Slashdot Mirror
New Mac Virus Discovered, Making the Rounds
sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."
I know its overly popular these days to call any malware, trojan or other malicious bit of software a virus, but they really dont meet the definition. Frankly, I cant think of a real virus being released in quite some time. Which just seems lazy to me.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Malware, not virus. Virii aren't installed by the users themselves...
Thank you very much.
Well, since this is a trojan and not a virus, your statement is sort of silly and makes you look stupid.
---- Booth was a patriot ----
There aren't. What is being called "viruses" are trojans and other malware that requires the user to install them.
Gonna cover every OS X exploit now ???
What's so special with this one? Is it bringing down the net? Infected millions of machines in a matter of days? Clogging some high-profile sites with junk traffic? Never-seen-before technique for gaining entry?
Yeah, there's malware on OS X too. Get over it.
Now I have to add Uyghur Activist Porn to my list of porn sites to avoid, for fear of getting a virus...
I sure hope I can remember not to click on any of that stuff.
In times of universal deceit, telling the truth gets you modded -1 Troll
I was told there would be no viruses.
Reading that I feel like an old man, disconnected from the modern day. Is some new tech online porn technology that I've missed out on? Please... I NEED... TO... KNOW... !!!
Pardon my crystallized forebrain, but what's "point-and-grunt" ? Is that one of those newfangled hipster Fail-on-Rails thingamabobs that goes into the weird rounded USB thing on my tee-vee ?
-Billco, Fnarg.com
It's hard to blame Mac when you open an infected file. People have been unwittingly installing Malware and other infecting programs onto Macs for years. This is very different from one that propagates without the help of the user. It's a non story.
this isn't a virus, it doesn't replicate. It's an email trojan. It's not a Mac or PC exploit, because it exploits the person not the machine. And it's got a very specific target. Thanks for the warning, I won't, and don't click on attachments anyway.
There was an unknown error in the submission.
Headline calls it a virus, submission text an exploit. It's neither, it's a fucking Trojan installing a backdoor. Even Kaspersky says so.
Summon the fanboi spin squad! They have been getting a workout lately.
It's not a trojan, its a feature.
The GP pointed out that a trojan horse is not a virus. Trojans need user interaction while viruses are self-propagating. Saying that most users can't tell the difference between them (as you appear to be insinuating) is just plain silly.
You've said this twice now. None of the previous commenters has said that Macs are immune to viruses. Either your English comprehension is lacking or you're deliberately trying to stir things up.
So you have to recieve an email from somone who has been infected, unzip the file, start the program, disregard the warning about running downloaded programs and type in root password? :)
Scary stuff!
You really deserve to e infected by then.
lists like http://www.okean.com/chinacidr.txt are nice and hand to feed into your edge router.
they need to fucking stop. fuck russia. it was bad enough when these israeli and russian "anti-virus" shit heads were shaking down microsoft now their going after the big money with their scareware bullshit.
Kaspersky discovered that if users willingly execute files that turn out to be malicious, their computers will be backdoored.
In other news, I discovered that fire produces heat. Please front-page this important announcement immediately.
Wake me up when they find something that can infect a Mac connected to the internet when no is one using it. You know, kind of like "install windows, connect to internet, pwned in 15 minutes"?
Anyone can do a user-mode trojan that says "PLEEZE INSTAWL ME! I'M A UPGRAYD!"
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Comment removed based on user account deletion
I know Slashdot editors are famously lazy ('sup, guys!) but why does the summary they posted say "The attachment tricks the Mac user into installing..." when TFA* clearly says "the [attack] described here relies on social engineering to get the user to run the backdoor"? You know, just like every single other Trojan out there?!?** The attachment itself is totally benign until someone clicks on it several times. (Even if you view the message with webmail with Safari's "Open 'safe' files after downloading" in its (admittedly brain-dead) default "checked" position***, you still have to click on the attachment link in your webmail and then double-click the visible file to run it.) The only way this actually happens is if someone reads the email and takes a few steps on their own. As always, the attachment itself does nothing.****
Slashdot has been a techy news site for a decade and a half now. You'd think errors as blatant as this would get caught by the editors, even with their usual lack of checking.
You know what would be an awesome site? Exactly what Slashdot is, but with better editors. (And maybe lay off the JavaScript some.)
Anyway: sky is blue, water is wet, sun rises in the east, and all computers--by definition--are vulnerable to trojans. Film at 11.
And by the way, WTF is "point-and-grunt"? Does that imply that users are dumbly clicking on things? If so, doesn't that also imply that the users just might be the problem? Trojans are trivially easy to write. Here's one in one line:
Voila. Type that into Terminal, email it to all of Slashdot, and wait for a great disturbance in the Force, as if millions of home directories suddenly cried out in terror and were suddenly silenced.
* I know no one here reads them, but I think the submitter should, right? Even if they don't, they should just submit the URL and not make up shit for the summary.
** Which is to say, like every single Mac "virus" of the last decade as well.
*** Apple even puts "Safe" in quotes, so they obviously know that's not an ideal term. They should set it to "off" by default--and then remove the option.
**** Unlike the bad old days with Outlook Express' infinitely more brain-dead "Hey, let me run that executable attachment for you!" setting.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
MOD Billy Gates UP!
So there's a Windows version of it that targets Tibetan activists but they bothered to make a mac version of it to...in case Tibetan activists had macs? WHAT?! I don't think they have that kind of money. Something doesn't quite add up there. Whatever, I don't care as long as it knock Apple down a peg again. That "we're magically immune to viruses" crap they finally removed from their website was about 10 years overdue.
Well this pretty much kills that myth that Mac's have been mostly immune to viruses and malware. Especially if it shows pictures of Steve Jobs to which your typical mac fanboy/girl will pray to the almighty Jobs in Apple Heaven and rapidly click to install this.
You must master your joystick like a fisherman masters bait! - Gimpy
which propogates through a zipfile attachment.
Apple builds an operating system from BSD, and we're still using zip? what is wrong with society? bzip2 has been around for a LONG time, and has MUCH better compression. LZMA (used by 7zip) is better yet. Start using the decent software that comes bundled with your OS, and maybe I'll listen to a complaint about it.
Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server.
Not only does it misuse the term "virus", as you mentioned, but it also misuses the term "encrypted". The correct term here is "obfuscated". The obfuscation code might happen to contain something that looks very similar to AES, but it isn't encryption (and it certainly isn't AES) if the "key" can just be recovered from the executable.
I thought it was worms that were self-propagating and viruses actually overwrite or append to system files.
Sure - and they're just such "nice programs", just like viruses!
Simple reasoning:
"Free-tibet sceners are most likely to use macs."
I wonder how effective it was?
Does this install silently or does it ask for a user/pass?
Microsoft has been using all sorts of sleazy business tactics to destroy competition and to extract as much money from their customers (who could only buy from monopolist Microsoft) as somehow possible.
According to many observers, Microsoft has trolls like you doing Negative Propaganda on sites like this. Just bring it on, I have a nice Flammenwerfer here. You know, the one fueled with Hydrazine.
"AV software alone is worth nothing"
Can't you think about all the antivirus vendors and their hundreds of millions of victims ? They have set up such a nice scam to have nice jobs and yachts for the bosses in Florida, the Med and the Black Sea !! Be ashamed to undermine that nice system !!!!
How do you prove your claim's accuracy ? Maybe it actually is one of the bazillion of Windows Weaknesses such as the recently fixed "Icon Parser Exploit" issue ? Maybe your claim is just wishful thinking ?
..are trumpeting up something for their respective financial gain, which actually is a none-issue (it is the same as a Windows machine receiving an email with an *.exe attached). That is interesting, and should be flamed to the full extent.
We know, that is standard M$ propaganda mode. "Security Development Lifecyle" and all that. Sometimes I think Bill Gates is a Comedian.
Chinese Intelligence have historically tried to gain access to dissident/separatist computers by means of quite sophisticated attacks such as malware-infested PDFs which used Weaknesses in Acrobat Reader.
They attack Macs using a Purely Social Engineering attack. That implies there are no PDF exploits on the Mac. And again, this is not a Virus at all. Go playing with the Windows idiots, Virus Scanner Scammers !
Or maybe she installed a program and it was bundled, like about a hundred other programs that can be installed via bundling. Just try and install a Java update without it asking to install a toolbar.
Not really. What would you do if the hard drive broke - put a new hard drive in the "hard drive"?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I read postings until my eyes became tired, and never found any valuable responses about the original posting. Like how we avoid this problem. Does anyone have valuable feedback about this to help us Mac users avoid this trouble?
Always make sure to only execute programs from a legitimate source. Never, ever execute a program that was sent to you by mail. Even if the mail also contains a picture of a nice girl from Moldavia with huge boobs who asks you to do that. When you download a program, never use scammer sites such as softonic or the like. Always identify the original site and download programs only from these sites. (e.g. Firefox from mozilla.org). If in doubt where to get a certain piece of software, ask people for help. Either in reality or in internet forums.
Once again, the Windows faction and their sleazy backers from Redmond are trying to paint it as if other systems were as insecure as Windows, and this incident is absolutely 0% proof of that claim.
She got what we call a "bundle bite" which is common as dirt friend and comes from "free" software, all that means is she just went "clicky clicky next next next" and refused to even take 4 seconds to look at what she was agreeing to. Since most of the bundle bites have a checkbox that you can uncheck to keep out the toolbars I'd be hard pressed to call that one anything but PEBKAC since unlike a bug they aren't trying to trick you, they just figure you're too damned lazy to even uncheck a checkbox.
BTW next time she needs some software, mind a suggestion? Ninite has all the third party stuff most folks want, media players and browsers and messengers and all kinds of software and TOOLBAR FREE so she doesn't even have to uncheck any checkboxes, its fully automated. Just have her check a box for each piece of software she wants and run it, simple as that. You can even use it to see if you have the latest versions as it'll skip any install that is up to date.
ACs don't waste your time replying, your posts are never seen by me.