Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Antivirus Firm Warns of New Mac OS X Spyware Application

dukebound85 said:
Apple can't stop people being "stupid" who give out their admin password for questionable apps they download
Click to expand...

Well, actually it's not that simple. In a secure system, you have to provide administrator credentials to install virtually anything into /Applications. Programs that can run from the Desktop should be fine, I guess. I think the whole "Installer" idea is very windoze and very flawed.
 
ericinboston said:
Huh? You're trying to argue a LARGE topic here by throwing out a few sentences. This topic of "why Macs have basically been less prone to security risks from 1992-2008 than Windows" has been talked in great length in other threads on this forum, other forums, and well-published magazines and newspapers. There is no way to summarize it. Please go find those threads if you really want to understand the technical and NON-technical reasons why systems are prone to security attacks...and why some systems more than others.

And no, who ever said that as soon as Mac personal computer market share hit 51% that they would all do down? The simpler statement would be that, as long as malware/spyware/viruses are legal/hard-to-punish in many countries they will continue to exist and evolve...and...they will continue to be written to affect the most widely adopted platforms/systems. Currently, if you were a malware/spyware/virus programmer, you would want to annoy the most people for your efforts. Therefore, hit the Windows platform. Next up would likely be a tie between Mac and Linux. And I believe that right now we are starting to see evil programmers take aim at the Mac as the Mac platform gains adoption. It's Marketing 101...if you're selling air conditioners, you're probably not going waste your budget and advertise in Alaska.
Click to expand...
OR you would love to throw the Mac user base (Like this one! GASP!) into spirals because you've created the first 'virus'. If your a virus programmer you want succeed. There are PLENTY of macs to attack. There isnt any question about that. IDC how you try to argue it! There are a lot of mac users that these people can attack. You act like there are 2 macs out there. Anyways there is a much LOWER success rate when trying to do this on a mac.
 
techpr said:
How to detect it?

I have read on a spanish Mac site a comment about to detect it by running a terminal command, Netstat.



Comments?
Click to expand...

netstat just shows all current "connections " to the internet for example it will have a long list and say for example imaps witch is the connection for e-mail i Think (but not sure) and, another i have is for logme in app so i can remotely control my mac. so yes u can identify it from that.
 
SteinMaster said:
Looks like it is hosted at SoftLayer Hosting.

Domain name: xeeno.com

Registrant Contact:
Normalkid LLC
Arnold Kim ()

Fax:
4870 Sadler Road
Suite #300
Glen Allen, State 23060
US

OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
Click to expand...

Fair enough, but I'm curious why a memory-resident malware scanner is blocking portions of this website from loading. I find it rather humorous, that a website plastering flamebait articles like this on their front page, is itself blocked by one of the most reputable Windows malware scanners on the market.
 
ericinboston said:
Where are all the people on this forum that for years proclaimed that Mac OS was virus/spyware free and there would NEVER be viruses/spyware due to OSX being built on Linux.
Click to expand...

The problem is that most users don't understand the difference between root and normal access. If someone downloads an OSX binary and said binary asks for the "Adminstrator" password to install, I suspect 99.9% of users would offer that up. After all, lots of legitimate apps require that to install. From that point on any malware has 100% access to your system.

It's a ticking time bomb really. Once OSX gets enough of a userbase to be worth exploiting the malware will be everywhere, and a Unix underpinning will have no way to prevent that.

The only real solution is... iPhone OS. Seriously! Running apps in a sandbox environment is the de facto standard way of isolating potentially dangerous code. Maybe in the future they'll be clamouring for an iphone OS on our desktops. If people blindly offer up their administrator password on application install then it'll be the best thing for them.
 
RobertD63 said:
Lil snitch will stop any out going connections that is not approved first of all. Second of all, until I hear personal stories of people being infected I call this a marketing stunt.
Click to expand...

yeh i think it's time for me to reactivate lil snitch.
 
LOL. "Found by an antivirus company."
Speaks for itself.
"Buy our software, you will be protected on your Mac Bawks!"
I think they made it up or created it.
It's just Malware. It is't self replicating and it surely isn't a virus.
Intego, go away.
 
ericinboston said:
Huh? You're trying to argue a LARGE topic here by throwing out a few sentences. This topic of "why Macs have basically been less prone to security risks from 1992-2008 than Windows" has been talked in great length in other threads on this forum, other forums, and well-published magazines and newspapers. There is no way to summarize it. Please go find those threads if you really want to understand the technical and NON-technical reasons why systems are prone to security attacks...and why some systems more than others.

And no, who ever said that as soon as Mac personal computer market share hit 51% that they would all do down? The simpler statement would be that, as long as malware/spyware/viruses are legal/hard-to-punish in many countries they will continue to exist and evolve...and...they will continue to be written to affect the most widely adopted platforms/systems. Currently, if you were a malware/spyware/virus programmer, you would want to annoy the most people for your efforts. Therefore, hit the Windows platform. Next up would likely be a tie between Mac and Linux. And I believe that right now we are starting to see evil programmers take aim at the Mac as the Mac platform gains adoption. It's Marketing 101...if you're selling air conditioners, you're probably not going waste your budget and advertise in Alaska.
Click to expand...

Nicely said ericinboston. The majority of miscreants who write malware do it to make money (and also be a nuisance). Money is the bottom line. Why do you think malware is written to steal bank log-in credentials, fake anti-virus, adware, etc. It is to make money. Why would I spend the time to write malware for OSX when i can write it for PC's and infect many, many more systems. It is called Return on Investment. So, to say the number of OS out there does not matter, is missing a big part of why malware is written. Why do you think international organized crime syndicates are using PC malware. They are not doing it for the fun of it.
 
techpr said:
How to detect it?

I have read on a spanish Mac site a comment about to detect it by running a terminal command, Netstat.



Comments?
Click to expand...


I'll comment -- Thanks you for posting this hint! It eased my mind.
 
RobertD63 said:
OR you would love to throw the Mac user base (Like this one! GASP!) into spirals because you've created the first 'virus'. If your a virus programmer you want succeed. There are PLENTY of macs to attack. There isnt any question about that. IDC how you try to argue it! There are a lot of mac users that these people can attack. You act like there are 2 macs out there. Anyways there is a much LOWER success rate when trying to do this on a mac.
Click to expand...

Are you trying to make a point? If so, be more clear...you're just blabbering in all directions.
 
Reed Rothchild said:
The problem is that most users don't understand the difference between root and normal access. If someone downloads an OSX binary and said binary asks for the "Adminstrator" password to install, I suspect 99.9% of users would offer that up. After all, lots of legitimate apps require that to install. From that point on any malware has 100% access to your system.

It's a ticking time bomb really. Once OSX gets enough of a userbase to be worth exploiting the malware will be everywhere, and a Unix underpinning will have no way to prevent that.

The only real solution is... iPhone OS. Seriously! Running apps in a sandbox environment is the de facto standard way of isolating potentially dangerous code. Maybe in the future they'll be clamouring for an iphone OS on our desktops. If people blindly offer up their administrator password on application install then it'll be the best thing for them.
Click to expand...

There's nothing any OS can do about such a user. Not Windows, not Linux, not OS X, not BSD, nothing.

If the user downloads an app, the app prompts for admin username/password, the user puts it in, and the app turns out to be game over, then there's nothing anyone can do.

OSes cannot protect a stupid, uninformed user from themselves. There would be a reduction in problems (potentially, anyway) if Apple went to an App Store for OS X, where everything's checked before being allowed in, but even that's not going to completely prevent it.
 
What a weird coincidence that this "firm" releases info about this supposedly spyware program after Google announces they are ditching windows internally.
 
Reed Rothchild said:
The only real solution is... iPhone OS. Seriously! Running apps in a sandbox environment is the de facto standard way of isolating potentially dangerous code. Maybe in the future they'll be clamouring for an iphone OS on our desktops. If people blindly offer up their administrator password on application install then it'll be the best thing for them.
Click to expand...
Correct! There really is very little defense against a user deliberately choosing to authorize the installation of malware short of a system controlled by Big Brother. While that would never be appropriate for the rest of us, I truly wouldn't be surprised if the likes of the iPad OS becomes the future of general user computers. It will be the sort of computer people recommend to the family members that always find a way to infect their computers.

Thankfully (for the computer professionals) we are going to have traditional computers—the insecure tinker-friendly sort—around for a very very long time.
 
Reed Rothchild said:
The problem is that most users don't understand the difference between root and normal access. If someone downloads an OSX binary and said binary asks for the "Adminstrator" password to install, I suspect 99.9% of users would offer that up. After all, lots of legitimate apps require that to install. From that point on any malware has 100% access to your system.

It's a ticking time bomb really. Once OSX gets enough of a userbase to be worth exploiting the malware will be everywhere, and a Unix underpinning will have no way to prevent that.

The only real solution is... iPhone OS. Seriously! Running apps in a sandbox environment is the de facto standard way of isolating potentially dangerous code. Maybe in the future they'll be clamouring for an iphone OS on our desktops. If people blindly offer up their administrator password on application install then it'll be the best thing for them.
Click to expand...

Agreed... it's like that old saying: "The Problem Lies between the Screen and the Chair" (or was it the keyboard and the chair?).
There is very little the 'System', no matter how robust, can do against Social Engineering, Deception, Dumb Users.

The only solution would be an iPhone-like environment, but we don't want all the trolls screaming "Steve is Hitler!!!", do we?
 
wjlafrance said:
Any IT person worth their salt knows that OS X is not based on Linux.

Additionally, any IT person worth their salt knows that a system is only as strong as their user is smart, which generally means that it's like a Corvette with the top down, windows unlocked, and a big sign saying "There's a million dollars sitting in the back seat."

EDIT -
A trojan horse is an attack that pretends to be something else. Let's see if I can find an example.. aha! The Trojan Horse! A gift from the Trojans, but in reality the horse was full of soldiers. Trojans spread by social engineering, through stunts like "this site requires JavaScript", "please enter your password", etc. Saying "please enter your password" is like going to a restaurant and being asked for your social security number and your billing address when you need to use a credit card. Maybe you'd tell them, but I'd say "Hold my drivers license when I go to the bank to get cash, then to the police station."
Click to expand...


Who cares. It doesn't matter. Linux, Unix, whatever. This topic is about a stupid piece of Malware written to sell antiviral software for the Mac. End of Story. If you want to get into the nuances of differences between OSX, Debian, and Linux... well then start a thread and lets go at it.

This antivirus company most likely wants to sell its software on Apple because of its growing popularity these days.
 
ranReloaded said:
Well, actually it's not that simple. In a secure system, you have to provide administrator credentials to install virtually anything into /Applications. Programs that can run from the Desktop should be fine, I guess. I think the whole "Installer" idea is very windoze and very flawed.
Click to expand...

I second that. when I buy a macheist bundle with 12 shareware apps in it and I decide to try out 10 of them I have to install them and type in my password. At that point the program can do whatever it wants. How would I know if they contain spyware or an application that is malicious?

The same is true when I install software from any decent developer. I have no choice but to trust that their installers are spyware free. So I don't think its my fault or I'm stupid if I get spyware this way.

For example I just installed Rippit and I wanted to install a handbrake module to compress video. I clicked yes because I sort of trust Rippit. But in theory just about anything could be installed

I have Macscan through a software bundle but never used it. would that help?
 
Dr Kevorkian94 said:
netstat just shows all current "connections " to the internet for example it will have a long list and say for example imaps witch is the connection for e-mail i Think (but not sure) and, another i have is for logme in app so i can remotely control my mac. so yes u can identify it from that.
Click to expand...

I know what Netstat do. I'm talking about the way to detecting it by running this netstat -an -f inet | fgrep 8254

Does this trojan uses the port 8254 only?

The spanish guy said in the comment, if netstat -an -f inet | fgrep 8254 does not return anything you are CLEAN. If it returns tcp4 0 0 *.8254 *. you got it.

Any comments on this here?
 
Perhaps it's noteworthy that we are seeing this right after Apple overtook MS in capitalization.

The bigger they are, the harder.......

Macafee ? :D
 
SteinMaster said:
Nicely said ericinboston. The majority of miscreants who write malware do it to make money (and also be a nuisance). Money is the bottom line. Why do you think malware is written to steal bank log-in credentials, fake anti-virus, adware, etc. It is to make money. Why would I spend the time to write malware for OSX when i can write it for PC's and infect many, many more systems. It is called Return on Investment. So, to say the number of OS out there does not matter, is missing a big part of why malware is written. Why do you think international organized crime syndicates are using PC malware. They are not doing it for the fun of it.
Click to expand...

I agree, but somebody else made a point here earlier: Why don't they go after the loads of Linux servers out there, too? I bet if you can successfully hack into a server you get the data from everyone sending their banking credentials through there.
 
Reed Rothchild said:
The problem is that most users don't understand the difference between root and normal access. If someone downloads an OSX binary and said binary asks for the "Adminstrator" password to install, I suspect 99.9% of users would offer that up. After all, lots of legitimate apps require that to install. From that point on any malware has 100% access to your system.
Click to expand...

Agreed...but what a lot of people all over the world forget is: Nothing is perfect. Nothing is 100% secure. What is secure today will be hacked/broken tomorrow. Whether you're talking about safes, locks on doors, car security systems, computer operating systems, house windows, the Enigma, a cell phone, or a padlock.

In regards to the endless debate about computer operating systems of yesteryear and today, again, they all have their security problems. Some are "attacked" more than others, on different levels, for different reasons, and to get different results.
 
techpr said:
I know what Netstat do. I'm talking about the way to detecting it by running this netstat -an -f inet | fgrep 8254

Does this trojan uses the port 8254 only?

The spanish guy said in the comment, if netstat -an -f inet | fgrep 8254 does not return anything you are CLEAN. If it returns tcp4 0 0 *.8254 *. you got it.

Any comments on this here?
Click to expand...

Guess I'm clean... but if it was a trap, I fell for it :eek:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back