New Mac Virus Discovered, Making the Rounds

← Back to Stories (view on slashdot.org)

New Mac Virus Discovered, Making the Rounds

Posted by Soulskill on Friday June 29, 2012 @10:31AM from the sharing-is-caring dept.

sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."

65 of 239 comments (clear)

Min score:

Reason:

Sort:

Misuse of the term "virus". by Kenja · 2012-06-29 10:35 · Score: 5, Insightful

I know its overly popular these days to call any malware, trojan or other malicious bit of software a virus, but they really dont meet the definition. Frankly, I cant think of a real virus being released in quite some time. Which just seems lazy to me.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
1. Re:Misuse of the term "virus". by nurb432 · 2012-06-29 10:38 · Score: 5, Insightful
  
  Misuse use of terms like this really pisses me off.
  Like 'hacker', 'pirate', 'theft', and a host of others that have been twisted to the point of being ludicrous.
  
  --
  ---- Booth was a patriot ----
2. Re:Misuse of the term "virus". by toadlife · 2012-06-29 10:38 · Score: 3, Insightful
  
  "Virus" is the new "hacker". Get over it.
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
3. Re:Misuse of the term "virus". by cpu6502 · 2012-06-29 10:44 · Score: 2
  
  This would be a trojan horse.
  
  --
  My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
4. Re:Misuse of the term "virus". by jhoegl · 2012-06-29 10:56 · Score: 4, Funny
  
  I know right?
  I mean, since when did a pirate never sail the seas drinking rum and killing people for their loot? I mean they actually worked for it!
  But now a days, you got these kids sitting at home, browsing sites, looking for software that is outside their financial reach so they can learn it to get a good job.
  What a bunch of ass grabbers!
5. Re:Misuse of the term "virus". by Anonymous Coward · 2012-06-29 11:14 · Score: 2, Insightful
  
  We shouldn't constantly accept wrong terms just because they somehow crept into the language.
6. Re:Misuse of the term "virus". by Alwin+Henseler · 2012-06-29 11:15 · Score: 3, Insightful
  
  Or popular use of the word becoming a generalization for a class of items, as opposed to a specific item in that class. In other words: the average Joe might care to know what malware is (and use "virus" to describe it), but doesn't care enough to devote brain cells in keeping virus / trojan / backdoor etc apart.
  We might expect better from /. editors, but then again... ;-)
7. Re:Misuse of the term "virus". by philofaqs · 2012-06-29 11:29 · Score: 2
  
  Yet the non terms Virii and boxen seem to be acceptable here - real people don't know or care about the technical definitions, all they know is it's buggering up their machine.
8. Re:Misuse of the term "virus". by ubrgeek · 2012-06-29 11:30 · Score: 2
  
  Not to mention "C+C" ... I'm sure the crappy band would object to being associated with malware*. I think the term is C2 - Command and Control.
  
  *Although it would mean more popularity than they've had in years.
  
  --
  Bark less. Wag more.
9. Re:Misuse of the term "virus". by humanrev · 2012-06-29 11:45 · Score: 4, Funny
  
  What, like Game of Thrones?
  
  --
  Most people on Slashdot are fucking idiots.
10. Re:Misuse of the term "virus". by nadaou · 2012-06-29 12:17 · Score: 3, Insightful
  
  the /. editor is not doing his job, which makes the site a worse place to visit.
  
  --
  ~.~
  I'm a peripheral visionary.
11. Re:Misuse of the term "virus". by hairyfeet · 2012-06-29 12:51 · Score: 3, Insightful
  
  Oh please! You say trojan to the average user and the want to know why their PC needs a rubber, you say backdoor and they start looking for that rubber for their PC and you say rootkit you get a deer in the headlights look.
  Frankly, and I'm sure i'll get hate for saying this but ask me if I care, truth is truth, is that most of those I've seen that really REALLY care about that is because they are "true believers" who want to use it to say "But it doesn't count!" like an 8 year old demanding a do over on the playground. I have sat here on this very forum literally gobsmacked by people that otherwise seem intelligent saying "Only if it installs without the user does it count!" like the world owes them a do over.
  Honestly folks to the end user it doesn't matter if it gets in from the front, back, or from stage left if it fucks their shit up, puts their ID at risk, or turns them into a spammer? Then its a bug, simple as that. if you want to quibble over semantics that is YOUR business but to 99% of the population a bug is a bug is a bug.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
12. Re:Misuse of the term "virus". by k(wi)r(kipedia) · 2012-06-29 14:12 · Score: 3, Informative
  
  But now a days, you got these kids sitting at home, browsing sites, looking for software that is outside their financial reach so they can learn it to get a good job.
  If you sit at home the only thing within reach would be the keyboard. Seriously, I thought the two M's (including some P) was the stuff most kids got off the Net. That's why you get all these BT lawsuits from the entertainment industry, but few from the BSA, which prefers to target people who don't just sit at home all day.
13. Re:Misuse of the term "virus". by Gilmoure · 2012-06-29 14:44 · Score: 5, Funny
  
  Romanes eunt domus?
  
  --
  I drank what? -- Socrates
14. Re:Misuse of the term "virus". by interkin3tic · 2012-06-29 14:58 · Score: 5, Insightful
  
  A friend of mine was doing an internship in Washington DC, he saw on a schedule a congressional briefing thing about piracy. He went assuming it was about napster etc. It was actually about Somalia. He walked away caring about online piracy a little less.
15. Re:Misuse of the term "virus". by Anonymous Coward · 2012-06-29 17:14 · Score: 2, Informative
  
  Some good analogies to teach your average joe about interweb threats.
  
  VIRUS: The girl have an STD.
  MALWARE: The girl have crabs.
  TROJAN: That girl is 2 weeks pregnant.
  
  All with the same solution, dont have slutty sex.
16. Re:Misuse of the term "virus". by Pfhorrest · 2012-06-29 19:20 · Score: 2, Insightful
  
  The only way to patch the "bug" of stupid users being able to install malware on their computers is to prohibit users from installing arbitrary software on their computers, which would be a much bigger bug than any social exploit vulnerability.
  If the system didn't get infected by exploiting some weakness of the system, but rather by exploiting a weakness of its user, then the system is not at fault. THIS is why people get defensive. Much like making DRM work, it is impossibly to completely patch the social-exploit hole without destroying general purpose computing in the process, so stories of some social exploit making the rounds on one platform or another say nothing at all about the security of that platform.
  THAT is why people get defensive when you say "see, Macs are vulnerable too!" at every story like this. If the only way someone can get into my house is if I invite them in through the front door, then my house is secure, as the only way to plug that hole would be to keep me from having guests over at all.
  
  --
  -Forrest Cameranesi, Geek of all Trades
  "I am Sam. Sam I am. I do not like trolls, flames, or spam."
17. Re:Misuse of the term "virus". by Dwonis · 2012-06-29 19:44 · Score: 2
  
  the /. editor is not doing his job, which makes the site a worse place to visit.
  You must be new here.
18. Re:Misuse of the term "virus". by Pfhorrest · 2012-06-29 21:22 · Score: 2
  
  That wasn't always the case with Windows, though; with Outlook and IE, you could at one point infect your system just by reading an email or visiting a website. I still have completely nontechnical clients to this day who are under the impression that it is not safe to visit a suspicious site or read a suspicious email because you might get a virus, so this was a common enough problem to get into even the densest parts of the popular consciousness.
  Windows security has improved since then, but THAT was the angle that the "Macs are more secure" claim came from. You weren't just going to end up with a virus by looking at the wrong thing. Which was really more to speak of the absolutely horrid state of Windows security than anything special about Mac security, but with the various other *nixes not really in the public consciousness at all, Mac vs Windows is the topic at hand.
  
  --
  -Forrest Cameranesi, Geek of all Trades
  "I am Sam. Sam I am. I do not like trolls, flames, or spam."
19. Re:Misuse of the term "virus". by PuritySyrup · 2012-06-29 23:38 · Score: 2
  
  And the first bug was Elk Cloner for mac...and?
  The first named virus was Elk Cloner for the Apple II. The Apple II was not a Mac. It's not like it's hard to look up the facts and get them right. http://apple2history.org/history/ah23/
20. Re:Misuse of the term "virus". by sco08y · 2012-06-30 08:33 · Score: 2
  
  I guess PHISHING and WORMS were just self-explanatory, and the parent didn't want to get special-modded "Too Much Informative".
What is wrong with you people? by imagined.by · 2012-06-29 10:42 · Score: 4, Insightful

Malware, not virus. Virii aren't installed by the users themselves...
Thank you very much.
1. Re:What is wrong with you people? by KhabaLox · 2012-06-29 11:06 · Score: 4, Informative
  
  http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us#Virus
  
  --
  Ceci n'est pas un sig.
2. Re:What is wrong with you people? by newcastlejon · 2012-06-29 11:08 · Score: 4, Insightful
  
  No it doesn't, but hepatitis isn't a virus anyway. Hepatitis can be caused by a number of different pathogens and viruses are only one kind. Off the top of my head, Listeria can cause it and so can Cryptosporidium (bacteria and protozoa respectively). Of course this is all academic since your analogy was doomed from the start. You'd have had better luck if you compared it to kissing a person with a cold sore (Herpes) on their lips.
  
  --
  If God forks the Universe every time you roll a die, he'd better have a damned good memory.
3. Re:What is wrong with you people? by raque · 2012-06-29 11:27 · Score: 2
  
  I use Little Snitch to watch for such things. Unfortunately, with modern software bits and pieces are always calling home. I spend a few hours a week looking up stuff to find out who is doing what.
4. Re:What is wrong with you people? by ColdWetDog · 2012-06-29 11:31 · Score: 3, Insightful
  
  But it's an interesting term to use in this discussion because the lay definition is exactly that - hepatitis as a viral infection. Even if it's not the most common form of hepatitis (it would be alcoholic hepatitis in the US at least), it's the one that most people think of.
  That isn't to excuse Slashdot editors or submitters for not making that distinction. Somebody needs to wave the pedantic flag now and again.
  
  --
  Faster! Faster! Faster would be better!
5. Re:What is wrong with you people? by BronsCon · 2012-06-29 11:31 · Score: 3, Insightful
  
  But, that's anti-virus software, and Macs don't have viruses!
  This. Right here. Is why. It. Is. Dangerous. To claim. Your. Platform. Does. Not. Have. The same. Security needs. As. Any. Other. Platform.
  Hopefully that was slow enough for everyone to follow.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
6. Re:What is wrong with you people? by Rosyna · 2012-06-29 11:32 · Score: 5, Informative
  
  The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?
  Mac OS X has an automatic malware scanner. The malware definitions are checked for updates daily, automatically.
  The last update to the definitions was on June 26th, 2012. I do not know if it contains the definitions for this malware yet.
7. Re:What is wrong with you people? by beelsebob · 2012-06-29 11:35 · Score: 5, Informative
  
  The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?
  Yes, there's built in protection against selected malwares, come mountain lion, unsigned, or signed-with-revoked-certificates binaries will not run by default either.
  
  Does the OS X possess mechanisms to monitor or block outgoing traffic?
  Yes, and they're turned on by default.
  
  Does this system even has a proper driver structure to allow insertion of your monitoring pass-through driver into the TCP or disk driver stack?
  Yes, you can use dtrace to monitor this kind of thing if you want.
8. Re:What is wrong with you people? by thetoadwarrior · 2012-06-29 11:39 · Score: 3, Insightful
  
  You're more than welcome to get virus scanners or anything that windows has and it has a firewall. But it already asks you to make sure you're certain you want to run something downloaded and if someone is willing to ignore that and still run a application that someone stranger sent to them then there isn't much hope for them. Idiots will disable anything if they want to run something.
9. Re:What is wrong with you people? by theArtificial · 2012-06-29 11:58 · Score: 2
  
  Pretty much any software with activation. Adobe Creative Suite, Maxon Cinema 4D are two that I can think of off the top of my head. Typically it's when they're first run, and when checking for updates. It's not some spontaneous dialing that happens randomly (that would require a service).
  
  --
  Man blir trött av att gå och göra ingenting.
10. Re:What is wrong with you people? by 517714 · 2012-06-29 12:52 · Score: 3, Insightful
  
  As you are a slashdotter, we can safely assume your having sex is purely hypothetical.
  
  --
  The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
11. Re:What is wrong with you people? by jbolden · 2012-06-29 12:59 · Score: 3, Informative
  
  OSX is a unix of course it allows insertion of software between the real and virtual TCP stack, the dev filesystem.
  Here are two common utilities that wrap that functionality:
  http://www.metakine.com/products/handsoff/
  http://www.obdev.at/products/littlesnitch/index.html
12. Re:What is wrong with you people? by Farmer+Tim · 2012-06-29 13:16 · Score: 4, Insightful
  
  True enough, most people do think viral when hepatitis is mentioned, but you wouldn't get away with that kind of imprecision in a professional medical forum. I suppose how much a similar terminological distinction matters depends on how close you consider /. is to being a professional tech forum...
  [lightbulb]
  ...OK, it's futile, I get it...
  
  --
  Blank until /. makes another boneheaded UI decision.
13. Re:What is wrong with you people? by Architect_sasyr · 2012-06-29 14:50 · Score: 2
  
  Eh I'm an idiot. Ignore.
  
  --
  Me failed English...
  FreeBSD over Linux. If my comments seem odd, this may explain...
14. Re:What is wrong with you people? by DarkOx · 2012-06-29 15:21 · Score: 2
  
  Antivirus software is the wrong approach. To be frank as a security profession AV software alone is worth nothing. Its reactive in terms of signatures and Flame pretty much proves the heuristics don't work. Spend just a few moments slightly modifying any of the common packers so its not quite strait off the net and you still get meterpreter past all the majors.
  AV is there to hopefully with lots of dumb luck catch you if your dropped the ball some place else.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
15. Re:What is wrong with you people? by metrix007 · 2012-06-29 18:34 · Score: 2
  
  OS X does not have a malware scanner. It has a list of malicious checksums and only checks files saved through certain applications. Download a malicious file through a torrent for example, and it won't raise a flag.
  It isn't a scanner and should not be stated to be one.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
16. Re:What is wrong with you people? by drsmithy · 2012-06-29 19:16 · Score: 2
  
  I was refering to the user, not the system. Lion's a consumer OS with a focus on consumption of media and apps, rather than a general purpose OS, like Snow Leopard.
  
  Please tell me about the "general purpose" things I can do in Snow Leopard that I can't do in Lion.
17. Re:What is wrong with you people? by Uberbah · 2012-06-30 02:16 · Score: 2, Interesting
  
  This. Right here. Is why. It. Is. Dangerous. To claim. Your. Platform. Does. Not. Have. The same. Security needs. As. Any. Other. Platform.
  Speaking perfectly normally: they don't. Trojans have existed on Unix variants for decades, but that doesn't mean that the Unix community has been the cesspool of malware that Windows has been. Same for Apple.
  If Nintendo ran ads touting the lack of a Red Ring of Death on the Wii, would that equate to saying that the Wii has had zero issues with malfunctioning hardware? You should see a doctor about that broken sense of proportion.
  
  some people do truly think that Apple can do now wrong and that
  Which people, exactly. Periodically I'll ask haterz on Slashdot to point some out, and it usually goes like this:
  So where are these fanboys, exactly.
  "Everywhere, just look around!"
  You'll have no problem finding some examples then
  Crickets
Point and grunt ? by billcopc · 2012-06-29 10:54 · Score: 4, Funny

Pardon my crystallized forebrain, but what's "point-and-grunt" ? Is that one of those newfangled hipster Fail-on-Rails thingamabobs that goes into the weird rounded USB thing on my tee-vee ?

--
-Billco, Fnarg.com
1. Re:Point and grunt ? by drinkypoo · 2012-06-29 11:14 · Score: 5, Funny
  
  Pardon my crystallized forebrain, but what's "point-and-grunt" ?
  It's a Zune function. It's what you do before you squirt.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:Point and grunt ? by Darinbob · 2012-06-29 11:28 · Score: 2
  
  I don't know what's worse, having the grunts or having the squirts.
3. Re:Point and grunt ? by LordLucless · 2012-06-29 11:33 · Score: 3, Informative
  
  I've heard the term before, but not for a while. When I used to hear it, it was a dig at the intelligence of GUI users, as opposed to people who used the CLI. Since the GUI's become so dominant, I haven't heard it nearly so much. Looks like the OP's a recessive.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Re:So what's so special about this one? by cpu6502 · 2012-06-29 10:56 · Score: 3, Insightful

Only reason it's a big deal is because Apple used to advertise OS X "doesn't get PC viruses." So when a Mac gets one, now everyone jumps on it with a /. article to show apple was wrong.
BTW Apple just removed their claim: http://www.huffingtonpost.com/2012/06/25/mac-virus-apple_n_1625110.html

--
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Re:Excuse me... by wierd_w · 2012-06-29 10:56 · Score: 2

Oh, so its like windows in bootcamp then?
Why is this news? by Grayhand · 2012-06-29 10:58 · Score: 4, Insightful

It's hard to blame Mac when you open an infected file. People have been unwittingly installing Malware and other infecting programs onto Macs for years. This is very different from one that propagates without the help of the user. It's a non story.
1. Re:Why is this news? by 93+Escort+Wagon · 2012-06-29 11:23 · Score: 4, Insightful
  
  Well, except when this happens in the PC world at least some subset of folks do blame Microsoft for it, and loudly.
  There was a time when Microsoft WAS at fault - back in the days of Slammer, for example. But most of the malware that goes around anymore relies on social engineering to propagate, because Windows and OS X are really pretty secure.
  
  --
  #DeleteChrome
2. Re:Why is this news? by thetoadwarrior · 2012-06-29 11:45 · Score: 4, Insightful
  
  Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.
3. Re:Why is this news? by 93+Escort+Wagon · 2012-06-29 12:36 · Score: 4, Insightful
  
  Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.
  Except remember how Safari had a similar issue several years ago? It could automatically launch stuff that was downloaded just by virtue of you hitting the wrong page? That's why you get asked now - that was part of the fix Apple added to solve the problem.
  I've been a Mac user since 2003. I like the OS, and I think it's had a pretty good security track record overall... but Apple's definitely made a few missteps along the way. Nothing of the sheer magnitude of Slammer or Blaster - the only remote OS X exploit I can remember required the attacker to be on the same subnet (think it was an AFS exploit, but I might be mis-remembering).
  
  --
  #DeleteChrome
4. Re:Why is this news? by 93+Escort+Wagon · 2012-06-29 12:47 · Score: 2
  
  I realize it can be bad form to reply to oneself, but I wanted to correct one thing - the remote exploit I was thinking of was the 2003 local subnet DHCP exploit. That was a remote root exploit that required the attacker to be on the same subnet.
  The AFP exploit was from 2010, and could provide remote access to a user's home directory. Still bad, but not at the same level of bad.
  
  --
  #DeleteChrome
5. Re:Why is this news? by TheRaven64 · 2012-06-29 21:04 · Score: 3, Informative
  
  Except remember how Safari had a similar issue several years ago? It could automatically launch stuff that was downloaded just by virtue of you hitting the wrong page?
  That particular issue was related to the definition of 'safe' files. By default, every web browser runs some kinds of files, in particular HTML and (usually) JavaScript and images. If you have a vulnerability in your png renderer or HTML parser, for example, then opening any web page will exploit the browser. The only difference with Safari was that PDF was included in the list of files that are safe. The same applies to most browsers with the Adobe plugin installed. The Adobe plugin has also had a number of vulnerabilities in recent years.
  The problem here wasn't running code by default, it was loading untrusted data through a large body of complex code outside a sandbox. Chromium and Safari (and, I think, IE9) now open everything that's downloaded from an untrusted source and loaded automatically in an environment with reduced privilege. The Chromium sandbox is a bit better (although it varies a lot depending on the platform: on Windows it's pretty poor) and runs at a finer granularity, so with Safari an exploit may still give an attacker access to state held by other tabs (the same applies to Chromium if you have more than some threshold number of tabs open - 20, I believe).
  
  --
  I am TheRaven on Soylent News
simple summary. by pbjones · 2012-06-29 10:58 · Score: 2

this isn't a virus, it doesn't replicate. It's an email trojan. It's not a Mac or PC exploit, because it exploits the person not the machine. And it's got a very specific target. Thanks for the warning, I won't, and don't click on attachments anyway.

--
There was an unknown error in the submission.
Re:So what's so special about this one? by plate_o_shrimp · 2012-06-29 11:12 · Score: 2

Only reason it's a big deal is because Apple used to advertise OS X "doesn't get PC viruses." So when a Mac gets one, now everyone jumps on it with a /. article to show apple was wrong.
Well, it's still true that OS X doesn't get Windows viruses. Perhaps a tautology, but true nonetheless....

--
This sig has exceed its monthly bandwidth allotment.
Re:So what's so special about this one? by easyTree · 2012-06-29 11:15 · Score: 2, Funny

Clearly this is propaganda perpetrated by Mac-Haters.

--
Requiem for the American Dream
Re:Impossible! by Demolition · 2012-06-29 11:16 · Score: 2

No most users feel malware is malware outside of slashdot and saying its not a virus as a way to build your ego is stupid.
The GP pointed out that a trojan horse is not a virus. Trojans need user interaction while viruses are self-propagating. Saying that most users can't tell the difference between them (as you appear to be insinuating) is just plain silly.

Its like saying she is clean! Then you contract hepatitus. But she says she is virus free with a smile and goes on how clean she is.
You've said this twice now. None of the previous commenters has said that Macs are immune to viruses. Either your English comprehension is lacking or you're deliberately trying to stir things up.
Re:So what's so special about this one? by thetoadwarrior · 2012-06-29 11:43 · Score: 3, Informative

This story isn't covering a virus either. It is a malicious application but one that relies on an idiot running an application from a stranger and ignoring the warning suggesting that maybe you shouldn't open it.
Give me a fucking break by Legion303 · 2012-06-29 11:52 · Score: 3, Funny

Kaspersky discovered that if users willingly execute files that turn out to be malicious, their computers will be backdoored.
In other news, I discovered that fire produces heat. Please front-page this important announcement immediately.
Re:Yawn by LinuxIsGarbage · 2012-06-29 12:59 · Score: 3, Informative

Wake me up when they find something that can infect a Mac connected to the internet when no is one using it. You know, kind of like "install windows, connect to internet, pwned in 15 minutes"?
Anyone can do a user-mode trojan that says "PLEEZE INSTAWL ME! I'M A UPGRAYD!"
That was only an issue with Pre- WindowsXP-SP2 computers. SP2 was released 8 years ago. With SP2 Windows firewall came enabled by default, which protected unpatched services (like SMB) from being connected directly to the internet.
Comment removed by account_deleted · 2012-06-29 13:25 · Score: 5, Informative

Comment removed based on user account deletion
Jesus, not again by sootman · 2012-06-29 13:52 · Score: 5, Insightful

I know Slashdot editors are famously lazy ('sup, guys!) but why does the summary they posted say "The attachment tricks the Mac user into installing..." when TFA* clearly says "the [attack] described here relies on social engineering to get the user to run the backdoor"? You know, just like every single other Trojan out there?!?** The attachment itself is totally benign until someone clicks on it several times. (Even if you view the message with webmail with Safari's "Open 'safe' files after downloading" in its (admittedly brain-dead) default "checked" position***, you still have to click on the attachment link in your webmail and then double-click the visible file to run it.) The only way this actually happens is if someone reads the email and takes a few steps on their own. As always, the attachment itself does nothing.****
Slashdot has been a techy news site for a decade and a half now. You'd think errors as blatant as this would get caught by the editors, even with their usual lack of checking.
You know what would be an awesome site? Exactly what Slashdot is, but with better editors. (And maybe lay off the JavaScript some.)
Anyway: sky is blue, water is wet, sun rises in the east, and all computers--by definition--are vulnerable to trojans. Film at 11.
And by the way, WTF is "point-and-grunt"? Does that imply that users are dumbly clicking on things? If so, doesn't that also imply that the users just might be the problem? Trojans are trivially easy to write. Here's one in one line:

echo "rm -rf ~/*" > NataliePortmanHotGrits.jpg.command; chmod 755 NataliePortmanHotGrits.jpg.command

Voila. Type that into Terminal, email it to all of Slashdot, and wait for a great disturbance in the Force, as if millions of home directories suddenly cried out in terror and were suddenly silenced.
* I know no one here reads them, but I think the submitter should, right? Even if they don't, they should just submit the URL and not make up shit for the summary.
** Which is to say, like every single Mac "virus" of the last decade as well.
*** Apple even puts "Safe" in quotes, so they obviously know that's not an ideal term. They should set it to "off" by default--and then remove the option.
**** Unlike the bad old days with Outlook Express' infinitely more brain-dead "Hey, let me run that executable attachment for you!" setting.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
1. Re:Jesus, not again by PPH · 2012-06-29 14:54 · Score: 2
  
  And yet, Slashdotters will still click on links promising more info. followed by [goatse.cx] and then scream, "My eyes!"
  Social engineering works.
  
  --
  Have gnu, will travel.
Re:So what's so special about this one? by awyeah · 2012-06-29 14:54 · Score: 2

Gatekeeper is not mandatory.

--
Why, no, I haven't meta-moderated lately. Thanks for asking!
Re:Well that kills that myth... by cheros · 2012-06-29 18:53 · Score: 2

I never believed that anyway. What IS interesting, however, is that every AV vendor now actively prevents analysis of how many virus infections exits per platform, which is actually a very significant bit of data.
Windows malware numbers in the millions (30M, last time I was able to get a figure), whereas OSX malware numbers somewhere in the 40K by now. That's a shade over 1% of the exposure that Windows platforms have - which still makes it a heck of a lot less risky.
The only drive-by infection (Java based) has now been addressed, so I'd say that if you don't install stuff you don't know you're still better off using OSX (or Linux, I'm hoping someone who actually understands usability will get involved on that platform).
But there is no excuse not to install anti virus software on OSX - facts are still better than myth..

--
Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
Misuse of the term "encrypted". by Dwonis · 2012-06-29 19:43 · Score: 2

This sentence is downright terrible:

Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server.
Not only does it misuse the term "virus", as you mentioned, but it also misuses the term "encrypted". The correct term here is "obfuscated". The obfuscation code might happen to contain something that looks very similar to AES, but it isn't encryption (and it certainly isn't AES) if the "key" can just be recovered from the executable.
Re:Windows IS still a Security Nightmare by __aaqvdr516 · 2012-06-30 02:36 · Score: 2

Or maybe she installed a program and it was bundled, like about a hundred other programs that can be installed via bundling. Just try and install a Java update without it asking to install a toolbar.