Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 12, 2011, 01:02 PM   #26
sza
macrumors regular
 
Join Date: Dec 2010
in order to prevent this from happening, maybe the best way is to ship flash player with mac os x.
sza is offline   5 Reply With Quote
Old Aug 12, 2011, 01:02 PM   #27
nwcs
macrumors 6502a
 
Join Date: Sep 2009
Location: Tennessee
Quote:
Originally Posted by KnightWRX View Post
OpenDNS does not prevent this at all and OpenDNS has all sorts of other issues.
It's not a perfect cure but it helps more than it would hurt.
__________________
This space intentionally not blank
nwcs is offline   -2 Reply With Quote
Old Aug 12, 2011, 01:03 PM   #28
unobtainium
macrumors 6502a
 
Join Date: Mar 2011
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_5 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8L1 Safari/6533.18.5)

I get that this isn't a virus, but I'd also like to point out that the overwhelming majority of Windows-based malware also consists of trojans rather than actual viruses. In addition, I don't think the distinction means much to your average end user.
__________________
13" Retina MacBook Pro (early 2013); Airport Extreme (802.11ac); iPhone 6 (32GB); Apple TV (3rd gen)
unobtainium is offline   2 Reply With Quote
Old Aug 12, 2011, 01:04 PM   #29
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by nwcs View Post
It's not a perfect cure but it helps more than it would hurt.
It doesn't help at all in this case. And it hijacks NXDOMAIN responses to serve up ads instead, which goes against the very spec of DNS.

No thank you.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   3 Reply With Quote
Old Aug 12, 2011, 01:07 PM   #30
redbotsoftware
macrumors regular
 
Join Date: Jun 2009
Quote:
Originally Posted by Sjhonny View Post
This has nothing to do with Flash.
...and nothing to do with Trojans, right?
redbotsoftware is offline   -9 Reply With Quote
Old Aug 12, 2011, 01:08 PM   #31
lostngone
macrumors Demi-God
 
lostngone's Avatar
 
Join Date: Aug 2003
Location: Anchorage
Quote:
Originally Posted by nwcs View Post
Another reason to use OpenDNS as your DNS. Even if you get fooled by something this obvious there's at least a net to catch you before you fall.
What net?
OpenDNS does not follow RFCs for name resolution. They hijack and redirected failed name look-ups.
lostngone is offline   3 Reply With Quote
Old Aug 12, 2011, 01:08 PM   #32
UntamedNL
macrumors newbie
 
Join Date: Aug 2011
A short question:
I am kinda new too Mac OSX so I wonder if i need to download that anti malware program Apple gives. Or does that come standard on OS X Lion? I can't find it in my programs.

Thanks!
UntamedNL is offline   0 Reply With Quote
Old Aug 12, 2011, 01:08 PM   #33
accessoriesguy
macrumors 6502a
 
Join Date: Jul 2011
Quote:
Originally Posted by devilstrider View Post
Been out of the loop for 10 weeks and MacRumors is getting my up to speed fast. I love this site.
I'm amazed how their front page gets more than 1 new rummor/news post about Apple every day
__________________
accessoriesguy is offline   0 Reply With Quote
Old Aug 12, 2011, 01:08 PM   #34
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by redbotsoftware View Post
...and nothing to do with Trojans, right?
It is a trojan but is really does have nothing to do with Flash. This could be posing as an update to Safari, Mail.app, iPhone or anything else basically.

Quote:
Originally Posted by lostngone View Post
What net?
OpenDNS does not follow RFCs for name resolution. They hijack and redirected failed name look-ups.
They also provide some anti-phishing and typo correction, which basically means if you really wanted to go to that phishing site or to gogle.com, you can't.

And again : It doesn't help at all in this case. Once the host file is modified, unless you changed your nsswitch.conf to make dns take priority over the host file, the system resolver will honor the entry in the host file.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Aug 12, 2011, 01:09 PM   #35
archurban
Banned
 
Join Date: Aug 2004
Location: San Francisco, CA
Send a message via ICQ to archurban
Quote:
Originally Posted by Sjhonny View Post
Is this a sign?

Or just coincidence that in less then half a year two trojans show up in mac land.
yes, it's beginning. mac is not ruled out from malware, virus anymore. it means that mac os X could be vulnerable (even worst than windows 7). in terms of system protection, mac os x is very weak. you should remember it.
archurban is offline   -8 Reply With Quote
Old Aug 12, 2011, 01:10 PM   #36
accessoriesguy
macrumors 6502a
 
Join Date: Jul 2011
Quote:
Originally Posted by UntamedNL View Post
A short question:
I am kinda new too Mac OSX so I wonder if i need to download that anti malware program Apple gives. Or does that come standard on OS X Lion? I can't find it in my programs.

Thanks!
it comes standard built in. My advice to any mac owner, is just keep up with the updates. It lets you know of any once every week automatically i believe
__________________
accessoriesguy is offline   1 Reply With Quote
Old Aug 12, 2011, 01:10 PM   #37
Sjhonny
macrumors 6502
 
Join Date: Feb 2011
Location: The land of the cucumbers
Quote:
Originally Posted by KnightWRX View Post
Trojans have been around for much longer than that on OS X, this is a sign of status quo is anything. It just gets reported more than it used to.
Well that's what I mean. I know they have existed for like forever, but I think we can agree on the fact that there hundreds, maybe even thousands trojans available in the wild, but they just pass the review unnoticed. But since there tend to afloat more (they even get posted on MR!), wouldn't this also imply there are more unnoticed samples?

somewhat offtopic: Does anyone know of a Rootkit for OS X (obsolete or not)?
__________________
I'm Random, you're number two
Sjhonny is offline   0 Reply With Quote
Old Aug 12, 2011, 01:12 PM   #38
Oletros
In Time-Out
 
Join Date: Jul 2009
Location: Premià de Mar
Quote:
Originally Posted by Xian Zhu Xuande View Post
Any platform (outside one which is completely controlled like iOS) is susceptible to trojans, which depends on a user to fall for a trick and take necessary actions.
Even iOS has had trojan/spyware
Oletros is offline   0 Reply With Quote
Old Aug 12, 2011, 01:15 PM   #39
Sjhonny
macrumors 6502
 
Join Date: Feb 2011
Location: The land of the cucumbers
Quote:
Originally Posted by redbotsoftware View Post
...and nothing to do with Trojans, right?
It's a Trojan that appears to be a Flash update. Besides some images and some text they have nothing in common. If I paint my Opel red and draw a stallion on front, do I have a Ferrari?
__________________
I'm Random, you're number two
Sjhonny is offline   1 Reply With Quote
Old Aug 12, 2011, 01:16 PM   #40
JAT
macrumors 603
 
Join Date: Dec 2001
Location: Mpls, MN
Quote:
Originally Posted by BC2009 View Post
Funny.... I updated Flash yesterday on my kids' Mac mini and I thought that writing a Trojan that masquerades as an update to Flash would be brilliant since Flash is updated so often and getting prompted that you need to update Flash to view a website is very common..... And then today, here it is.
Hmm, what are you thinking about today?
__________________
-- Spiky
JAT is offline   5 Reply With Quote
Old Aug 12, 2011, 01:20 PM   #41
Xian Zhu Xuande
macrumors 6502a
 
Xian Zhu Xuande's Avatar
 
Join Date: Jul 2008
Quote:
Originally Posted by Sjhonny View Post
Ever heard of the site jealbreakme.com? There's no single man made OS (with extensive GUI elements and under the hood frameworks etc.) currently Trojan free.
Jailbreakme.com uses an actual exploit in the operating system. I was speaking generally about a basic trojan—one which tricks the user into installing it only to become something unexpected. Through the App Store the only way this can happen is if Apple actually allows it to slip through inspection. To hype that slim possibility as statistically significant would be hyperbolic. Actually, it is a little hyperbolic to use jailbreakme.com as an example of there being a real trojan threat on iOS, whether combining an exploit or otherwise.

Quote:
Originally Posted by Oletros View Post
Even iOS has had trojan/spyware
If you jailbreak it, some. If you don't jailbreak it, what? Spyware, perhaps, in the form of applications extracting information which isn't clearly announced to the user, but not on par with what many people expect when they hear the word 'Spyware' these days.
Xian Zhu Xuande is offline   0 Reply With Quote
Old Aug 12, 2011, 01:20 PM   #42
inkswamp
macrumors 68020
 
inkswamp's Avatar
 
Join Date: Jan 2003
Quote:
Originally Posted by longofest View Post
A question I have though, is under what conditions should ANY software modify the hosts file? Should Apple even allow programs that have been granted administrative rights to alter the hosts file? There is only a very limited benvolent use case for such an action, and that very related to what they did here: some anti-ad or anti-spyware utilities modify a host file to redirect known ad-producing domains to a "safe" domain. I personally think any modification of the host file should be given a warning like this:
The hosts file is not the only file in OS X that can be altered to yield malicious results. Apple would have to undertake an enormous amount of effort to protect every file that a given instance of malware can tamper with.

The problem, to me, seems to be traditional installers that do all kinds of things behind the user's back. I don't understand why Apple even supports installers anymore. Apple created a brilliant method of software installation with app bundles. Just drag and drop the app to your Applications folders and it's done. I'd always assumed that's where OS X was headed eventually and that installers were on their way out.
inkswamp is offline   1 Reply With Quote
Old Aug 12, 2011, 01:20 PM   #43
JAT
macrumors 603
 
Join Date: Dec 2001
Location: Mpls, MN
Quote:
Originally Posted by KnightWRX View Post
It is a trojan but is really does have nothing to do with Flash. This could be posing as an update to Safari, Mail.app, iPhone or anything else basically.
Quote:
Originally Posted by Sjhonny View Post
It's a Trojan that appears to be a Flash update.
I take it you guys are from out of town, and not familiar with USC?
__________________
-- Spiky
JAT is offline   0 Reply With Quote
Old Aug 12, 2011, 01:22 PM   #44
coolfactor
macrumors 68000
 
Join Date: Jul 2002
Location: Vancouver, BC CANADA
Quote:
Originally Posted by Macintox View Post
menu go to folder ..type this: /etc/
then open - hosts
the inside should look like this if it has not been modified
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
Question is does Xprotect have the capability to undo damage done by this malware? Can it repair the hosts file?
coolfactor is offline   0 Reply With Quote
Old Aug 12, 2011, 01:24 PM   #45
Xian Zhu Xuande
macrumors 6502a
 
Xian Zhu Xuande's Avatar
 
Join Date: Jul 2008
Quote:
Originally Posted by KnightWRX View Post
OpenDNS does not prevent this at all and OpenDNS has all sorts of other issues.
Yep. Every time I've tried to use it I've come across some kind of crazy problem or another, usually involving accessing certain types of content on the internet. I don't have much love for OpenDNS.
Xian Zhu Xuande is offline   0 Reply With Quote
Old Aug 12, 2011, 01:26 PM   #46
coolfactor
macrumors 68000
 
Join Date: Jul 2002
Location: Vancouver, BC CANADA
Quote:
Originally Posted by inkswamp View Post
The hosts file is not the only file in OS X that can be altered to yield malicious results. Apple would have to undertake an enormous amount of effort to protect every file that a given instance of malware can tamper with.

The problem, to me, seems to be traditional installers that do all kinds of things behind the user's back. I don't understand why Apple even supports installers anymore. Apple created a brilliant method of software installation with app bundles. Just drag and drop the app to your Applications folders and it's done. I'd always assumed that's where OS X was headed eventually and that installers were on their way out.
I agree. The App Store nulls the drag-and-drop installation that we've come to love, and I think many third-party developers have abused multi-step installers, maybe in an attempt to make the software installation process familiar to Windows converts.

Long live application bundles. There's no reason that an application can't install the necessary support files upon the first launch. That would make it self-repairing if those files were ever removed afterwards. No need for a separate installer.
coolfactor is offline   1 Reply With Quote
Old Aug 12, 2011, 01:31 PM   #47
BC2009
macrumors 68000
 
BC2009's Avatar
 
Join Date: Jul 2009
Quote:
Originally Posted by JAT View Post
Hmm, what are you thinking about today?
Today I am thinking it would be brilliant if Apple gave away free MacBook Airs with the purchase of an iPhone charging adapter. Let's see if I really focus on that if it comes true tomorrow.

Last edited by BC2009; Aug 12, 2011 at 01:52 PM.
BC2009 is offline   1 Reply With Quote
Old Aug 12, 2011, 01:37 PM   #48
JAT
macrumors 603
 
Join Date: Dec 2001
Location: Mpls, MN
Quote:
Originally Posted by BC2009 View Post
Today I am thinking it would be great if brilliant if Apple gave away free MacBook Airs with the purchase of an iPhone charging adapter. Let's see if I really focus on that if it comes true tomorrow.
I'll be honest. I could use another iPhone charging adapter.
__________________
-- Spiky
JAT is offline   1 Reply With Quote
Old Aug 12, 2011, 01:42 PM   #49
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by coolfactor View Post
Question is does Xprotect have the capability to undo damage done by this malware? Can it repair the hosts file?
It's just a text file. Open it with your favorite text editor and delete the unwanted entries.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   0 Reply With Quote
Old Aug 12, 2011, 01:42 PM   #50
Detlev
macrumors 6502a
 
Join Date: Sep 2003
Quote:
Originally Posted by MacRumors View Post
Search results on the fake Google pages actually lead to pop-up windows that load external content which was broken at the time of discovery
The detail in which these developers are going to mimic real software is simply striking.
Detlev is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 12:04 PM
Problem with some safari malware or trojan inscrewtable Mac Basics and Help 3 Oct 30, 2013 12:01 PM
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware MacRumors MacRumors.com News Discussion 66 Mar 26, 2013 09:22 AM
Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in MacRumors MacRumors.com News Discussion 40 Mar 9, 2013 05:46 PM
Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan MacRumors MacRumors.com News Discussion 94 Dec 26, 2012 03:39 PM

Forum Jump

All times are GMT -5. The time now is 04:47 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC