PDA

View Full Version : Mac trojan appears in wild


johnee
Oct 31, 2007, 12:56 PM
link (http://news.yahoo.com/s/macworld/20071031/tc_macworld/trojan20071031_0;_ylt=Avzsr.0gLGc2sE0c5VKM0xoE1vAI)

While watching (or attempting to watch) your porn, don't let your guard down! Trojans! Trojans!




Jim Dalrymple - MacCentral 53 minutes ago

Security research company Intego on Monday issued a security alert about a new Trojan Horse called OSX.RSPlug.A that specifically targets Mac users. The Trojan is a form of DNSChanger that changes the Mac’s Domain Name Server (DNS) address.

According to Intego, the Trojan has been found on several pornographic Web sites. When trying to view a movie, the user is told that “Quicktime Player is unable to play movie file. Please click here to download new version of codec.”

When the user clicks the link a disk image (.dmg) is downloaded to the desktop. When the user installs the software, they are actually installing the Trojan, not a free video codec. The Trojan is installed with full root privileges, which means it has access to all files and commands on the system.

When the malicious DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks) or to web pages displaying ads for other pornographic web sites, according to Intego.

The Trojan also installs a root crontab which checks every minute to ensure that its DNS server is still active, the company said. Since changing a network location could change the DNS server, this cron job ensures that, in such a case, the malicious DNS server remains the active server.

Intego says that using Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s interface. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually.

Intego has updated its virus definitions to remove the malicious code and prevent it from being installed.

Warbrain
Oct 31, 2007, 12:58 PM
This one is just begging for people to be stupid. Seriously, if a porn site is trying to get you to install a codec, it's not porn that's worth your time.

Killyp
Oct 31, 2007, 01:02 PM
Security research company Intego on Monday issued a security alert about a new Trojan Horse called OSX.RSPlug.A that specifically targets Mac users.

Let me correct that:

specifically targets stupid Mac users.

notsofatjames
Oct 31, 2007, 01:03 PM
oh thats a shame! we cant say 'OSX is invincible' to microsoft fanboys anymore. (i joke btw)

It does go to show that no operating system is 'invincible' and that apple (and its customers) shouldnt be complacent about security.

samh004
Oct 31, 2007, 01:03 PM
Hmm... interesting, the neighbour kid next door was saying his MB got a trojan and I was telling him it was unlikely, now I know where he might of got it from. I'll have to go round and see if this is the case, haha...

jepaz
Oct 31, 2007, 01:05 PM
Isn't it suspicious already because it requires you to download new version of codec? That trojan threat will not work unless you allow it to, especially if it requires you to enter your password, so be vigilant.

johnee
Oct 31, 2007, 01:06 PM
This one is just begging for people to be stupid.

Let me correct that:specifically targets stupid Mac users.

yeah, stupid and horny. what a combination!

Killyp
Oct 31, 2007, 01:07 PM
oh thats a shame! we cant say 'OSX is invincible' to microsoft fanboys anymore. (i joke btw)

It does go to show that no operating system is 'invincible' and that apple (and its customers) shouldnt be complacent about security.

In all honesty, this isn't really anything to do with the security of OS X. It's more to do with the fact that OS X lets users install apps.

No OS is invincible, anybody can come along and decide to delete the Finder or change their settings so something doesn't work. The only difference here is that the user is (very stupidly) downloading and installing a program which does it for them.

Porn sites are renown for their security issues, so whoever has become the victim of this attack has gotta be pretty dense.

lexus
Oct 31, 2007, 01:10 PM
any recommended scanning software?

Killyp
Oct 31, 2007, 01:16 PM
any recommended scanning software?

Why? Has somebody been watching some Pr0n? :D :D

Rodimus Prime
Oct 31, 2007, 01:16 PM
oh thats a shame! we cant say 'OSX is invincible' to microsoft fanboys anymore. (i joke btw)

It does go to show that no operating system is 'invincible' and that apple (and its customers) shouldnt be complacent about security.


OSX is no safer from Trojans than Windows. Trojans use user stupidity to get installed. That means the User is going to give it permission to install so no matter what protection OSX a Trojan will get installed.
The are only 2 defenses against Trojans. One is just being a smarter users and the other being AV software. The AV software would catch it and quarantine it before the user could install it.

Remember OSX is really only safer against Trojans because of market share. No one makes them because not like would would get installed on that many computers. Windows so many computer even if less than 1% of the people install it that still going to be a lot of computers compared to OSX. Trojans do not spread very easily.

I do expect this trojan to hit a larger % of OSX users than if it was one targeting windows because you got to factor in OSX users feel extra safe in the "no virus for OSX". It causes them to practice unsafe internet habit.

Shanesan
Oct 31, 2007, 01:27 PM
This is unfortunate, but shows a greater threat reguardless.

If the coders just added a couple extra lines of code to have it use a script to IM all your friends on Adium or iChat and send them a file saying "Check out this game I found online. It's like Pacman but with a better maze" and call it "PacMan.extension" and people will download it and accidently find themselves trojan'd themselves.

The ignorance of a few will lead to an issue of many - the first through sheer stupidity and the rest throgh simple unknowing.

Aranince
Oct 31, 2007, 01:31 PM
So much for OSX being unbeatably secure. I'm still a Mac fan...I never liked how fanboys claimed the system had no viruses or whatever.

CalBoy
Oct 31, 2007, 01:31 PM
Hmm... interesting, the neighbour kid next door was saying his MB got a trojan and I was telling him it was unlikely, now I know where he might of got it from. I'll have to go round and see if this is the case, haha...

Brilliant!

Meanwhile, this has two possible viewpoints:

1. OS X is finally popular enough where trojan writers have bothered to write one for it.

2. OS X is finally popular enough among porn sites where trojan writers have bothered to write one for it.






:p

dukebound85
Oct 31, 2007, 01:32 PM
how many greyed out dns things are we spuppose to have. i have 2. then agaiin i dont look into that stuff so i guess i dont need to worry

beckfizzle
Oct 31, 2007, 01:40 PM
how many greyed out dns things are we spuppose to have. i have 2. then agaiin i dont look into that stuff so i guess i dont need to worry

haha me too :D

QuarterSwede
Oct 31, 2007, 01:47 PM
I'm going to reiterate what others have already said.

Trojans really aren't as bad a true viruses because they have to have user permission to do their damage. The thing no one has yet to do is spread a virus without the user granting permission. Those are the ones that cripple windows.

Lancetx
Oct 31, 2007, 01:53 PM
So much for OSX being unbeatably secure. I'm still a Mac fan...I never liked how fanboys claimed the system had no viruses or whatever.

This trojan has nothing to do with OS X security and everything to do with user stupidity if anyone is ever actually impacted by it. It won't install without user intervention so it's not a virus either. It's also not a "fanboy" statement to say that OS X has no viruses, it's simply the truth because there truly aren't any.

AlexisV
Oct 31, 2007, 02:02 PM
Remember OSX is really only safer against Trojans because of market share. No one makes them because not like would would get installed on that many computers. Windows so many computer even if less than 1% of the people install it that still going to be a lot of computers compared to OSX. Trojans do not spread very easily.

Isn't that to do with the fact 'trojan writers' all work on Windows? The market share of Macs in the general population could well be much larger than the market share of virus/spyware programmers!

lexus
Oct 31, 2007, 02:05 PM
Why? Has somebody been watching some Pr0n? :D :D

No, i was just wondering because a friend had a spyware issue on his PC so I was looking for a spyware/virus scanner.

Rodimus Prime
Oct 31, 2007, 02:09 PM
Isn't that to do with the fact 'trojan writers' all work on Windows? The market share of Macs in the general population could well be much larger than the market share of virus/spyware programmers!

I should of written that better. Lets assume 4 times the amount in % of OSX install the Trojan than on windows. Windows still will have a much much larger install base of the Trojan by per numbers alone. Apple market share is a huge factor in the lack of Trojans. A VERY VERY small % of the user base ever really installs them so it comes down to a pure numbers game.

Now my next statement about I would expect a larger % of OSX users to install it because they believe nothing can hurt OSX so the user stupidity factor is higher. Remember Trojan use user stupidity to install. The only non user defense against trojan is AV software that will catch it ahead of time. The other is market share.

as for computer Virus by defenision they are dieing off even on windows. A lot of the so call "viruses" for windows are just trojans and worms. Worms are the thing that cause a heck of a lot of trouble. MSblaster for example was a worm not a virus (but everyone called it the Blaster Virus).

dukebound85
Oct 31, 2007, 02:16 PM
haha me too :D

denver! hey im from fc

as far as this, i dont know what apple could do really

MacBytes
Oct 31, 2007, 04:30 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Mac trojan appears in wild (http://www.macbytes.com/link.php?sid=20071031173001)
Description:: Surfing for porn? Think before you click...

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

bigmc6000
Oct 31, 2007, 04:33 PM
That's not a trojan - that's user initiated stupidity...

Next...

Cromulent
Oct 31, 2007, 04:38 PM
Flip4Mac and Perian are all you need codec wise (except maybe Real Player) if something asks you to install anything else when you have all these installed just say no.

But damn it running Mac OS X was my porn safe haven :p.

phillipjfry
Oct 31, 2007, 04:54 PM
It begins...

sminman
Oct 31, 2007, 04:59 PM
If I'm looking at porn, I am not going to stop what I am doing to download an updated version of something cause it would take too long!:rolleyes:

Kilamite
Oct 31, 2007, 05:12 PM
Well that explains how I had a DMG image of something along the lines of "eggvideoplayer".

Wondered where the hell it came from.

Cleverboy
Oct 31, 2007, 05:19 PM
That's not a trojan - that's user initiated stupidity...

Next...No, its a Trojan alright. --It's just a bit too complicated for foolish people to install, so... it kind of takes care of itself. BRILLIANT!

So, remember kids... when searching for porn on the Internet, and the website asks you to download something, and after you download it, the Installer asks you for permission to install the thing... somewhere along the line, maybe you should stop and ask yourself... Was this trip really necessary?

~ CB

Phil A.
Oct 31, 2007, 05:27 PM
So much for OSX being unbeatably secure. I'm still a Mac fan...I never liked how fanboys claimed the system had no viruses or whatever.

This Trojan can only install if someone allows it to download, opens the .dmg and then enters their admin password when it asks for it. Anyone doing that after visiting a porn site really deserves all they get!
Trojans rely on the stupidity of the user to get around the security of the operating system (hence the name) - any program can wreak havoc in OSX if you enter your admin password when it asks for it: The entering your password bit is what makes OSX more secure and people should really pay attention when they're asked for their admin password.

Cleverboy
Oct 31, 2007, 05:35 PM
This Trojan can only install if someone allows it to download, opens the .dmg and then enters their admin password when it asks for it. Anyone doing that after visiting a porn site really deserves all they get!
Trojans rely on the stupidity of the user to get around the security of the operating system (hence the name) - any program can wreak havoc in OSX if you enter your admin password when it asks for it: The entering your password bit is what makes OSX more secure and people should really pay attention when they're asked for their admin password.:) I'm not sure how many people are missing those details, its really funny.

SLOW Joe: Hey, Moe, my computer says "Install I-Can't-Believe-It's-A-Virus"... should I click "Yes" or should I click "No"? I'm not sure.
slow Moe: Well... if its askin' ya, just say "Yes"... if it was really bad, it wouldn't ask ya now would it?
SLOW Joe: Thanks, Moe! You rock, dude!

~ CB

mklos
Oct 31, 2007, 05:38 PM
That's not a trojan - that's user initiated stupidity...

Next...

How do you think people using PCs get this stuff? User stupidity!

Lets not think that just because we have a Mac that were immune to everything. These very people are the same people that will get the first infected files on their Macs because they think they're invincible.

Much Ado
Oct 31, 2007, 05:42 PM
How do you think people using PCs get this stuff? User stupidity!

Lets not think that just because we have a Mac that were immune to everything. These very people are the same people that will get the first infected files on their Macs because they think they're invincible.

I call it natural selection.

Rodimus Prime
Oct 31, 2007, 05:43 PM
That's not a trojan - that's user initiated stupidity...

Next...
That is exactly how a Trojan works. Trojans work off user stupidy. and I have to say this one is a brilliant Trojan. Not only does it look very innocent but on top of that it preying on the fact that way way to many mac users pratice very poor internet habits because of a false sense of security.

If I am remembering correctly most of the "viruses" for windows are Trojans. They are the easiest to infect another computer. Why trying to find and exploit a security flaw when you can just bypass them with user stupidity.

psonice
Oct 31, 2007, 05:57 PM
It's not the first - I remember seeing details of an OSX rootkit quite a while back. There have been 'proof of concept' viruses on osx too, although from my memory of them they were pretty lame (something like they would spread to your mac across bluetooth only... and ask for your password to install!)

Really though as long as you're not stupid enough to download random stuff without knowing what it is, and then install it, and give it your admin password, osx is still very safe. There aren't any real viruses in the wild (the kind that would get onto your mac without your permission), and it's hard to get any problems just browsing the web.

That said, you should always keep your mac updated, and particularly update browsers like firefox. Make sure your passwords are all secure too, even ones on your wireless router (there was a nasty web page hack a while back, that would connect to certain makes of wifi kit that had the standard password and change the settings so you'd end up on hackers pages instead of your banking site for example!)

One other thing I think is important for security - if you have any 'sensitive' info saved on disk, what happens if your computer is stolen? If it's not well password protected and locked away with filevault, the thief will have it. (Actually this is giving me a headache at the moment - is there a way to encrypt time machine backups? If my mac is stolen, the external hard disk will surely go with it!)

Luis Ortega
Oct 31, 2007, 06:06 PM
as far as this, i dont know what apple could do really

It's not just about what Apple can do (and based on the criticisms of security in Leopard it can do a hell of a lot more) but about Mac owners getting over their delusion that their computers are not vulnerable to attacks.

bluebomberman
Oct 31, 2007, 06:25 PM
Is there any way to undo the trojan? Besides buying Intego's software and/or reinstalling the OS?

Kilamite
Oct 31, 2007, 06:35 PM
Is there any way to undo the trojan? Besides buying Intego's software and/or reinstalling the OS?

Caught red-handed were ya? :P

beckfizzle
Oct 31, 2007, 06:53 PM
I don't visit any of said sites (at least on the mac :D) BUT I do have grayed out DNS addresses is this the IP of whatever I'm using to connect to the internet? Sorry computer newb

Cleverboy
Oct 31, 2007, 07:14 PM
That is exactly how a Trojan works. Trojans work off user stupidy. and I have to say this one is a brilliant Trojan. Not only does it look very innocent but on top of that it preying on the fact that way way to many mac users pratice very poor internet habits because of a false sense of security.

If I am remembering correctly most of the "viruses" for windows are Trojans. They are the easiest to infect another computer. Why trying to find and exploit a security flaw when you can just bypass them with user stupidity.PEBKAC.

~ CB

Kilamite
Oct 31, 2007, 07:26 PM
I don't visit any of said sites (at least on the mac :D) BUT I do have grayed out DNS addresses is this the IP of whatever I'm using to connect to the internet? Sorry computer newb

Yes - something like 10.0.1.1, 192.168.2.1; to name a few common router IP addresses.

bluebomberman
Oct 31, 2007, 08:00 PM
Caught red-handed were ya? :P

Not yet. But I can't help but think that it's only a matter of time before we see this on non-pornographic sites.

For example, there's a similar style of trojan coming from several MySpace band pages (http://www.pcworld.com/article/id,139137-pg,1/article.html) - the only real difference is that it targets Windows.

PCMacUser
Oct 31, 2007, 08:29 PM
That's not a trojan - that's user initiated stupidity...

Next...

Yeah, but since you have to type in your password to install anything on a Mac, it is easy to become complacent. Especially if you think you are installing a genuine piece of software.

xUKHCx
Oct 31, 2007, 08:32 PM
Is there any way to undo the trojan? Besides buying Intego's software and/or reinstalling the OS?

http://www.macosxhints.com/article.php?story=20071031114140862

But read everything so you know what you are getting into before you start anything.

yadmonkey
Oct 31, 2007, 08:50 PM
This trojan is genius because it preys on people when there's less blood flowing to the brain.

twoodcc
Oct 31, 2007, 09:01 PM
This trojan is genius because it preys on people when there's less blood flowing to the brain.

lol!

but seriously, don't be stupid. just go to a different site :p

bluebomberman
Oct 31, 2007, 09:06 PM
http://www.macosxhints.com/article.php?story=20071031114140862

But read everything so you know what you are getting into before you start anything.

Seems to be significantly less deadly than similar Windows trojans - thank goodness there's no Registry like in Windows!

elcid
Oct 31, 2007, 09:21 PM
My friends and I once made a Java application that would do 100000 tokens for Towers of Hanoii. We then convinced someone to install it in their startup folder on their PC.


This reminds me of that. Something you download yourself, move to your application directory and give your password too.


I guess thats the sign of a really good trojan horse.

xsedrinam
Oct 31, 2007, 09:28 PM
This trojan is genius because it preys on people when there's less blood flowing to the brain.

lol!

but seriously, don't be stupid. just go to a different site :p
Just don't click on See Alice links.

iJawn108
Oct 31, 2007, 10:17 PM
does the clamxav team cover mac viruses as well?

i might just go ahead with os x server afterall

Rodimus Prime
Oct 31, 2007, 10:45 PM
I expect this trojan to be the first of many to follow it. They will follow a very similar formate and only get a little nastier using the same basic code over and over again and adding extra stuff to it.
Reason I saying this is a lot of the trojan, worms and virus for windows are just modified version of another of the "viruses." Really the same basic core reused over and over again.

Sun Baked
Oct 31, 2007, 10:48 PM
I guess this is the wrong Trojan to be using while fooling with porn. http://forums.macrumors.com/attachment.php?attachmentid=11561&stc=1

gauchogolfer
Oct 31, 2007, 11:42 PM
Wait, you're really calling this a virus?
Doesn't it require you to download something to your desktop, mount a .dmg file, then install the package contents?

Isn't this just called 'installing a crappy program'?

Galaxius
Nov 1, 2007, 12:18 AM
Brilliant!

Meanwhile, this has two possible viewpoints:

1. OS X is finally popular enough where trojan writers have bothered to write one for it.

2. OS X is finally popular enough among porn sites where trojan writers have bothered to write one for it.






:p


Well it never gets viruses so I can watch at my discretion right ;)


To be totally honest I've heard of people saying they bought a mac to watch and store pr0n on.

Sun Baked
Nov 1, 2007, 12:27 AM
Well it never gets viruses so I can watch at my discretion right ;)


To be totally honest I've heard of people saying they bought a mac to watch and store pr0n on.

A PC is for games, a Mac for porn. Works.

nagromme
Nov 1, 2007, 12:31 AM
How do you think people using PCs get this stuff? User stupidity!

Lets not think that just because we have a Mac that were immune to everything. These very people are the same people that will get the first infected files on their Macs because they think they're invincible.

I've STILL never seen any sign of that mythical Mac user who thinks Mac security is 100% perfect. But keep a look out for that fearsome foe just in case :)

ppnkg
Nov 1, 2007, 01:42 AM
I don;t know if this has to do anything with the trojan, but the Redlers forum (mellel) is full of porn spam :mad:

Rodimus Prime
Nov 1, 2007, 01:55 AM
I've STILL never seen any sign of that mythical Mac user who thinks Mac security is 100% perfect. But keep a look out for that fearsome foe just in case :)

no but the endless claim of no virus for OSX is what they all believe and I know plenty who do not worry about opening odd files thinking they are safe no "viruses" on OSX

The def. in the correct sense is still true but the spirit of that saying is now completely gone. The term computer virus now really is generally a blanket termed used to describe worms trojans and viruses. The 10k+ windows "viruses" is really not that large in true virus. most of that 10k+ are trojans followed by worms.


I might like to add that a true computer virus in today age is pretty weak and not that powerful. The things that make the news are all worms. Trojans Horse Viruses cause the most damage.

CavemanUK
Nov 1, 2007, 02:15 AM
Wait, you're really calling this a virus?
Doesn't it require you to download something to your desktop, mount a .dmg file, then install the package contents?

Isn't this just called 'installing a crappy program'?

Yeah, seconded... if you download a program or update from a porn site, your a moron! you deserve to get ******* over with whatever it installs!

Analog Kid
Nov 1, 2007, 04:06 AM
"Social Engineering: because there's no patch for stupidity"

weaverra
Nov 1, 2007, 07:56 AM
The last time I checked viruses don't ask for permission. They break through and activate themselves. This is just a matter of attention.

http://en.wikipedia.org/wiki/Computer_virus

http://en.wikipedia.org/wiki/Trojan_horse_(computing)

weaverra
Nov 1, 2007, 11:03 AM
btw just as a side note from reading some other sites. THE FIREWALL BEING OFF BY DEFAULT OR ON BY DEFAULT IS NOT GOING TO PREVENT A DOWNLOAD! (Now that I got that out of my system :D) The only way it would ever stop something like this if it was trying to access your computer through a port. There are some really uninformed people out there who claim to be experts. A virus, trojan, or worm are scripts and code. Computers run on scripts and code. It's just a matter of what it does. The best way to prevent this is to run in a standard user mode and use common sense. That's why if you use 3rd party software you need to be careful what you get.

chris200x9
Nov 1, 2007, 06:06 PM
so wait, it asks for your password? In my expierence very few programs ever asked for my password to install....most of them being very easily recognizable as credible, photoshop, etc. So if some lil crappy download asks me for my password wouldn't that be a tip off right there?

chaitanya
Nov 1, 2007, 06:46 PM
so a bug shadow, the size of a 3" cockroach crawled across my screen last night...then disappeared. wtf? has anyone else seen a giant bug shadow moving across their screen? i have a "not quite the cheapest" mb purchased only a couple of months ago...creepy!

stcanard
Nov 1, 2007, 06:55 PM
Reminds me of a something I read on RISKS just today...


Date: Tue, 23 Oct 2007 11:19:05 -0400
From: Matt Simpson <removedt>
Subject: Who needs bots? (Re: Williams, RISKS-24.87)

Another popular legend that circulated for a while a few years ago was the
"virus" that was on every Windows system. The e-mail warned of some virus that the sender had found on his own system. It gave instructions for
browsing some directory deep within the bowels of Windows, and if you found a specific file name, that meant you were infected, and you needed to delete the file.

Of course, the file was one that exists on any normal Windows system.
(Un)fortunately, it was something non-critical, so deleting it didn't do
much damage, and restore instructions were widely available. I actually
wished that those who followed the warning and deleted the file had suffered
more damage as a result of their gullibility.

So, although the "redneck" virus was a joke, it really is possible to send
people e-mail that will cause them to voluntarily delete parts of their
operating system and then forward the mail to all their friends. Just don't
include the word "joke" and they'll do it.


This is a similar situation ... you go to a porn site that you found out about in a spam (RED FLAG!). You download an application. You run it, Leopard tells you "Are you sure you trust this?" (red flag 2) you say, yes, then it asks for your administrator login and password (red flag 3). You happily type it in thinking all the time "it was so nice of this random spammer to give me free pron and in return all he wants is my administrator password"

There is *no* amount of computer security that can account for this. This is on the level of finding an email saying "save disk space! Open terminal and type "sudo rm -rf /" and believing it.

For years those of us who understand and have fought down the impression that OSX is totally immune, and pointed out that nothing can save users from Trojans and their own stupidity.

This isn't even the first OSX Trojan, it's just the first malicious one.

stcanard
Nov 1, 2007, 06:56 PM
so a bug shadow, the size of a 3" cockroach crawled across my screen last night...then disappeared. wtf? has anyone else seen a giant bug shadow moving across their screen? i have a "not quite the cheapest" mb purchased only a couple of months ago...creepy!

Do you have X11 running? Sure sounds a lot like xroach, used to be a common prank in CS labs.

chaitanya
Nov 1, 2007, 07:15 PM
...er, X11? you mean leopard? no, just the last osx to be installed before leopard. as for the guy who said, "aha! you must have downloaded some porn!" = believe it or not, there are some people who are not attracted by porn. amazing, but some people actually find it UNsexy because it is so fake and usually twisted and thereby, unattractive...

and what is a "cs lab"? how does one exterminate the "xroach"?

chaitanya
Nov 1, 2007, 07:27 PM
after reading a bit about "xroach", it doesn't seem to be the same...there was only one large shadow of a bug, it went across the screen at a 1:00 o'clock angle then disappeared. there was only one, it did not return when the window closed/moved. just checking to see if anyone else has experienced this on their screen. it was quick enough, and as a shadow subtle enough, to be easily missed by someone distracted by their screen's content.

weaverra
Nov 2, 2007, 07:54 AM
RSPlug.A Mac OS X trojan: a new threat, but the sky is not falling

In the spirit of Halloween, the OSX.RSPlug.A trojan dresses up like said Quicktime codec, requiring an administrator password to install. ...

New Apple Trojan Means Mac Hunting Season Is Open Wired News

Fortress Mac Is Gone eWeek Oh so a bb hits it and it's destroyed.:eek::eek::eek::eek::eek:

Macs seized by porn Trojan Register, UK

Mac Attack

DaniWeb
All is not well for Apple, in a week when it should be flag waving the release of Mac OS X 10.5 'Leopard' the firm finds itself, and its users, under attack ... What?????????????? :eek:



Mac Porn Surfers Subject to QT Flaw

Oh so is it a trojan or QT flaw? I'm confused....:confused: IDIOT! (Windows user)


It's funny I always hear that it's the Mac users who know nothing about computers. Well if the market share statistics are accurate and since most of these people who write theses reports are idiots then.............:rolleyes:

This really is stupid. Being on porn sites should give a a clue as to why they chose that. There is nothing spectacular about this. There is no anti-stupidity software out there. It's not like this is a a virus. A person wrote some code to tell the computer what to do. WOW!


It's not like it's replicating or emailing itself. Let's see now what is it that's always sending out that unwanted spam??? Oh that's right those zombie windows machines that these intelligent people use in their homes. Windows technically be a trojan since it says it does one thing, but yet does another?:D

rte4236
Nov 2, 2007, 10:36 AM
I've never run into any problems on my Mac(except spyware)
But for anyone who has been silly enough to download this one..

If QT is harboring a trojan...wouldn't it be found in
System > components> QT? If not where?

saltyzoo
Nov 2, 2007, 10:46 AM
...er, X11? you mean leopard? no, just the last osx to be installed before leopard. as for the guy who said, "aha! you must have downloaded some porn!" = believe it or not, there are some people who are not attracted by porn. amazing, but some people actually find it UNsexy because it is so fake and usually twisted and thereby, unattractive...

Anybody else get the feeling he's trying to convince himself and not us? :p

weaverra
Nov 2, 2007, 10:50 AM
On my comments above when I mention Windows users being stupid I am referring to these people on the web who always say that people who use Macs know nothing about computers. Comments like "....Mac users are so stupid that this will spread like wildfire....". Seems to me that there are more clueless windows users which is why the are some odd 4 MILLION windows viruses! There are way more average Joe windows users who see an attachment in their email that says it's a picture of something and they click on it......and BOOM! An average computer is not necessarily going to get a Mac anyway.

unixfool
Nov 2, 2007, 01:33 PM
Here's some more:

http://isc.sans.org/diary.html?storyid=3595

Plus, for you guys and gals who delve heavily into security, they supply a Snort rule to detect this trojan's initial contact with the bot herder (or zombie/bot master, or C&C controller).

MyMac8MyPC
Nov 2, 2007, 04:48 PM
It does go to show that no operating system is 'invincible' and that apple (and its customers) shouldnt be complacent about security.
What are you talking about? This is NOT a virus! It has more to do with peoples stupidity than with security. If someone gave a person a hammer - and then convinced them to smash their Mac, how is that all of a sudden a problem with Macs security? A little common sense goes a long way here. Don't click on things you don't need. Don't go to porn sites and especially don't download anything from one. Don't open programs from unreliable and unknown sources, and don't ever give out your Admin password to sources you do not know. How many red flags does there need to be before these people start to take a little responsibility? Analog Kid is right, there is no patch for stupidity, so why is that Apples fault? :rolleyes:

:apple:

Rodimus Prime
Nov 2, 2007, 05:09 PM
What are you talking about? This is NOT a virus! It has more to do with peoples stupidity than with security. If someone gave a person a hammer - and then convinced them to smash their Mac, how is that all of a sudden a problem with Macs security? A little common sense goes a long way here. Don't click on things you don't need. Don't go to porn sites and especially don't download anything from one. Don't open programs from unreliable and unknown sources, and don't ever give out your Admin password to sources you do not know. How many red flags does there need to be before these people start to take a little responsibility? Analog Kid is right, there is no patch for stupidity, so why is that Apples fault? :rolleyes:

:apple:

while you keep saying that. I might want to point out the term "virus" commonly refers to Trojans, Worms and true Virus. All 3 of those are commonly referred to as computer viruses. (Yes I know the meaning of computer virus and a trojan is not a computer virus)

So when people say there are no computer virus for OSX. They are using the common meaning of the term and most people believe the common meaning. That is no longer true. The phase There are no virus for OSX is no longer true in anything more than the legal definitions. The common meaning is now false.

stcanard
Nov 2, 2007, 06:40 PM
So when people say there are no computer virus for OSX. They are using the common meaning of the term and most people believe the common meaning. That is no longer true. [snip for below] The common meaning is now false.

So lets all do our best and educate people to understand the difference between these very different things.

It is important, because the infection pattern is so different -- people can't think that they are safe from a Trojan because they have a firewall going.

Just because people misuse a term doesn't mean you just throw up your hands and say "oh well, I heard Joe call this a virus. I guess I'd better do it too"

The phase There are no virus for OSX is no longer true in anything more than the legal definitions.

This hasn't been true for a long, long time if you want to consider the term virus as being a generic for malware. There have been a number (http://arstechnica.com/journals/apple.ars/2006/2/17/2896) of Trojans sitting around for many years (http://arstechnica.com/news.ars/post/20040410-3638.html).

Cleverboy
Nov 2, 2007, 07:12 PM
A virus can be a trojan horse, but a trojan alone is NOT a virus.

Rodimus, you might be confusing this story with a story that broke last year with a "First Mac OS X virus?" title on MacRumors.com. That was definitely viral... at least by intent... it just was very poorly conceived in that it really hoped Mac users far and wide would regularly sign-in with "root" privileges... but hardly anyone does.

The trojan this thread refers to isn't any form of "virus" AT ALL. Reread the article if you have to.

Again... a virus can be a trojan horse, but a trojan alone is NOT a virus.

ALSO, the question of whether there is a virus on Mac OS X is NOT a very informed one. There have been proof-of-concept viruses around for a while. They simply haven't propogated. When a virus epidemic infects 100 or more machines, it will begin getting due attention. To my knowledge, that hasn't happened yet. It's not at all impossible though.

~ CB

MyMac8MyPC
Nov 3, 2007, 12:51 AM
I might want to point out the term "virus" commonly refers to Trojans

Not by anyone educated in computers. Sorry but that dog just wont hunt. A trojan is NOT a virus. Computer trojans were named after the story of the Trojan horse. Some shady people convinced some other people to accept this large wooden horse as a gift. But guess what, they didn't get a gift. What they really got was a bunch of bloodthirsty soldiers. That's why, and ONLY why this is called a trojan, because it presents itself as a codec, gets stupid people to believe that it's hunky-dory to accept it on those grounds, and then turns out to be something completely different. This is not related to Mac security in ANY way. It is pure social engineering. You have to allow this trojan of your own free will to be downloaded. That's not Mac security related. You have to willingly open it. That's not Mac security related. You have to deliberately enter in your administrator password. That's not Mac security related. Only someone with no common sense would fall for this and do all of these steps that are required. The only thing that's new here is that it's aimed at stupid Mac users instead of stupid windows users. Rule #1; don't download things if you don't know what they are, or where they're from. Another big reason that it's obviously NOT a virus is that it doesn't, and can't, self-propagate from one machine to another, so relax. The sky is not falling. It's OK to go and have some ice cream ;)

:apple:

Rodimus Prime
Nov 3, 2007, 01:25 AM
Not by anyone educated in computers. Sorry but that dog just wont hunt. A trojan is NOT a virus. Computer trojans were named after the story of the Trojan horse. Some shady people convinced some other people to accept this large wooden horse as a gift. But guess what, they didn't get a gift. What they really got was a bunch of bloodthirsty soldiers. That's why, and ONLY why this is called a trojan, because it presents itself as a codec, gets stupid people to believe that it's hunky-dory to accept it on those grounds, and then turns out to be something completely different. This is not related to Mac security in ANY way. It is pure social engineering. You have to allow this trojan of your own free will to be downloaded. That's not Mac security related. You have to willingly open it. That's not Mac security related. You have to deliberately enter in your administrator password. That's not Mac security related. Only someone with no common sense would fall for this and do all of these steps that are required. The only thing that's new here is that it's aimed at stupid Mac users instead of stupid windows users. Rule #1; don't download things if you don't know what they are, or where they're from. Another big reason that it's obviously NOT a virus is that it doesn't, and can't, self-propagate from one machine to another, so relax. The sky is not falling. It's OK to go and have some ice cream ;)

:apple:

Again I repeat what I said. Really very few people are educated in computers and go to the common meaning.

Problem is the phrase "there are no virus for macs" that keeps getting tossed out there needs to stop because only one educated in computers knows the difference. your average Joe off the street is just going to the common meaning. Now the problem is that same phrase get in grained in the general uneducated fools and they believe the common meaning which means they think they have nothing to fear from a trojan.

The reason I am making a point over this is most of the "virus" for windows are just trojans like this that common since would stop. Mac users need learn that protection from trojans on Macs really only due to market share. Trojans relay on users stupidity and lets face it the average computer user (mac or windows) is stupid.

MyMac8MyPC
Nov 3, 2007, 01:31 AM
Mac users need learn that protection from trojans on Macs really only due to market share.

That is complete BS, and many articles have been written about it which explains why it's complete BS in detail. All you're doing is spreading the urban myth, which maybe is all you want to do :rolleyes:

Rodimus Prime
Nov 3, 2007, 05:13 PM
That is complete BS, and many articles have been written about it which explains why it's complete BS in detail. All you're doing is spreading the urban myth, which maybe is all you want to do :rolleyes:

read how a trojan infects a computer. It is based on user stupidity. No matter how much security built in the OS it does not protect against a Trojan. Trojans get around security because they trick the users into allowing them to do that.

But believing otherwise is exactly why in the end it will be and is easier to infect a larger percentage of OSX users than windows users. Way WAY to many OSX users feel to safe and practice very very poor internet habits because of the false since of security.

Now if I am a little wrong in my statement so be it. It sure as heck lot better than believing the incorrect and false "There are no viruses for OSX" (common meaning of virus being used)

saltyzoo
Nov 3, 2007, 07:16 PM
read how a trojan infects a computer. It is based on user stupidity. No matter how much security built in the OS it does not protect against a Trojan. Trojans get around security because they trick the users into allowing them to do that.

But believing otherwise is exactly why in the end it will be and is easier to infect a larger percentage of OSX users than windows users. Way WAY to many OSX users feel to safe and practice very very poor internet habits because of the false since of security.

Now if I am a little wrong in my statement so be it. It sure as heck lot better than believing the incorrect and false "There are no viruses for OSX" (common meaning of virus being used)

QFT

False security is a dangerous thing. It's only a matter of time.

Cleverboy
Nov 4, 2007, 05:23 AM
Problem is the phrase "there are no virus for macs" that keeps getting tossed out there needs to stop because only one educated in computers knows the difference. your average Joe off the street is just going to the common meaning. Now the problem is that same phrase get in grained in the general uneducated fools and they believe the common meaning which means they think they have nothing to fear from a trojan.
Rodimus, just correct yourself and move on. There is NO REASON to keep insisting that a trojan is a virus. None. You can warn people about trojans just the same without thinking you're gaining something by calling it a virus. People saying that there are "No Viruses on Mac OSX" are only saying that nothing has spread into the wild at rates that would be considered significant. --And they are RIGHT. Doesn't mean they'll always be right, but don't "correct" people with incorrect information.

Here is what you WANT to say (http://www.zdnet.com.au/news/security/soa/Is-Apple-Mac-s-popularity-creating-insecurity-/0,130061744,339283474,00.htm):
Two years ago, Mark Borrie from the University of Otago in New Zealand, who manages more than 5,000 Macs, said Apple users were their own worst enemy when it came to security because they considered themselves immune from attacks.

His argument, like many security experts, was that the Mac OS faces fewer threats by virtue of its smaller footprint. At the same time he struggled to convince his staff that the lower threat did not equate to immunity.
Right? You're simply trying to say that a smaller footprint is not always going to be the case, and that Mac OS X is not immune to viruses OR spyware even though many Mac owners think it is. Don't bring up the weird sentence about "having no viruses". No one really thinks that (even if they say it as a generalization, they know its not literally true).

If we all stay on the same page, no one needs to have useless arguments about nothing. "Trojan" does not mean "virus". They don't need to be in order to warn people about spyware, etc. You can keep arguing otherwise (admitting the truth but referencing some vague sense of ignorance you can't really measure) but you need to ask yourself what your ultimate point is, and recalibrate your approach so as not to offend people who legitimately know what you're talking about and disagree with your lingo if not your purpose.

A lot of bad guys get created because they went about something "good" in a "bad" way.

~ CB

Unspeaked
Nov 6, 2007, 09:21 AM
A PC is for games, a Mac for porn. Works.

There's a reason Apple offers those high-res cinema displays...


;)

billmister
Nov 6, 2007, 02:57 PM
Everyone wasting endless space on this thread...

TROJAN HORSE IS NOT A VIRUS!!! If you need more info regarding the difference between both, go to : www.google.com And "SEARCH".... Instead of bringing everyons topics back to "leoapard has a virus"... And the back to "it's not a virus" etc...

I currently know 5 people who use mac in my family (i converted them all). My question is, since i know my girlfriend, brother, and dad don't download anything only unless they ask me, my cousin doesn't.

I have not had the opportunity to ask him if he's downloaded anything online to watch movies. And before we wast 2 more pages on, "lol does he go to porn sites?" or "has he been naughty?".... I think we are all adults here including me (25). I bet he must of stumbled apon a few. Again i don't live with him to know, but we all share the network internet conection.

How can i see if he has installed it, and what can i do to fix it, in in fact he has anything. How can i determine it?.. I'm sure if i ask him he will tell me, but then again he probably won't remember since when we bought the computer i told him "don't worry about anything, NO virus, NO nothing on macs!" and probably took that as a green light to go anywhere and download whatever he thinks will be ok.

Rodimus Prime
Nov 6, 2007, 05:18 PM
Everyone wasting endless space on this thread...

TROJAN HORSE IS NOT A VIRUS!!! ....

As I stated before the common meaning for Computer virus includes Trojan, Worms and virus. blanket term covering pretty much anything that does damaging things to one computer.

So under the common meaning it is a virus. Now from there you break it down in to trojans (largest share of "virus"), worms and to by far the lowest of the share true computer viruses.

and before some one says other wise I think the proof is pretty crystal clear. Look around, look how many people are calling it a virus. Hell even AV software will list it under the term virus then sub define it as a trojan.

benpatient
Nov 9, 2007, 09:50 AM
I've STILL never seen any sign of that mythical Mac user who thinks Mac security is 100% perfect. But keep a look out for that fearsome foe just in case :)

Our local Mac retailer (not the Apple store, but an independent) has had a billboard up on the interstate for about 2 years that says something like:

Windows: 231,028 viruses, worms, and trojans
OS X: Zero


and an image of a macbook next to it.

I know you didn't mean a literal "sign" but I couldn't resist calling you on it because the Billboard makes me laugh. The same retailer has another billboard that advertises you can run Windows on a Mac...which would completely invalidate their other billboard, but whatever.

This particular mac retailer is on my bad list (not naming names) because they WAY overcharge for services. My former boss paid 200 dollars in LABOR costs (apparently 2 hours @$100) plus 150 dollars for parts for them to replace a bad hard drive in her old powerbook. Out of curiosity, I looked at the drive when she asked me to install some more RAM (I don't know why she didn't have me do the hard drive...but that's another story), and of course it is a refurbished drive that at the time would have been 70 bucks new.

The refurbished drive ended up failing a couple months later, and it was just outside their 3 month replacement window, so they wanted to charge her 350 more dollars for another refurb.

Anyway, I would say that certain mac people claim "no viruses or anything" ALL the time when defending themselves to PC people. Heck, I've done it a time or two when someone was messing with me about my OS choice.

shikimo
Nov 9, 2007, 10:36 AM
A PC is for games, a Mac for porn. Works.

That would explain the growing marketshare...:cool:

...er, X11? you mean leopard? no, just the last osx to be installed before leopard. as for the guy who said, "aha! you must have downloaded some porn!" = believe it or not, there are some people who are not attracted by porn. amazing, but some people actually find it UNsexy because it is so fake and usually twisted and thereby, unattractive...

First, as you probably know by now, X11 is an optional-install gizmo that allows Intel Macs to run non-Intel-native programs, pre-aqua Open Office for example.

Second, as pointed out that is a VERY defensive indictment of pornography. :cool:


...I currently know 5 people who use mac in my family (i converted them all)....

Errr...you don't happen to be looking into some land in Guyana, do you??

billmister
Nov 11, 2007, 10:21 PM
Ok guys so the update is, I go upstares to my cousins room and tell him about this torjan going around and ask him if he's downloaded anything like that and he says no.

THEN, i forget what we were downloaded and when i looked at his downloads link it said "XEROCODEC.DMG"...:eek:

I say "WTF? didn't i ask you if you downloaded anything like a codec for porn sites that ask you to to install a dmg and you said no. He replies "yes but that was after i installed it. I was trying to view a video and it told me i needed a codec." Then i said well you installed it and what happend? he replied with "nothing damn video never played"

Now my questions it. He's sharing my internet thru a router, i assume i am not infected right?

And last, now what do i do to fix his computer?.. Do i have to reinstall osx or format and install?... Or what do i do?

Sun Baked
Nov 11, 2007, 10:31 PM
This trojan is as effective as sending somebody a karmic chain letter asking them to please send me $1000, or your computer will stop working...

Oh wait, people fall for that one all the time. :(

Jazzandmetal?
Feb 27, 2008, 03:31 AM
What is a greyed out DNS?:confused:

Apotheosis
Feb 27, 2008, 02:30 PM
That is complete BS, and many articles have been written about it which explains why it's complete BS in detail. All you're doing is spreading the urban myth, which maybe is all you want to do :rolleyes:

You need to be completely naive to make a comment as that. Microsoft was just as naive when they challenged the world to hack Windows Server 2003. When the world was challenged, the world showed Microsoft to keep their mouthes shut. Just because you think something isn't possible, doesn't mean it isn't. Also, just because you haven't seen something done, doesn't mean it hasn't been done.

Give me SSH access to your root account or any account on your /etc/sudoers list and I'll have something going in a few minutes (and no, I won't delete anything). It would be undetectable unless you have knowledge in either BSD or TCP/IP and were looking for something. You'll be safe, you're on a Mac and Macs are invincible. :rolleyes:

MacBook-Gal
Feb 27, 2008, 07:36 PM
So are people who never visit porn sites or open weird emails safe from getting the trojan?

Do those of you who believe that Macs are not immune to viruses and bugs think that having some kind of protection such as intego is worthwhile?

030108
Mar 6, 2008, 08:16 PM
...OSX is really only safer against Trojans because of market share.

I do not know much and I am new to Apple, but I agree 100%.

I have been to forums, Apple stores, etcetera, asking various questions and, almost without exception, mac users seem to think the machine is inherently invincible when it comes to malware.

Apple store staff literally laughed at me when I asked if they had the Intego security software in stock that THEIR OWN WEBSITE displays for sale.

And, on another forum, where I was seeking answers regarding an antivirus app, at least one particular user was clearly trying to drag me into some type of showdown where that user would embarrass and admonish me for using antivirus at all. Thankfully, I was able to keep ignoring that user's repeated queries as to why I need an antivirus app. Ultimately, other than that user trying to bait me into an antivirus on a mac debate, I appreciated that user's help very much.

I really do not like the cost of it, but I use antivirus and third party firewall software on my mac for, to some extent, the same reason I will continue to lock my doors and windows when I finally move to a town that does not have burglaries.

How many of us have watched those unfortunate breaking news stories where neighbors to someone who became a victim in their own home are saying "...something like this has NEVER EVER happened here" and that is why our poor neighbor and his family were such easy victims. They did not even bother to lock their doors because they KNEW they were 100% safe.