New Mac Trojan Installs Silently, No Password Required

An anonymous reader writes "A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware."

cool ... good that I use OS 10.5

[acidfast7]

how about an article on every windows- or android-based trojan.

Re:cool ... good that I use OS 10.5

[plover]

Things constantly improve on all sides, including the quality and sophistication of attacks. But people naturally want to hang onto the old ideas in their heads, partly because they're not close to the "other" system, and partly because they don't like having their old decisions questioned or their assumptions challenged. The "Macs are perfect" idea is again proven faulty, but so are the Mac and Unix people who assign the same amount of failure to Windows 7 that they saw with Windows XP a decade ago.

It's not that Macs are "equally guilty as Windows" or that "Windows 7 is now perfect". It's just a perception thing. Human nature means that we can expect a ton of gloating and "I told you so!" kinds of responses. And while that doesn't mean a PR department is necessarily behind it, I can understand why a PR department would latch onto this and amplify it.

Re:cool ... good that I use OS 10.5

[courteaudotbiz]

because PC refers to windows viruses

PC means personal computer and makes no reference whatsoever to the operating system running on it.

Wrong. When apple did their "I'm a PC, I'm a Mac" marketing campaing, it was perfectly clear they referred to Windows against OSX. They specifically insisted that a Mac and a PC are different, but the geeks we are know that PCs and Macs are almost the same on their hardware base. So what they referred to was about the OS they run.

AND I AM NOT AN APPLE FANBOY! I have no Mac computers, no iPods, no iPhone

Re:But Macs Don't Get Viruses

[Anubis+IV]

They don't, but you can't fix stupid, which is what trojans exploit.

User mode malware

[tlhIngan]

It seems more and more these days, that malware is becoming user-mode to avoid the nasty popups that comes with trying to gain administrator mode.

Which makes sense as a lot of stuff you need to do as malware can be done strictly as usermode without needing to get admin priviledges. This one apparently checks to see if it can get admin or running in a restricted user account.

So even malware these days are learning to be friendly and compatible with users who aren't admins and not requiring admin for everything.

Re:Macs don't get viruses.

[ceoyoyo]

They emphasize that point because previous trojans on OS X have required a password to install. It's very rare to run a Mac under an account with superuser rights (it's disabled by default), so installing anything system related requires a sudo. I'm under the impression that trojans generally do not ask for passwords on Windows.

Re:OSX - soon to be the Windows of the computer wo

[vistapwns]

I answer this question so much I should just put it on my blog and link to it. System 7.5 - Mac OS 9 had NO SECURITY whatsoever and software was shared with write-able disks, and so, many people wrote malware for fun and fame in those days. Since around Mac OS X's release, software is distributed on read-only media (CDs, DVDs. blu-ray is still a bag of hurt I hear) and the threats come from exploiting programs over the network or social engineering to trick the user to download a trojan. Exploiting a program and social engineering mean selecting mac users on web sites when they are outnumbered 10:1 by Windows users typically, with malware being profit driven now-a-days because all of the mainstream OSes are basically secure against the trivial threats of 90's malware, it hardly ever makes sense to target 5% over 90%. In the same sense that most games are not available for macs, the profit incentive is not there. The argument that your logic leads to is that Macs are not infected because they can not be infected, but this and other malware prove that wrong. Mac malware thusfar does not do anything profound that Windows malware doesn't do, basically the user is tricked into downloading it and it does what it wants. It's not like mac malware so-far is some mission impossible type stuff and more difficult to deploy than windows malware..

Re:Macs don't get viruses.

[Khyber]

My geek cred is with regards to optoelectronic horticulture tech, not Linux.

Slashdot ain't all computer geeks, yanno. Some of us keep you fed for cheap.

Re:Macs don't get viruses.

[Hatta]

It's very rare to run a Mac under an account with superuser rights (it's disabled by default), so installing anything system related requires a sudo.

Since Vista Windows has largely been the same. It should be very rare to run a Windows 7 machine under an account with super user rights.

I'm under the impression that trojans generally do not ask for passwords on Windows.

On both Windows and Mac you can do a lot from a user account. e.g. DDOS, scan the users email, etc. If the trojan wants admin rights it will have to do a sudo on either platform.

Re:Macs don't get viruses.

[TimHunter]

It's amazing! This is the 1,517,321st /. "You're holding it wrong" comment and it's still funny!

The 1,517,322nd one won't be, though.

Re:Macs don't get viruses.

[mcgrew]

I've heard a lot of boasting on this site about how secure Linux is.

Linux and Macs and BSD only seem secure... when compared to Windows.