Slashdot Mirror
New Version of the MaControl Trojan Spotted In the Wild
EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."
A wild MaControl appears!
The article commits the worst sin of all - the extra apostrophe. The plural of Mac is Macs. Not Mac's. Reading that is like snagging my eye on a nail.
Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.
This space unintentionally left unblank.
Saying it has never convinced the Mac community though. All those years of MS bashing will eventually come full circle.
Computers store valuable information, linux, windows, bsd, osx, they are all computers they all have something of value to steal. I've always thought just as the computing industry has smartened up to malicious activity so have the criminals, biding their time with Apple I've always thought was a long term investment, wait until there was enough Mac users out there so that when you make a run on people's CC details you make it a good one.
Remember it took 10 years for MS to learn their lesson, talking about what would kill Apple, a 10 year long "I told you so" would do it. I guess that'll never happen because eventually (after they suck up their pride) they can ask MS or even Trend/Norton/McAfee for help, which they will because Apple is completely unprepared for the shit storm that is to follow.
Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.
compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".
but the average mac user will likely be more sensible. I hope.
the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.
.jpg does not mean that site can tell if their computer "has a virus".
to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.
linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a
you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.
MacControl isn't a virus. It's a Trojan and Macs are just as vulnerable as Windows PCs or Linux PCs for that matter because users can bypass any OS security.
Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.
This is about as nefarious as me sending a batch file to you saying 'run this safe file'.
It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that, as the message itself appears to be gibberish, with an attachment. The least they could have done is put something that even remotely interested the user into opening the attachment, rather than a random string of alpha characters.
FTFA:
Kaspersky Lab’s researchers analyzed the Mac OS X backdoor and concluded that the malicious application is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. However, Kaspersky Lab’s system detects the malicious variant as “Backdoor.OSX.MaControl.b.”
Don't forget about GAY PORN. Gigabytes and gigabytes of the gayest, hairiest, sweatiest, large-cocked ass-pounding with spurts of semen flying everywhere. Black men, white men, ladyboys, furries...yes. Porn SO GAY and lots and lots of it. Like a big pride parade with lots and lots of real gay sex. Freddie Mercury and Rock Hudson would be proud, ahh, the progress of society.
Gay, gay, gay.
Wow Anonymous Coward, you describe the GAY PORN experience with such vivid and enthusiastic detail, that you must have extensive first hand experience.
Thank you for being so brave to come out of the closet and share your experience. I just hope that your boyfriend is okay with all of your PORN viewing.
Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.
This is about as nefarious as me sending a batch file to you saying 'run this safe file'.
It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that .
Yes I would assume this Mac attack will prove successful only among those geeks who normally would fall for this seeming legit instruction...
http://failblog.files.wordpress.com/2012/07/epic-fail-photos-fail-nation-seems-legit-fail.jpg
Ha HA you got him AC is a total fag.
Slashdot: providing anti-social weirdos a soapbox, since 1997.
After all, everyone knows that Mac's can't get viruses.
After all, everyone knows that ACs can't use apostrophes correctly.
Apple is completely unprepared for the shit storm that is to follow.
You're right, of course. Apple is completely unprepared.
And keep in mind that those features are already installed in an OS that has a spotless track record as far as self-replicating malware (worms and true viruses, rather than stupid-ass Trojans).
So yeah, Apple is just sitting there with their proverbial pants down, waiting for insertion...
Clueless moron.
the average mac user paid more money for a mac because they thought windows was too hard.
No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.
From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.
If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.
Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.
Apple's germ free environment is why when the malware industry does hit. It will hit them hard.
Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.
One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.
From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.
...And then you respond with a personal attack.
Moron.
If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.
Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.
Apple's germ free environment is why when the malware industry does hit. It will hit them hard.
So, let me get this straight: You said that "Apple is completely unprepared for the shitstorm that is to follow.". I countered with unequivocal proof that your statement was false. And now, since your statement has been refuted, you SWITCH your argument to a combination of an ad hominem attack (which was couched in a statement that you weren't going to respond to me calling you a clueless moron (which you are)), but more importantly, you now say that one aspect of Apple's security methodology (signed binaries) is "too restrictive" (because it's too restrictive for Devs. to sign up for a FREE signature (Developer accounts cost $100/yr, and that includes as many certs. as you wish to create; or you can use an industry-standard cert. from any one of a number of authorities).
But what you failed to realize is that GateKeeper's "sterilization-level" is adjustable by the user; so s/he can decide for hirself how much digital E. Coli that they want to subject themselves to.
From the "What is Security" guide I linked to in my original response to your "Completely Unprepared" post: Gatekeeper gives you three security options. Just like today, you can download and install apps from anywhere on the web. Or you can choose the safest option and download and install apps only from the Mac App Store. Or use the default option, which allows you to download apps from the Mac App Store as well as those signed with a Developer ID. If an app is unsigned, Gatekeeper blocks the app from being installed and warns you that it did not come from an identified developer. If you’re sure the app is safe, you can manually override Gatekeeper by Control-clicking the app and choosing to open it.
So, since in ANY setting of GateKeeper, the user is free to 'eat the tainted meat' with just a Click, tell me how GateKeeper is "unsavory to ones computing freedom."???
But the biggest question is: "How does all this mean that APPLE is "completely unprepared"? From where I sit, it looks like OS X is much MORE prepared than Windows or Linux for any possible "shitstorm".
the average mac user paid more money for a mac because they thought windows was too hard.
No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.
*citation needed because your name shows your heavily biased*
Education needed because your posting shows you don't understand basic grammar. (you/you're).
Oh wow. A comment based on my username. How completely unoriginal...
You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?
And attend ANY Linux developer conference. MacBooks as far as the eye can see. Do you really think THOSE people are using Macs because they "Can't figure out Windows?"
In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'.
So, you're saying that my kubuntu box is less secure than my Win 7 box? Because Windows frustrates the hell out of me, the kubuntu box just keeps chugging along without problems. Example: Bluetooth. I bought a dongle to move pictures from my phone, and it came with no Linux install disk. After installing the software on my Win 7 box and rebooting twice, it was flaky but worked. Linux? I just plugged the dongle in and it worked. Fifteen minutes of installation and reboots vs one second to plug it in. At least once a month and often more often I have to install Windows patches and reboot, often several times. With Linux the notification pops up and I click it and continue doing whatever it was that I turned the PC on for in the first place.
MS's vaunted useability is a myth propagated by those who grew up with Windows. Those of us whose first computer was tape driven and BASIC/Assembly-based, then DOS, then Windows, had no problem at all using Linux. Ten years ago there were driver issues, but I haven't seen them in a long, long time.
Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.
Macs are more resiliant; you won't get a virus on one. But this is a trojan, not a virus. I don't care what OS you're using, if I can convince you to install a piece of software as root, I own your computer.
It doesn't matter if you're running Windows, iOS, or even NSA Linux, if you're downloading warez you're putting yourself at risk. Most Linux users won't touch a piece of software that isn't in the repository. I'm not so sure about Mac users.
Free Martian Whores!
Your analogy has quite a few flaws. You are in effect saying that the cave man (windows) has a better immune system (AV software). Macs and Windows are more like cats and dogs; they don't get the same diseases.
As to your cave man eating raw meat, dying from eating raw meat is far more recent. Fifty years ago you could safely eat raw hamburger, chicken, or eggs with little risk of food poisoning and in fact many people enjoyed chicken and hamburgers cooked rare, but ranching methods have changed drastically. We use to make eggnog -- it's a mixture of raw egg yolk, milk, sugar, and cinnamon. It was traditionally used on Christmas because raw egg yolk contains an emzyme that combats hangovers, but try that today and you'll be far more miserable the next day, because one in three eggs now has salmonella.
If you fed a cave man a raw steak from today's grocery store, he'd get as sick as you would.
Free Martian Whores!
I remember that slanderous campaign, showed how sad and desperate apple had become. Make up a bunch of BS lies and then hide them under the generic "PC" name so that it wasn't considered the fraud it was. PC became the new brand X, and as long as they didn't say either Windows or that they don't have those problems then it was technically legal. The first step towards the patheticness that is apple, now they patent troll instead using patents of ideas they stole from others (like patenting Neonode's slide to unlock patent, patenting the Sony Vaio, the Android Vega tablet from 2009...)
And I'll bet you think they are all running OSX too.... sorry to burst your bubble, but they aren't. They are using Linux
Funny. You're the first person I have EVER heard that called the ad campaign "slanderous" or "lying".
WTF are you talking about with you babbling about "stolen patents" and "Android Vega tablets" and "Sony Vaio"???
But since you are, we'll discuss these one at a time:
1. Patenting Neonode's "slide to unlock": Well, the patent case in question was against HTC, but it wasn't HTC that was considered by the UK Court to be "Prior Art"; it was ANOTHER phone (the Neonode) that had an "unlock gesture". Although on a touch-screen device, it's kind of hard to avoid SOME kind of unlock GESTURE... So I guess both Apple AND HTC might have infringed... But isn't is curious that NeoNode didn't see it as "infringement", or wouldn't THEY have sued APPLE???
2. Patenting Sony's Vaio: This is just asinine. Are you saying that because the Vaio is thin, and the MacBook Air (and now MBPwRD) are thin, that SOMEhow "Apple Patented the Sony Vaio"??? Yeahrightsure. The Vaio is a milled aluminum "Unibody" construction. Yeahrightsure. The Vaio has a glass, multitouch trackpad with the left-button built-in. Yeahrightsure. The Vaio has MagSafe. Yeahrightsure. The Vaio has Thunderbolt. Shall I go on?
3. Andoid Vega Tablet from 2009. The WHAT? You mean that big IPHONE clone??? Riiiiight. Let's just take a look at the TIMING of who had what first: You're saying that Apple, who already HAD an iOS (f/k/a iPhone OS)-based, ARM-based, capacitive multitouch device ON THE MARKET for TWO YEARS prior to the Vega tablet, SOMEHOW tooled-up the iPad in the TWO MONTHS between the Vega's ANNOUNCEMENT on November 13, 2009, and the iPad's ANNOUNCEMENT on January, 27 2010. If you believe that is even remotely possible for ANY company, even one the size of Apple, you are SADLY mistaken, and of course know NOTHING about R&D and manufacturing processes. Keep in mind that Apple had HUNDREDS of WORKING iPads to show around and even GIVE AWAY at that January, 2010 announcement. In fact, the Vega wasn't even supposed to be on the market until WELL after the April, 2010 "on-shelf-date" of the iPad. So who is copying who here? It's not that the iPad looks like the Vega, it's that the Vega looks like.... AN IPHONE. And, as we all know, by 2009 there were already MILLIONS of iPhones in people's (and apparently Innovative (ha!) Converged Devices' Seattle (Hmm. Redmond?) labs, too, eh?)
And what's all this "bet you think they are all running OS X too. [...] They are using Linux."
What's the antecedent of the word "They" in your blathering? Are you talking about the NeoNode N1, the Vaio, and the Vega? Or are you talking about the iPhone, the MacBook Air and the iPad? Because in EITHER case, you are incorrect. The NeoNode N1 and the Vega Tablet run ANDROID, which is NOT Linux, any more than iOS is OS X. Yes, they are derivatives; but with enough differences to make them classified as their own OSes. And as far as the Vaio goes, I'm pretty sure that MOST (if not all) of them went out of the factory with WINDOWS installed, NOT Linux.
And I really shouldn't have to explain to ANYONE on Slashdot that OS X (nor iOS) ISN'T LINUX. So, you
Does MacOS boast ASLR? Do your research is DEP and get back to me :)
http://blog.lumension.com/5365/what-the-security-features-of-apples-mountain-lion-mean-for-the-enterprise/
And ASLR was adopted 12 months ago and updated system patching. Looks like what Micrsoft has done for years Apple has caught up in some ways.
What is noteworthy is Apple cant make their OS secure enough to hold FIPS 140-2 certification.
So now, it doesn't matter that Apple HAS certain security features; but rather WHEN they were adopted? Again, changing the parameters of the original statement "completely unprepared".
OS X has had limited ASLR since 10.5 (Leopard), which launched in 2007. Windows introduced limited ASLR in Vista, which launched... in 2007. So where are those "years" you crowed about? BTW, you will note that not only does Windows ASLR have to be disabled for "compatibility reasons", but that it has several known shortcomings. In contrast, OS X 10.8 (Mountain Lion)'s ASLR appears to be not only system-wide, but also a much more robust implementation than in either Windows or Linux.
And as far as FIPS 140-2 is concerned, both OS X and Windows 7 can be brought to FIPS 140-2 Level 1. Neither goes further. But keep in mind that NIST hasn't had a chance to test against OS X Mountain Lion (10.8), which has security features that are stronger than its predecessors. So now what?
Oh, and apparently you are behind on your reading; for here is an Apple Tech Support document on how to set up and maintain a FIPS-compliant system in OS X 10.7 (Lion). The tech support article also has "Additional Information" regarding OS X's FIPS 140-2 compliance.
So, you might do just 10 seconds of research before you open your mouth next time, AC.
Oh, and that article you mentioned is far from unbiased, and is chock-full of inaccuracies and hyperbole, as I have pointed out in this comment. However, a complete analysis of the lies and exaggerations in that article would take about 10 pages, and I don't have time for that right now, especially for an AC.
Now go learn about stack based overflows and heap based overflows. Then see how OS's like Linux has had ASLR since 05. Then go find papers on ALSR's and their various methods of circumventing them.
Unless you go for an OS with dtrace or similar managing direct syscalls and question every single one of them you'll be hard pressed to find a faultless OS. Fact of the matter is Lion is the first OS of Apples to host a fully pledged ASLR and many within the industry are skeptical it will up to the test.
My philosophy is this and what has been proven to me time and time again, regardless of what you put into an OS someone somehow if needed will find a way to get around it. New methods are always discovered and shared in places like packetstorm and securityfocus, many are not and kept secret until they wish to pillage from the online world.
Apple is 4 years behind, get over it!
http://www.ijailbreak.com/jailbreak/ios-5-1-untethered-jailbreak-aslr-pod2g/
the average mac user paid more money for a mac because they thought windows was too hard.
No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.
I felt that way back in the mid 1990s. So I switched to Linux.
I continue to be glad that I did. I started out with Red Hat and have also tried Debian, Slackware, and Suse. I eventually settled on Gentoo some years ago because I like to customize, which especially includes the security options available when you build from source (like SSP). I also enjoy having such a wide variety of software available in the package manager. Not to mention, the Gentoo forums are some of the very best I've seen anywhere. I often refer to them even when helping friends who are not using Gentoo because the information is high-quality and oriented towards understanding the issue rather than "follow these steps".
I'm probably not a part of Apple's target market. Apple makes a fine desktop computer, especially for users who are not technically-minded and don't have any curiosity about how the system works. I have seen several frustrated, non-technical Windows users suddenly have a great experience with Macs. However, I have a philosophical problem with walled gardens and I believe Apple's stance on intellectual property is harmful to the industry. I realize that ultimately, only reform of patent law is going to really fix that situation, but Apple seems particularly zealous on this front. When Jobs was in control he also promoted a suffocating, dehumanizing (well, more than usual) corporate culture that I personally would never want to work in. These things make me disinclined to vote for them with my wallet.
Compared to the above, this is a minor and admittedly somewhat petty concern: it's also undesirable to me that so many Apple customers seem to think that they're showing how cool they are by sporting the logo. It's not that I think I'm cool for not joining them; it's that this idea and the marketing that goes with it is hollow, superficial, and does not provide for me a good reason to invest non-trivial amounts of money in a product.
So, I can't help but to wonder: are you one of these rabid fanboys or can you handle the idea that someone might have reasons for disagreeing with something you seem to be quite satisfied with? Because I definitely understand that Linux is not for everyone, in fact I admire that it doesn't pretend to be. If someone isn't going to like Linux, I would encourage them to use what does work for them. What I would not do is try to force a square peg into a round hole.
It is a miracle that curiosity survives formal education. - Einstein
You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?
I believe you chose a poor example there. I mean, advertisements are the most biased source of information imaginable.
... ... if you ask Microsoft.
Consider that Windows is the greatest OS ever!
Note that I agree with the basic premise that for average non-technical users, OSX provides a better experience than Windows. The higher cost for similar hardware, the deliberate incompatibilities of various peripherals, and the Microsoft monopoly are probably the major reasons Apple does not have a larger marketshare. I just think you chose a particularly weak method of making your point.
It is a miracle that curiosity survives formal education. - Einstein
Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.
One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.
In my opinion people take system compromises far too lightly merely because they are common.
The danger is not having to periodically "clean their PC". That's a nuisance to be sure, but it is only a nuisance. No, the danger is that a piece of malware might help some criminal to "clean" their bank accounts. That kind of simple theft is bad enough; have you ever considered the prolonged nightmare that identity theft could cause? These are much, much worse than having to run a virus (etc.) scanner once in a while.
By replacing Windows with something that's not-Windows, you performed a real and worthy favor for them. I sure as hell wouldn't stand there and do nothing while my parents are exposed to these risks. Like you, I also set them up with Linux. They like it better anyway because it "just works" and they can focus on whatever they were trying to do.
It is a miracle that curiosity survives formal education. - Einstein
How brave of you to log in and stand behind your arguments! Oh wait, the other thing.
You're in no position to be critiquing anyone, kid. Learn to log in first, then we'll talk.