MacControl Trojan Being Used In Targeted Attacks Against OS X Users

Trailrunner7 writes "Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers have now taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in the Windows world. Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks."

Microsoft (:

Now how cool is that. A new threat is found for the Mac platform and it's in a Microsoft product of course.
It's an improvement on the previous round, though. Last time it was about malware that required you to actually install it :D

Re:Microsoft (:

[Grishnakh]

Since when was the US Government in the business of doing things for the good of humanity?

Re:Microsoft (:

[recoiledsnake]

Now how cool is that. A new threat is found for the Mac platform and it's in a Microsoft product of course.
It's an improvement on the previous round, though. Last time it was about malware that required you to actually install it :D

However, it's an interesting counter-point to the commenters who regularly comment(and get modded up to 11) "How about MS fix security in Windows instead of taking down botnets/shipping antivirus etc.). There is no way to secure an OS from application exploits short of iOS style lockdown, which these very commenters would slag as "TAKING AWAY MY FREEEDOMZZZ". Sorry, but blaming Windows holes has become passe, especially after malware for OS X and Android(run on a Linux kernel which we are told is secure compared to Windows) has come out.

Re:Microsoft (:

[Nerdfest]

An iOS style lock-down wouldn't help. It could just as easily been another piece of software, they tend to pick those that are widely deployed.

Re:Microsoft (:

[mjwx]

There is no way to secure an OS from application exploits including of iOS style lockdown, which these very commenters would slag as "TAKING AWAY MY FREEEDOMZZZ". Sorry, but blaming Windows holes has become passe, especially after malware for OS X and Android(run on a Linux kernel which we are told is secure compared to Windows) has come out.

Fixed that for you.

Remember that IOS gets exploited regularly, including remote exploits like JailbreakMe.com.

10,000 hipsters abandon the Mac

[hessian]

It's gone mainstream. Now that it has viruses, it's like the Miley Cyrus of computing.

Time to find something more obscure. OpenVMS on an Atom system with a retro GEOS interface. That's the ticket.

I used to like Apple before it was mainstream, but now I've moved on. Just like with White Ring and fixies.

Re:I guess that's what you get for using Microsoft

[bmo]

Interesting that this Mac exploit only applies to Mac users who use Microsoft Word

When you include a scripting language in your document spec, expect people to use it.

Good people and bad people.

--
BMO

patched three years ago

[MushMouth]

Actually this is what you get when you shut/put off updates.

Meh?

[Anubis+IV]

Macs had a flurry of trojans that hit them last year too. Apple put out the 10.6.8 update that allowed them to deliver daily anti-malware updates, and then used it to block every variant of the trojan within a matter of hours after it first appeared. Since 10.6 or above has been the default on all new Macs for the last 2.5 years, and Software Update is enabled by default to regularly check for updates, you can bet that the vast majority of Mac users will be receiving an automatic anti-malware update sometime later this week or next to deal with the trojan.

Re:I guess that's what you get for using Microsoft

[v1]

Writing a macro language for your anything that has the ability to silently add/edit the macros in other unrelated documents is just nine kinds of stupid.

Re:LoL

[Architect_sasyr]

I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.

Re:LoL

[lightknight]

That's quite alright. We find things that target Safari on Windows all the time, so I guess it's more of the same.

Re:LoL

[sg_oneill]

I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.

You may laugh, but its truer than you think. Many many moons ago I was admining a small network of linux desktops for students at the local university. Management , non technnical of course, demanded that internet explorer be installed on them. After protesting loudly and losing the argument, I ended up deploying ie6 across the network via wine. It took aproximately 3 days before they became infested.

In a strange way, I took that as a surprising confirmation of wine's compatibility.

In the end I replaced the Mozilla browsers icons with E icons and the office twonks where happy. God I hate tech support

Re:LoL

[omfgnosis]

I still don't understand this attitude, but I can count myself (a Mac user) lucky as a consequence. If I were trying to profit from exploiting home PCs, I would target the Mac first and foremost, as the userbase is substantial (millions), demographically wealthy (compared to the whole market) and typically security-ignorant. That's a perfect storm for exploiting for profit, and I'm frankly astonished it hasn't happened on a large scale yet.