PDA

View Full Version : Mac's First Trojan Begins to Breed


MacBytes
Nov 8, 2007, 10:03 AM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Mac's First Trojan Begins to Breed (http://www.macbytes.com/link.php?sid=20071108110355)
Description:: none

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

Eidorian
Nov 8, 2007, 10:10 AM
First trojan?

What about the iChat one from 2 years ago that used a Safari open safe file exploit. :rolleyes:

QuarterSwede
Nov 8, 2007, 10:36 AM
The gang behind a Mac Trojan has been churning out slightly modified versions to evade malware detection.
So the answer is still the same. Don't be stupid and give suspicious things downloaded from the internet access. D U H.

foodog
Nov 8, 2007, 10:40 AM
It is so crafty how it installs.
1. You go to a website
2. The dmg file downloads
3. You Mac says "Hey do you want to open this file?" (unless you turned this off)
4. The dmg file mounts, and a finder window opens
5. You manually launch the installer
6. You type in an admin name and password so the Trojan can install / load.

Look out all the Macs on the planet are doomed. :rolleyes:

Same Trojan on Windows

1. You go to a website
2. You get blasted by the driveby download
3. You go buy a new computer because it runs really slow and the guy at the store tells you you need faster hardware. :D


http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Mac's First Trojan Begins to Breed (http://www.macbytes.com/link.php?sid=20071108110355)
Description:: none

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

GenesisST
Nov 8, 2007, 11:28 AM
It is so crafty how it installs.
1. You go to a website
2. The dmg file downloads
3. You Mac says "Hey do you want to open this file?" (unless you turned this off)
4. The dmg file mounts, and a finder window opens
5. You manually launch the installer
6. You type in an admin name and password so the Trojan can install / load.

Look out all the Macs on the planet are doomed. :rolleyes:


Well, it's from pr0n websites... So users have less blood to the brain and have to work with only one hand... :D

psychofreak
Nov 8, 2007, 11:33 AM
3. You Mac says "Hey do you want to open this file?" (unless you turned this off)
I don't think you can turn this off unfortunately, its a pain in the arse...

gceo
Nov 8, 2007, 11:50 AM
As a Mac IT guy, this is pretty easy. I don't give anyone the password to their own workstation....

Looks like win is pwned on this one.

Anyone here remember the Auto-start (AKA Hong Kong) virus?

SiCbe
Nov 8, 2007, 11:52 AM
I don't think you can turn this off unfortunately, its a pain in the arse...

oh no? my safari automatically mounts my downloaded dmg files once they are completed so... :)

pgwalsh
Nov 8, 2007, 01:05 PM
Well, it's from pr0n websites... So users have less blood to the brain and have to work with only one hand... :D
That's really wrong, but funny. :D

psychofreak
Nov 8, 2007, 01:06 PM
oh no? my safari automatically mounts my downloaded dmg files once they are completed so... :)
Mine too...although when first opening an app there is a message...

byakuya
Nov 8, 2007, 02:24 PM
Well, it's from pr0n websites... So users have less blood to the brain and have to work with only one hand... :D

LOOL...that was a good one...
while I think even Mac users will have to deal with malware and viruses eventually, this one can hardly be classified as "dangerous".
best antivirus and malware protection is still a brain that is being used...regardless of the OS.

Rodimus Prime
Nov 8, 2007, 03:05 PM
This is far from over. We can expect an expectational growth in the number of Trojans for the macs because of this. This one really has done some damage and now people are modifying them for there own usage and putting it back out there.

It is going to grown and become worse and worse. Plus this is the first step down the road to the first virus hitting the mac. Also it going to be at some point mac user will need to start running antispyware scans, and AV scans. The spyware scanners coming first

WhiteShadow
Nov 8, 2007, 03:38 PM
Well, it's from pr0n websites... So users have less blood to the brain and have to work with only one hand... :D

that is exactly how it got me.....haha

Jade Cambell
Nov 8, 2007, 03:44 PM
Earlier today, Safari gave me all these little popup windows that said "Your computer may be infected with a trojan" and offered for me to download virus protection. I clicked "cancel" on every one, and my computer seems just fine.

pgwalsh
Nov 8, 2007, 05:15 PM
This is far from over. We can expect an expectational growth in the number of Trojans for the macs because of this. This one really has done some damage and now people are modifying them for there own usage and putting it back out there.

It is going to grown and become worse and worse. Plus this is the first step down the road to the first virus hitting the mac. Also it going to be at some point mac user will need to start running antispyware scans, and AV scans. The spyware scanners coming first
It's only going to get worse if people don't pay attention to what they're downloading and installing.

cal6n
Nov 8, 2007, 05:47 PM
oh no? my safari automatically mounts my downloaded dmg files once they are completed so... :)

Mine doesn't. In fact it doesn't do anything with downloads until I tell it.

decadentdave
Nov 8, 2007, 05:50 PM
oh no? my safari automatically mounts my downloaded dmg files once they are completed so... :)

Go into your preferences and tell it not to automatically download and open. Problem solved.

cal6n
Nov 8, 2007, 05:52 PM
This is far from over. We can expect an expectational growth in the number of Trojans for the macs because of this. This one really has done some damage and now people are modifying them for there own usage and putting it back out there.

It is going to grown and become worse and worse. Plus this is the first step down the road to the first virus hitting the mac. Also it going to be at some point mac user will need to start running antispyware scans, and AV scans. The spyware scanners coming first

You're completely and utterly wrong. This changes almost nothing. It's just social engineering, that's all. Anyone who gives their password to a random website deserves all they get. Sorry to sound harsh, but that's it.

*edit* On reflection, it does change something. It's probably actually worth running separate user and admin accounts now.

decadentdave
Nov 8, 2007, 05:54 PM
Just like anyone who jailbreaks their phone and installs 3rd party apps is just asking for trouble.

Squonk
Nov 8, 2007, 05:56 PM
So let's just say I was stupid enough to install this. How can I remove it? [Please refrain from bashing me, ok??? please...] I'll say it again, I was stupid.

Eidorian
Nov 8, 2007, 06:10 PM
So let's just say I was stupid enough to install this. How can I remove it? [Please refrain from bashing me, ok??? please...] I'll say it again, I was stupid.http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php

That took about 30 seconds of work in Google. That's an eternity for me.

cal6n
Nov 8, 2007, 06:10 PM
So let's just say I was stupid enough to install this. How can I remove it? [Please refrain from bashing me, ok??? please...] I'll say it again, I was stupid.

Read this (http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml) and then learn to search...

solvs
Nov 8, 2007, 06:17 PM
As a Mac IT guy, this is pretty easy. I don't give anyone the password to their own workstation....

Looks like win is pwned on this one.

Especially since, if a non-admin on a locked down Windows machine gets a virus or trojan, which is entirely possible, they usually can't run the installer fix without an admin password.

I'm with everyone else, don't download and install it if you don't know what it is.

Squonk
Nov 8, 2007, 09:02 PM
http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php

That took about 30 seconds of work in Google. That's an eternity for me.

Thanks all the same.

Eidorian
Nov 8, 2007, 09:07 PM
Thanks all the same.It wasn't the first hit and it took about 2 pages of hopping before I found it. :eek:

stcanard
Nov 8, 2007, 09:49 PM
Mine too...although when first opening an app there is a message...

Safari -> Preferences -> General

Under "Remove download list items" There is a checkbox labelled 'Open "safe" files after downloading' -- uncheck it.

Cheers.

Rodimus Prime
Nov 8, 2007, 10:54 PM
You're completely and utterly wrong. This changes almost nothing. It's just social engineering, that's all. Anyone who gives their password to a random website deserves all they get. Sorry to sound harsh, but that's it.

*edit* On reflection, it does change something. It's probably actually worth running separate user and admin accounts now.

you may of missed what I was saying. I am saying this thing is already having new version coming out and they are getting modified. If you follow windows Trojans, virus, and malware you will noticed that a lot of the new "virus" are just modified versions of an older one.
This is way I said it will grow. This is the first step on the road down for the first virus/worm to hit the mac.

Also from the article t did point out that the Bagle Trogan for windows because one of the most successful malware to be put out and it was not stop by click to install.

This Trojans for OSX are going to have a much easier time infecting mac users because way to many of them have a false sense of security. Also add in the fact that next to Zero mac users have an AV software on their computer. AV software will general catch a download Trojan. So add that in with the false sense of security and safety it makes it really easy to nail mac users

People forget Trojans are what cover most of the the "viruses" out there. They are the easiest to infect computers because it uses user stupidity to get around any security the OS has built in.

solvs
Nov 9, 2007, 01:15 AM
I don't know what antivirus could have done about this. Users already downloaded the file manually, then put in their password and installed it. Ignoring the warning. Maybe Mac users do feel a little too secure, but as said, you can't beat the human factor.

Rodimus Prime
Nov 9, 2007, 01:41 AM
I don't know what antivirus could have done about this. Users already downloaded the file manually, then put in their password and installed it. Ignoring the warning. Maybe Mac users do feel a little too secure, but as said, you can't beat the human factor.


Most quallity AV software I know will automatically scan any downloaded file. Also generally speaking the bowser will tell the AV software to do it as well. This is what autoprotect job is to do. So while the file is manually downloaded it still is scanned. So if AV software is doing its job it would prevent the file from even being able to be click on to install. It sorta saves the users from their own stupidity.

I might like to add even the best users makes very stupid mistakes and can fall for a trojan.

Phil A.
Nov 9, 2007, 01:59 AM
So let's just say I was stupid enough to install this. How can I remove it? [Please refrain from bashing me, ok??? please...] I'll say it again, I was stupid.

Just keep both hands on the keyboard next time :D

msackett@cox.ne
Nov 9, 2007, 02:29 AM
Integro updated its virus definition for the recent Porno Trojan.

Their virus definition lagged by several days the publication by forums, blogs and newsletters who detailed the recognition and destruction of the virus. So much for the protection of antivirus software.

Rodimus Prime
Nov 9, 2007, 02:32 AM
Integro updated its virus definition for the recent Porno Trojan.

Their virus definition lagged by several days the publication by forums, blogs and newsletters who detailed the recognition and destruction of the virus. So much for the protection of antivirus software.

well it takes some time to get out those updates. Plus AV software is going to be a little on the weaker side for macs for a little while. Nice thing about AV software is it will pick up anything that is similar to the trogan.

MisterToad
Nov 9, 2007, 09:49 AM
Hi, first post here, so hope I don't put my foot in it:).

I fall into the general camp of the guy (Rodimus Prime I think) saying that more viruses will be appearing and that care is the sensible way forward. While the Mac is a safe bet as far a security goes right now, it really isn't always going to be that way. True it is a user clicking ok and typing their password is the problem right now, but I just think that determined criminals find a way in the end.

Since I switched several years ago (and I would not go back) virtually all the Windows users who see my Mac (and who I let play on it;)) fall in love with it. Most all of them have now decided to switch at their first chance. That's great, more Mac friends :apple:, but the only issue with this success is that it breeds more users and I believe that will be the downfall of the security we currently experience. The more users there are, the more the Mac becomes appealing to the wasters who plague our planet (Bring back national service... where's my pipe and slippers? :D).

When the "Social Engineers" really see the Mac as a viable market, worth investing large amounts of time in, I believe we are in for a rocky ride. Real social engineering, done well is incredibly hard to resist. No matter how careful you think you are.

Fully accept not everyone will agree with this.

That all said, is anyone else using ClamXav? I had been using Integro, but saw Clam recently just as my virus update subs were due and thought I might give it a go. Just difficult to know (with all this security sloshing around ;))if it is actually effective.

Ade

byakuya
Nov 9, 2007, 10:18 AM
I use ClamXAV...not really to protect my Mac but rather to scan my incoming and outgoing mails...via sentry the folder monitoring feature
I just don't want to spread viruses etc. out to my friends (I know it's their responsibility to protect themselves but if I can do something to help without big inconveniences I'll do it)

I am considering starting to let clamxav scan my download folder as well but we'll see...right now I don't really see the point of doing that.

jayducharme
Nov 9, 2007, 10:46 AM
Most all of them have now decided to switch at their first chance. That's great, more Mac friends :apple:, but the only issue with this success is that it breeds more users and I believe that will be the downfall of the security we currently experience.

Well, sort of.... I think the problem lies not with the number of users, but with the type of users who will eventually come into the Mac fold -- the "vast unwashed" who have migrated from Windows. Many of us are computer savvy and know about administrator passwords and safe web habits. But for the majority of less experienced users, they might not like having to type in their password, and they might be completely naive when it comes to surfing habits. Those are the people who pose a dilemma for Apple. People rarely blame themselves when they trash their own computers. It's easier to blame the technology. So when potentially millions of new Mac users begin doing dumb things out of ignorance, Apple's most likely the one who will take the heat.

Perhaps the Welcome screen on each Mac could inform the user of the importance of logging in each session. Maybe Apple could make password use "fun," just as they've made backups fun with Time Machine. What an idea -- a trippy, graphically pleasing interface for security features!

cal6n
Nov 9, 2007, 04:56 PM
you may of missed what I was saying. I am saying this thing is already having new version coming out and they are getting modified. If you follow windows Trojans, virus, and malware you will noticed that a lot of the new "virus" are just modified versions of an older one.
This is way I said it will grow. This is the first step on the road down for the first virus/worm to hit the mac.

Also from the article t did point out that the Bagle Trogan for windows because one of the most successful malware to be put out and it was not stop by click to install.

This Trojans for OSX are going to have a much easier time infecting mac users because way to many of them have a false sense of security. Also add in the fact that next to Zero mac users have an AV software on their computer. AV software will general catch a download Trojan. So add that in with the false sense of security and safety it makes it really easy to nail mac users

People forget Trojans are what cover most of the the "viruses" out there. They are the easiest to infect computers because it uses user stupidity to get around any security the OS has built in.

I understand exactly what you're saying. It's just that you're wrong. These trojans (and it doesn't matter how many versions of them there are) require the active co-operation of their intended victims and in this respect they cannot spread unassisted. Until malware is able to bypass OS X's password protection by means other than social engineering we have very little to fear. These types of exploit are nothing more than a variant of Phishing attacks and, while vigilance is required, nothing has really changed. The only real difference is that the marketing and sales departments of security software writers can now have a field day drumming up custom from gullible noobs on sites like this.

kresh
Nov 9, 2007, 05:17 PM
People forget Trojans are what cover most of the the "viruses" out there. They are the easiest to infect computers because it uses user stupidity to get around any security the OS has built in.



If you were to say "malware" instead of "viruses" I could agree with what you are saying.

But you are totally destroying a class of malware by calling everything that is harmful to your computer a virus. A virus is a very special class, it can spread without any interaction with the user. It was intentially called a virus to mimick a biological infection that self-replicates.

I am not at all worried about a Mac virus sweeping worldwide and crushing OS X. The problem is that Applehaters and the media is just waiting on any malware so they can equate it to all the malware, including the dreaded virus, that plagued the earlier Windows platforms.

The coming harm to OS X is going to be more mental than actual when all the haters start the PR campaigns.

Rodimus Prime
Nov 9, 2007, 07:42 PM
I understand exactly what you're saying. It's just that you're wrong. These trojans (and it doesn't matter how many versions of them there are) require the active co-operation of their intended victims and in this respect they cannot spread unassisted. Until malware is able to bypass OS X's password protection by means other than social engineering we have very little to fear. These types of exploit are nothing more than a variant of Phishing attacks and, while vigilance is required, nothing has really changed. The only real difference is that the marketing and sales departments of security software writers can now have a field day drumming up custom from gullible noobs on sites like this.

Like I said before this trojans are just the first step to a true virus hitting OSX. First things first and that is just figure out how to compose the system in some way. 2nd harder to do and that is the spreading part but the first very hard step has been completed. Now the next one will be done at some point in time.

the OSX users of the world might finally be reaching critical mass where they are becoming a viable target for virus and malware0 I think that is what it really shows is OSX is reaching critical mass so it really is only a matter of time

decadentdave
Nov 9, 2007, 11:07 PM
Why hasn't there been a serious virus and/or malware threat in the past? Don't use Apple's relatively small market share numbers as an excuse. Any system can be hacked. Believe me, if someone wanted to penetrate a system's security they would find way to exploit it. Tricking someone into downloading a trojan app through "social engineering" or otherwise. If someone wanted to exploit the Mac OS to expose its vulnerabilities, it would have been done long ago just to prove a point that it can be done. I remember having this conversation with a friend of mine who is a staunch PC advocate about 15 years ago and we have had numerous arguments about viruses and security threats to the Mac OS and even he conceded that it would already have been done just to piss off the Mac community into disillusionment that the walls of their false sense of security had come crumbling down. Those were his words not mine.

Rodimus Prime
Nov 9, 2007, 11:27 PM
Why hasn't there been a serious virus and/or malware threat in the past? Don't use Apple's relatively small market share numbers as an excuse. Any system can be hacked. Believe me, if someone wanted to penetrate a system's security they would find way to exploit it. Tricking someone into downloading a trojan app through "social engineering" or otherwise. If someone wanted to exploit the Mac OS to expose its vulnerabilities, it would have been done long ago just to prove a point that it can be done. I remember having this conversation with a friend of mine who is a staunch PC advocate about 15 years ago and we have had numerous arguments about viruses and security threats to the Mac OS and even he conceded that it would already have been done just to piss off the Mac community into disillusionment that the walls of their false sense of security had come crumbling down. Those were his words not mine.

while I believe the OSX is a much more secure OS I also believe market share is also a large factor in the lack of attacks made on it. Also might like to point out that the number of people who have the expertise and the know how to even attempt to hack the mac is very small.

Now as I said early I believe the Trojans starting to crop up to me just tells me OSX is starting to reach critical mass. At that point it means it become a viable target for more than just fame. It is now a viable target for money as well and with that factor added in it becomes a very different ball game. It means a huge increase in the amount of resources put into hacking the mac. This is why I think it is the first step to the first true virus for OSX to hit. The appearance of trojans to me is just the first step.

decadentdave
Nov 9, 2007, 11:33 PM
I guess before long there will be very little delineation between the Mac OS and Windoze. :(

SPUY767
Nov 10, 2007, 07:55 AM
you may of missed what I was saying. I am saying this thing is already having new version coming out and they are getting modified. If you follow windows Trojans, virus, and malware you will noticed that a lot of the new "virus" are just modified versions of an older one.
This is way I said it will grow. This is the first step on the road down for the first virus/worm to hit the mac.

Also from the article t did point out that the Bagle Trogan for windows because one of the most successful malware to be put out and it was not stop by click to install.

This Trojans for OSX are going to have a much easier time infecting mac users because way to many of them have a false sense of security. Also add in the fact that next to Zero mac users have an AV software on their computer. AV software will general catch a download Trojan. So add that in with the false sense of security and safety it makes it really easy to nail mac users

People forget Trojans are what cover most of the the "viruses" out there. They are the easiest to infect computers because it uses user stupidity to get around any security the OS has built in.

You have to think tho, I'd wager that Mac users, per capita, spend ess time wanking it to pictures on nefarious sites than PC users.

I guess before long there will be very little delineation between the Mac OS and Windoze. :(

You guess wrong. Until Windows gives up their antiquated kernel and starts from scratch with something better, there will always be a great deal of difference between the two.

clevin
Nov 10, 2007, 10:12 AM
You guess wrong. Until Windows gives up their antiquated kernel and starts from scratch with something better, there will always be a great deal of difference between the two.

more like until OSX gets better marketshare.

OSX didn't start from scratch, otherwise apple would spend 20+ years on it.

SiliconAddict
Nov 10, 2007, 12:43 PM
It is so crafty how it installs.
1. You go to a website
2. The dmg file downloads
3. You Mac says "Hey do you want to open this file?" (unless you turned this off)
4. The dmg file mounts, and a finder window opens
5. You manually launch the installer
6. You type in an admin name and password so the Trojan can install / load.

Look out all the Macs on the planet are doomed. :rolleyes:

Same Trojan on Windows

1. You go to a website
2. You get blasted by the driveby download
3. You go buy a new computer because it runs really slow and the guy at the store tells you you need faster hardware. :D

Well that's a load of crap. IE 7 generally takes care of "driveby" downloads and its a nonissue if you are using Firefox or anything other then IE. Even less so if you are using the adblocker addin for FF.
Trojans are the same on both platforms. It is only SLIGHTLY easier to install on XP (Vista its exactly the same difficulty. You NEED to enter a password.) Trojans are designed to exploit the id10t problem found on all platforms and that is a user who doesn't use his damn brain. Which believe it or not does occur on the Mac as well because newbies have fallen into this belief that OS X is malware PROOF when in fact it is only resistant. You can thank the fanbois for populating this notion. The realists on the Mac platform give newbies the REAL scoop and that is you DO need to be somewhat cautious. Not as much as on XP or Vista but a bit.

You have to think tho, I'd wager that Mac users, per capita, spend ess time wanking it to pictures on nefarious sites than PC users.



You guess wrong. Until Windows gives up their antiquated kernel and starts from scratch with something better, there will always be a great deal of difference between the two.

You really know nothing about Windows with the remark...or computer science at all for that matter. Do you know how OLD the kernel used in OS X is?
The NT code used in NT, 2K, XP, 2003, and Vista is robust and perfectly fine. One of the core problems with it has been the threading between it and much of the drivers and API that has caused problems in the past. This HAS been resolved with Vista. Its a stepping stone no different then Apple's transition from Carbon to Cocoa. The difference is that Apple doesn't have an industry to try and avoid pissing off as it does so.
This is what irks me about fanbois. Apple pulls some really fracked up crap that developers would firebomb MS's HQ if they tried every few years. If MS tried releasing and OS every couple years and discontinuing support every 3-4 years, every CIO in the world would be at their front door ready to sue the crap out of them. Again Apple doesn't have an industry to support. Microsoft does.

solvs
Nov 11, 2007, 05:19 AM
while I believe the OSX is a much more secure OS I also believe market share is also a large factor in the lack of attacks made on it.
Not exactly true. There were viruses for OS 9 which had lower marketshare and lower visibility. There have been viruses for others with low marketshare as well, like Windows mobile when it first came out, Vista before it was even released, Linux on iPod, etc. Whereas there are Unix server systems that are more widespread among businesses that have little or no compromises.

Not to mention, as already mentioned, those who'd like to bring us smarmy bastards down a peg.

I guess before long there will be very little delineation between the Mac OS and Windoze. :(
Why do you say that?

Rodimus Prime
Nov 11, 2007, 12:44 PM
Not exactly true. There were viruses for OS 9 which had lower marketshare and lower visibility. There have been viruses for others with low marketshare as well, like Windows mobile when it first came out, Vista before it was even released, Linux on iPod, etc. Whereas there are Unix server systems that are more widespread among businesses that have little or no compromises.

Not to mention, as already mentioned, those who'd like to bring us smarmy bastards down a peg.

All that does not change the fact that low market share is a large factor in the very low number of attacks on OSX. The biggest motivation to do anything to OSX is what glory. In the end that is really not that much motivation when you compare it to money. Plus the glory boys well most of those people use windows and lack the expertise to hand OSX.

I am not saying OSX is not hard to do something to. We know for a fact that it is a very strong and secure OS. Just it needs to be remember marketshare is a factor.

As for stuff targeting vista and windows CE I might want to point out they have a fair large knowledge base to draw on. For example a lot of the things they have learned how to target in any of the windows NT based systems.

I just think the lack of money has been a huge motivating factor for the very low number of attacks on OSX.

solvs
Nov 11, 2007, 10:58 PM
All that does not change the fact that low market share is a large factor in the very low number of attacks on OSX.
Again, it really doesn't because as I pointed out, there have been others with far lower marketshare and visibility, like OS 9, whereas there are some 'nix systems that have very good reasons to break into them that aren't vulnerable.

The biggest motivation to do anything to OSX is what glory.
The glory of being the first, not to mention taking us smug Mac users down a peg.