New Mac Trojan Installs Silently, No Password Required

An anonymous reader writes "A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware."

cool ... good that I use OS 10.5

[acidfast7]

how about an article on every windows- or android-based trojan.

Re:cool ... good that I use OS 10.5

[plover]

Things constantly improve on all sides, including the quality and sophistication of attacks. But people naturally want to hang onto the old ideas in their heads, partly because they're not close to the "other" system, and partly because they don't like having their old decisions questioned or their assumptions challenged. The "Macs are perfect" idea is again proven faulty, but so are the Mac and Unix people who assign the same amount of failure to Windows 7 that they saw with Windows XP a decade ago.

It's not that Macs are "equally guilty as Windows" or that "Windows 7 is now perfect". It's just a perception thing. Human nature means that we can expect a ton of gloating and "I told you so!" kinds of responses. And while that doesn't mean a PR department is necessarily behind it, I can understand why a PR department would latch onto this and amplify it.

Re:cool ... good that I use OS 10.5

[courteaudotbiz]

because PC refers to windows viruses

PC means personal computer and makes no reference whatsoever to the operating system running on it.

Wrong. When apple did their "I'm a PC, I'm a Mac" marketing campaing, it was perfectly clear they referred to Windows against OSX. They specifically insisted that a Mac and a PC are different, but the geeks we are know that PCs and Macs are almost the same on their hardware base. So what they referred to was about the OS they run.

AND I AM NOT AN APPLE FANBOY! I have no Mac computers, no iPods, no iPhone

Re:But Macs Don't Get Viruses

[Anubis+IV]

They don't, but you can't fix stupid, which is what trojans exploit.

User mode malware

[tlhIngan]

It seems more and more these days, that malware is becoming user-mode to avoid the nasty popups that comes with trying to gain administrator mode.

Which makes sense as a lot of stuff you need to do as malware can be done strictly as usermode without needing to get admin priviledges. This one apparently checks to see if it can get admin or running in a restricted user account.

So even malware these days are learning to be friendly and compatible with users who aren't admins and not requiring admin for everything.

Re:Macs don't get viruses.

[ceoyoyo]

They emphasize that point because previous trojans on OS X have required a password to install. It's very rare to run a Mac under an account with superuser rights (it's disabled by default), so installing anything system related requires a sudo. I'm under the impression that trojans generally do not ask for passwords on Windows.

Re:Macs don't get viruses.

[Khyber]

My geek cred is with regards to optoelectronic horticulture tech, not Linux.

Slashdot ain't all computer geeks, yanno. Some of us keep you fed for cheap.

Re:Macs don't get viruses.

[Hatta]

It's very rare to run a Mac under an account with superuser rights (it's disabled by default), so installing anything system related requires a sudo.

Since Vista Windows has largely been the same. It should be very rare to run a Windows 7 machine under an account with super user rights.

I'm under the impression that trojans generally do not ask for passwords on Windows.

On both Windows and Mac you can do a lot from a user account. e.g. DDOS, scan the users email, etc. If the trojan wants admin rights it will have to do a sudo on either platform.

Re:Macs don't get viruses.

[mcgrew]

I've heard a lot of boasting on this site about how secure Linux is.

Linux and Macs and BSD only seem secure... when compared to Windows.