Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Trojan For Windows Ported To Mac OS

Posted by CmdrTaco on from the run-for-cover dept.

An anonymous reader writes "A Remote Access Trojan (RAT) for Windows, known as darkComet, has been ported to Mac OS X. The new backdoor Trojan is not yet finished, but it could be indicative of more underground programmers attempting to take advantage of Apple's growing market share."

38 of 263 comments (clear)

  1. Besides missing link, summary isn't accurate.. by intellitech · · Score: 5, Informative

    darkComet (aka darkComet-RAT) is the name of a remote administration tool, which BlackHoleRAT's control functionality is derived from. The trojan is actually called BlackHoleRAT, but regardless, here's an article link.

    And, while I'm going, the distortion of the term "trojan" is starting to test my patience. A trojan horse is a piece of software that is deceptive in nature, one which appears to perform a desirable function, but, in fact, steals information or harms the system its occupying. This application, darkComet-RAT, is referred to as a trojan itself all over the web in news articles relating to this beta of "BlackHoleRAT," which is NOT the case. darkComet-RAT is a legit remote administration tool, similiar in functionality to VNC, and should be treated as such.

    I understand this butchering of the acronym "RAT," between its use as "Remote Administration Tool" and "Remote Access Trojan" may be confusing, as with all acronyms that use the same letters, but please, for the love of god, do some damn fact checking, and this would be less likely to happen.

    Grumble grumble grumble.

    --
    vos nescitis quicquam, nec cogitatis quia expedit nobis ut unus moriatur homo pro populo et non tota gens pereat.
    1. Re:Besides missing link, summary isn't accurate.. by hax4bux · · Score: 5, Funny

      Looks like someone has a case of the Mondays

    2. Re:Besides missing link, summary isn't accurate.. by Yvan256 · · Score: 3, Funny

      And I measure the speed of my car in fractions of parsec.

    3. Re:Besides missing link, summary isn't accurate.. by Yvan256 · · Score: 4, Funny

      You're gonna get your ass kicked, man.

    4. Re:Besides missing link, summary isn't accurate.. by Anonymous Coward · · Score: 2, Informative

      Well, darkcomet isn't technically a trojan anymore than CoDC's Back Orifice is, but both are designed to be installed by subverting OS security restrictions and run stealthily. And while both have legitimate remote administration functions, they also have some not-so-legitimate ones well (i.e keyloggers). Let's face it, darkcomet and its ilk are designed to be used by black hat (wannabes). I doubt you would ever find them installed by any responsible IT dept for RA of business desktops.

      It may not be a trojan itself, but it's designed to be used as a payload for trojan software.

    5. Re:Besides missing link, summary isn't accurate.. by JustOK · · Score: 5, Funny

      slow car. I once did a kettle corn run in less than 12 fathoms.

      --
      rewriting history since 2109
    6. Re:Besides missing link, summary isn't accurate.. by CannonballHead · · Score: 2

      Erg. I did not mean to mod troll. Posting. Sigh.

    7. Re:Besides missing link, summary isn't accurate.. by squizzar · · Score: 2

      Always thought of that as an odd brandname - I always associate it with a trojan horse. A thing that appears to be for pleasant purposes but once taken into an inner sanctuary will allow something nasty to escape that will ruin your day. I can't say it's a reassuring thought...

    8. Re:Besides missing link, summary isn't accurate.. by by+(1706743) · · Score: 2

      ...or 9.8 meters per second the "force" of gravity.

      Or think gravity is, dimensionally, a velocity...

    9. Re:Besides missing link, summary isn't accurate.. by RadioElectric · · Score: 2

      It's accurate in that you don't want this particular Trojan to open and release all of your little Greeks into your partner's Troy.

    10. Re:Besides missing link, summary isn't accurate.. by MrLint · · Score: 2

      I measure my speed as a fraction of plaid.

    11. Re:Besides missing link, summary isn't accurate.. by AliasMarlowe · · Score: 2

      And I measure the speed of my car in fractions of parsec.

      So do I.
      One femtoparsec per second is about 111km/h (nearly 70mph for the traditionalists). Go faster than that, and you risk getting a ticket on the highway here.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    12. Re:Besides missing link, summary isn't accurate.. by Yvan256 · · Score: 2

      If you go faster than that, you can go tell yourself to go slower so you won't get a ticket in the future.

    13. Re:Besides missing link, summary isn't accurate.. by MozeeToby · · Score: 2

      Not that hard, just need the right prefixes and it's not even that bad to deal with.

      For instance, I drove down the freeway at 3.65 picoparsecs per hour. Even an easy, if rough, conversion: MPH / ~20 == pParsecs / hour

    14. Re:Besides missing link, summary isn't accurate.. by EvanED · · Score: 2

      AT&T supplied me with a small piece of hardware for my adsl connection. AT&T refers to it as a modem even though it doesn't modulate or demodulate anything.

      Wikipedia disagrees: "Broadband modems should still be classed as modems, since they use complex waveforms to carry digital data. They are more advanced devices than traditional dial-up modems as they are capable of modulating/demodulating hundreds of channels simultaneously."

      Hopefully this dumbing down of language doesn't creep into areas where specific words are used to convey precise meanings, like medicine or engineering.

      I hope it doesn't cause any heart attacks.

    15. Re:Besides missing link, summary isn't accurate.. by hairyfeet · · Score: 2

      The one that gets me is how many home users think storage space is memory. They'll come into my shop and say "I want more memory!" and I'll say "No problem, how much you want? 2Gb? 4Gb?" and they say "I want enough memory to hold all my songs!"

      As for TFA, sorry Mac guys but it was inevitable. it was only a matter of time before you got on the bad guys radar and now that Mac is Intel based they can cook up a Hackentosh if they don't want to shell out for a Mac to have a nice target to practice on. After all it isn't like the parts your average Mac has is rare and exotic anymore. Hell just look at the way Android has been hit lately, with increasing popularity comes more malware, because the simple fact is ALL OSes are extremely complex pieces of code now, and with complexity comes vulnerability. Not to mention the weakest points in Windows (Adobe Flash and Reader for example) usually have a Mac counterpart.

      So allow me to be one of the first to say "Welcome to the game OSX users". Soon you'll have to have AV and actually pay attention to what you are doing same as the Windows guys. Of course I knew this a couple of years back when I had a local SMB buy into magical thinking with "If we replace Windows with OSX we'll never have to worry about security again!" and promptly got pwned when his teenager trying to get free porn installed the DNS Changer bug. It turned out the classic "Want to see teh boobies? Instal our free "Iz_Not-a-Bug codec" social engineering crosses OS boundaries quite well.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Or... by vague+disclaimer · · Score: 2, Insightful

    ...it could be Sophos trying to drum up trade...

    1. Re:Or... by vague+disclaimer · · Score: 3, Informative
      I didn't say they wrote it.

      But Sophos has pushed out alarmist trolling press releases every quarter or so for years now all implying how OSX is about to be hit by a tidal wave of viruses, worms etc (other sites have credited Sophos as the source of this story - not Slashdot though, it seems.

  3. Am I insane? by Scorch_Mechanic · · Score: 5, Insightful

    Normally, I'd read The Fine Article just to get a hint of what this story means, but there isn't any links and the summary is vapid and useless. It is a non-story. Allow me to distill its meaning: "A piece of malware (a remote access backdoor ill-defined thingy that probably isn't a trojan) for windows was ported to mac. This is probably bad. Considering Apple's 'growing market share', what could it mean?"

    Bravo slashdot. A new low.

    --
    You should turn signatures off.
  4. So just another remote access tool. by alexandre_ganso · · Score: 2

    Slow day, cmdrtaco??

  5. Re:It was just a matter of time by chaim79 · · Score: 5, Informative

    Hmm, you spout off on some stupid controversial opinion without even checking if it has anything to do with the topic on hand, yes you are a troll.

    Though part of the fault is that whoever made this summary is also a troll, DarkComet is a Remote Administration Tool (Emphasis on TOOL) similar to VNC, SSH, etc. There is nothing about this that is Virus or Trojan related.

    --
    DEMETRIUS: Villain, what hast thou done?
    AARON: Villain, I have done thy mother.
    Shakespeare invents 'your mom'
  6. In other news by michelcolman · · Score: 5, Funny

    MacOS X actually comes bundled with a tool that is able to wipe the entire hard disk! Up till now this has not caused widespread mayhem yet, but considering Apple's growing market share...

  7. Re:It was just a matter of time by david.emery · · Score: 5, Insightful

    The medical model for disease works for computer viruses too. You need both a vulnerability and a vector. The number of potential hosts increases the attractiveness of the host for a virus (whether through natural evolution or malice aforethought.) The number of hosts also increases the vector span. But there still has to be a vulnerability!

    Similarly, we need for the countermeasures to be demonstrated as both "safe and effective." My personal experience with Mac OS 9 and earlier anti-virus applications is that they were not very "safe", they caused a lot of problems. For OS X, I'm waiting for some reasonable demonstration of "effective" based on real-world threats. Predictions of doom from anti-virus vendors (who most certainly have a vested financial interest) that are not substantiated with real-world experiences are not persuasive to me.

    By the way, what is the measured track record for successful penetrations observed by third parties, i.e. "in the real world", for both Win 7 and Mac OS? The argument that "Mac OS claims to be secure ... [by] not targeted as much" rings hollow to me. You'd think if vulnerabilities exist in a platform that is growing by leaps and bounds at the -high end- of the market would have garnered some successful penetrations, if nothing else than for the "glory of hacking the supposedly secure platform."

    dave

  8. Re:It was just a matter of time by benwiggy · · Score: 5, Interesting
    I'm still not convinced by the "market share" argument. The traditional rebuff is that Mac OS 9 had more malware than OS X, despite a smaller market share.

    There may well be large gaping holes in Mac security. The question is: why is no one exploiting them? I don't mean winning a competition, but maliciously or criminally using them.

    At what percentage of market share does it become viable to start writing malware? 25%? 50%? 75%?

    Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough? As we all know, Mac users are computer illiterates with far more money than sense. Surely this sector would seem ideal for targeting by malware writers?

    Assuming the reason for the lack of malware is NOT the inherent robustness of the OS; and it's NOT the market share: then what IS it?

  9. Re:It was just a matter of time by Yvan256 · · Score: 4, Funny

    You owe me a new bottle of iced tea and a new keyboard.

  10. Re:It was just a matter of time by vague+disclaimer · · Score: 2

    Consensus according to whom? Your evidence is?

  11. Not yet finished?!?! by Comboman · · Score: 4, Funny

    The new backdoor Trojan is not yet finished

    What the hell, even malmare is vaporware now? Can I put in a pre-order for it to infect my computer sometime next year?

    --
    Support Right To Repair Legislation.
  12. Re:It was just a matter of time by metrix007 · · Score: 2
    Malware these days is about money. Malware is deployed through distributed attacks such as browser or pdf flaws.

    Why spend time developing an exploit that will target at an extreme maximum 10% of the market, when you can spend the same time and effort and target 80% of the market? Given an equal amount of work, would you not choose the option that yeilds a significantly larger ROI?

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  13. Re:It was just a matter of time by metrix007 · · Score: 2

    Because a user does not have to give explicit permissions. Trojans don't have to run as admin, it depends on what they are trying to do. Simply sending out spam or recording keystrokes doesn't require admin access.

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  14. Badly formed argument by hellfire · · Score: 4, Insightful

    Anti Troll missiles locked on.

    As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS./

    Sitation please? If you are going to make such a statement, please site studies and facts. In fact there is NO direct causal link, and you are abusing the statement without facts and citations. That said, I would agree that I think there is causal link, but you are further abusing the statement by not citing the magnitude, which is where proper citations would help. Windows has thousands of variants of malware. Mac OS X is in the dozens still, if that. No system is completely secure, and there will always be attempts to compromise a system, but saying ONE piece of malware suddenly brings Apple crashing in flames and "zOMG Mac OS X is teh insecurez they will be pwned!" is the worst kind of hyperbole imaginable.

    The zealotry was on show yesterday in the OS X article where it was stated that OS X is more insecure than windows

    I looked for an article yesterday on slashdot and the only article I found was one about how Apple is inviting security experts to look at their system. Sounds like a pretty responsible thing if you ask me, and I found no mention of this yesterday. Perhaps you'd like to review your citations?

    People persecuting MS for poor security are living in the past.

    Again, no citations. You sound like a MS schill. MS still has a poor record, period. Sure it's getting better but it's massive exaggeration to try to say that somehow MS gets a pass because 6 years ago they were utterly shitty shitty shitty, and suddenly now it's okay because they have improved to stinky farty smelly.

    Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.

    How odd, Marketshare doesn't seem to have an effect on how secure an operating system is, because 90% marketshare never encouraged Microsoft. I do hope security remains forefront on Apple's mind, because they are the underdogs here and it will only continue to help them to be focused on security as they continue to compete for more marketshare, but here's another example of how off kilter your rant is.

    Now I'm just waiting to be modded troll....

    You will be, but just one more thing to nail the coffin shut. This is a goddamn fucking TROJAN HORSE!!! Do you know what that is? Do you remember the goddamn story of Troy? There's good movie released a few years back you should watch it. A virus is something getting in without your action or knowledge, but a Trojan horse requires the user perform an action, and the way it gets in is simply by deceiving a human being. You can inject a trojan horse into any system and hope to own it, Windows, Mac OS, UNIX, or other, just send the admin an email and hope he's stupid enough to open the attachment and do the work for you! You can't put a malware scan on the brain of an uneducated admin. It's not the fault of the OS makers if the admin is uneducated enough to open a file that they should not trust.

    Like many rants before it, your rant is like buying the most secure home security system in the world, then giving the key to a random person on the street for safe keeping, and complaining to the security company when your house is robbed.

    --

    "All great wisdom is contained in .signature files"

  15. Re:It was just a matter of time by ModernGeek · · Score: 3, Interesting

    Not to mention that face that GP didn't even take into account that MacOS 9, with a much smaller deployment base than MacOS X, had TONS of viruses for it. Deployment base != Infection rate. If this were the case, Linux Servers would be riddled with viruses. I'm pretty sure the GP is a troll, his last sentence is a troll within itself.

    --
    Sig: I stole this sig.
  16. OSX who cares by vlm · · Score: 2

    What matters to me, is does it run on Linux under WINE?

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  17. Re:It was just a matter of time by countertrolling · · Score: 2

    "financial interest", reproductive "interest". What's the difference? Rich guys get the babes. A complex life form is motivated by precisely the same principles as a single string of DNA. We are nothing more than an accretion of symbiotic life forms with a bit more centralized control than a jelly fish. And besides, everything we create is a result of a biological brain. So computer viruses are very "biological" within in its own framework.

    --
    For justice, we must go to Don Corleone
  18. Re:It was just a matter of time by catmistake · · Score: 2

    How is that more secure?

    Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.

    --
    The Admin and the Engineer
  19. Re:It was just a matter of time by Relayman · · Score: 2

    I didn't know about that one. Thanks for the info. I'll see how to block it until Apple gets it fixed.

    --
    If I used a sig over again, would anyone notice?
  20. Re:It was just a matter of time by jo_ham · · Score: 2

    No, it's not typical.

    It's just that Mac users face an unending storm of abuse from people who don't use OS X for our choice of OS. Most of us are not zealots, or fanboys, and run multiple systems and OSes - right tool for the right job etc.

    I try not to define my self worth by the operating system I use - the same can't be said for platform zealots, but they exist on all major platforms. I'm sure there are some BeOS zealots around here. Last time I took a poll, both BeOS users told me "Windows sucks!".

    Rampant, trollish "windows sucks!" posts are no more representative of the Mac user base than the rabid anti-Apple troll in the other thread on here at the moment.

  21. Re:It was just a matter of time by wastedlife · · Score: 2

    Just because you do not frequently encounter it, doesn't mean it isn't used by others. darkComet is not a trojan. A trojan is something that either installs some sort of malware or is itself some sort of malware under the guise of being a legitimate application. Also, having a secure OS does not prevent a trojan, because the software is installed willingly by the person administering the machine.

    darkComet is a normally useful tool, that is being used by a trojan called Blackhole RAT(the actual trojan they should be talking about in this article). There are plenty of trojans and other malware out there using netcat or VNC to control machines remotely, does that mean netcat or VNC are trojans?

    --
    Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
  22. Re:It was just a matter of time by pandrijeczko · · Score: 2

    You need to be aware of what versions of daemons (like SSH, HTTP, FTP, SAMBA, etc. etc.) are running on your system currently.

    You then sign up to security alerts, from your OS vendor, but preferably from somewhere like CERT who will report the vulnerabilities first. If a security vulnerability is reported on something you are running, then ideally you'd turn it off until it's fixed by the OS vendor; if you can't, then wrap some connectivity restrictions around it from a firewall, TCP wrappers or network ACLs to restrict what IP addresses can connect to it. Then patch it when the OS vendor releases an update.

    Anyone who cares about security should do this - just because you run Apple doesn't make you special.

    --
    Gentoo Linux - another day, another USE flag.