the ability to mod down an entire article...
Obviously when its a windows malware being reported, its somehow an OS flaw and now watch people "educate" us as to how this malware would only affect the stupid people, "its not the operating systems" fault .. oh good heavens no. It just means people can be tricked into installing bad stuff now. Facts are really really really important when its not microsoft. Then the second wave of idiots come along to point out some drive by exploit in a version of IE which is 10 years old and already patched. Whats that? Safari, Firefox all have had drive by exploits in them? Oh hush ! Linux has had privilege escalation exploits? More than the latest version of windows? Blasphemy ! Facts are not important now !! bla bla bla I can't hear you.. we must compare a 10 year old unpatched version of windows with the current day's linux source tree. Hush now ! Everyone knows that all you have to do is send a programming source text file into a server and everything is fixed. Responsibility for making sure the thousands of apps still work after the fix? Pshaw ! We're all serious OS hackers here.. you idiot !
Maybe now the artfags will shut the fuck up for ten seconds about how superior their overpriced fetish objects are?
Or... not so much. 'Bout time malware people took an interest.
It's not like you would have read the article anyways.
is which end do you start eating it from?
Oh, sorry, I misread that as Cornet.
Viruses attack computers. Virus writers write viruses so they can attack more computers! SHOCKING!
It's not fair
This software allow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.
Real administrators have had this functionality for years, it's called "ssh" with public key authentication. (There's absolutely no legitimate use for remote access with zero authentication.)
DarkComet is design with the latest IDE of Delphi
No one uses Delphi for writing serious software.
Works in chinese systems : The client is coded in a full natif Unicode environement then it can easily use and traduce in China, also since version 2.1 it works in all kind of Chinese operating system and display the correct Unicode characters.
Congratulations, welcome to the 21st century! Unicode has been supported by pretty much all mainstream operating systems for years. The fact that they have to mention it is indicative of poor software quality. Oh yeah, and the UI looks like it was designed by a 10-year-old in Visual Basic 6.
tl;dr, this program isn't worth bothering with for *any* operating system for any use. It's just so poorly written that it'll probably break while being used.
What the hell, even malmare is vaporware now? Can I put in a pre-order for it to infect my computer sometime next year?
Support Right To Repair Legislation.
Usage share of web client operating systems. (Source: Median values from Usage share of operating systems for January 2011.)
Windows XP (41.70%)
Windows 7 (25.42%)
Windows Vista (15.43%)
Mac OS X (6.92%)
iOS (iPhone) (2.05%)
Linux (1.64%)
Still below 10% even including iOS...
Seriously? RAT? Next you'll be telling me SubSeven and Back Orifice 2000 will be ported. Guess what, no ones gives a shit about any of them, they're all ancient and obsolete.
title say "ported" (past tense) and description says "not finished yet"
which is it?
Anti Troll missiles locked on.
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS./
Sitation please? If you are going to make such a statement, please site studies and facts. In fact there is NO direct causal link, and you are abusing the statement without facts and citations. That said, I would agree that I think there is causal link, but you are further abusing the statement by not citing the magnitude, which is where proper citations would help. Windows has thousands of variants of malware. Mac OS X is in the dozens still, if that. No system is completely secure, and there will always be attempts to compromise a system, but saying ONE piece of malware suddenly brings Apple crashing in flames and "zOMG Mac OS X is teh insecurez they will be pwned!" is the worst kind of hyperbole imaginable.
The zealotry was on show yesterday in the OS X article where it was stated that OS X is more insecure than windows
I looked for an article yesterday on slashdot and the only article I found was one about how Apple is inviting security experts to look at their system. Sounds like a pretty responsible thing if you ask me, and I found no mention of this yesterday. Perhaps you'd like to review your citations?
People persecuting MS for poor security are living in the past.
Again, no citations. You sound like a MS schill. MS still has a poor record, period. Sure it's getting better but it's massive exaggeration to try to say that somehow MS gets a pass because 6 years ago they were utterly shitty shitty shitty, and suddenly now it's okay because they have improved to stinky farty smelly.
Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.
How odd, Marketshare doesn't seem to have an effect on how secure an operating system is, because 90% marketshare never encouraged Microsoft. I do hope security remains forefront on Apple's mind, because they are the underdogs here and it will only continue to help them to be focused on security as they continue to compete for more marketshare, but here's another example of how off kilter your rant is.
Now I'm just waiting to be modded troll....
You will be, but just one more thing to nail the coffin shut. This is a goddamn fucking TROJAN HORSE!!! Do you know what that is? Do you remember the goddamn story of Troy? There's good movie released a few years back you should watch it. A virus is something getting in without your action or knowledge, but a Trojan horse requires the user perform an action, and the way it gets in is simply by deceiving a human being. You can inject a trojan horse into any system and hope to own it, Windows, Mac OS, UNIX, or other, just send the admin an email and hope he's stupid enough to open the attachment and do the work for you! You can't put a malware scan on the brain of an uneducated admin. It's not the fault of the OS makers if the admin is uneducated enough to open a file that they should not trust.
Like many rants before it, your rant is like buying the most secure home security system in the world, then giving the key to a random person on the street for safe keeping, and complaining to the security company when your house is robbed.
"All great wisdom is contained in .signature files"
What matters to me, is does it run on Linux under WINE?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Holy Shmoly, I just discovered my Mac has a trojan as well. Not sure if people are aware of this thing, it's called FTP. Not sure what it stands for, but it allows people to log into my computer and if they have the correct permissions, they can read, write and execute files!!!! Oh the humanity...
The real Sig captains the Northwestern. This one captains
This isn't about market share because OSXs market share hasn't significantly increased over the past several years. It's about 5% world wide and 9% in North America...right where it has been for a while now.
So, when is the release date; and will there be an opt-out?
Your sig ( "Friendly Reminder: Apple, Google, and Nintendo are the three for-profit corporations a Slashdotter is permitted to like." ) confused me, until I realized that most people probably don't realize that Red Hat consider is technically a for-profit corporation.
/me: ducks
If you mod me down, I shall become more powerful than you could possibly imagine.
Not to mention, there probably isn't anything you can do with RATKit (or whatever it's called) that you can't do with a one-line perl invocation.
If you mod me down, I shall become more powerful than you could possibly imagine.
No one should go anywhere NEAR the back door without a Trojan.
Surprise! Script kiddies have finally realized Mac users would make for easy targets. After all, they haven't been trained to install eleven malware scanners and click "cancel" on every popup that comes along.
How is this deemed newsworthy ? It's a computer, it's gonna get rooted. Hell, even BeOS had malware, and that OS was used by all of seven people.
-Billco, Fnarg.com
::Grab keyboard with two hands and smash into forehead::
As an IT admin, I think I'll run for the hills before my customers get infected. Better yet, maybe I should just call the police and tell them I read about a new trojan online and let them deal with it. Eek!
This is your wake-up call, macHeads. We march at dawn.
Do you have sex with strangers? Well, duh. Don't. Likewise don't inject strange software into your system.
Linux:
http://www.zdnetasia.com/linux-world-dismisses-new-trojan-risk-39009405.htm
The variant of a two-month-old Remote Access Trojan that attacks Linux machines has been categorized as a low risk. A Remote Shell Trojan (RST) is making its way around the Linux community, but security experts say it should not pose a risk if users are vigilant with the programs they run.
Fandroids hate facts.
Even if this was a super evil virus tool, it's got the same problem that every other mac 'virus' has- How do you get it on the system?
The last so-called 'Mac Virus' required roughly the following steps:
1. Go to dodgy porn site
2. Attempt to watch shady video
3. Download dodgy video codec no one's every heard of in order to watch shady video
4. Mount DMG file of dodgy video codec no one's every heard of
5. Run installer for dodgy video codec no one's every heard of from DMG
6. Enter an administrator login for installer for dodgy video codec no one's every heard of
That wasn't a virus, it was a cleansing of the biggest idiots from the mac community.
Why will this be any different? There's a billion remote admin tools that can be used maliciously for OS X- but it's not a trojan unless you can install and configure it without the user knowing, or better yet without them doing it themselves.
Apparently, some people don't notice the warning and timed delay involved when installing add-ons to firefox. I've often wondered about solutions to user complacency in such matters...
As far as a user application having full access to your data - this is pretty much the norm for everybody. The problem is that we only think in terms of user-level security and hardly any thought / design is given to security within the user's account. Sandboxes are a hack and not a real solution.
Firefox running under my account should be restricted to a subset of MY account - not another sandbox user with hacked in bridging so I can actually use it.
Couple ways I can think of right now that would fix this but they require significant changes to the OS... except OpenBSD which has the hooks to pull off many ideas (probably this is where the solutions will come from.)
I shouldn't need a 3rd party 'reverse' firewall to control what apps do online... I shouldn't have to create complex to impossible sandbox hacks to limit apps to their domain within my account. The fact that we have to do such things indicates a need for more design.
Democracy Now! - uncensored, anti-establishment news