Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 17, 2013, 10:33 AM   #51
mcrawley
macrumors newbie
 
Join Date: Oct 2011
Notice where the the malware was found?

Notice where the the malware was found? A human rights conference. Strikes me as a possible indication of state-sponsored. Not an encouraging sign.

I really don't want to see the entry of state-sponsored malware into the Mac world any more than it already may be.
mcrawley is offline   0 Reply With Quote
Old May 17, 2013, 10:36 AM   #52
ALange
macrumors member
 
Join Date: Apr 2013
Location: Poland
Quote:
Originally Posted by name99 View Post
The more interesting question is can the credit card (used to pay the $99) be linked to a real human being who can then be arrested?

- In the US I would assume the answer is yes.

- If he's in India I assume the answer is also yes (presumably India has no interest in hurting its reputation for SW).

- If he's in Pakistan (or wherever else Bollywood fans might hang out) WTF knows? You may get a name but so what, if there is no extradition treaty, or if the foreign government is not interested in co-operating.
remember that cc can be stolen, and then used to buy apple account
ALange is offline   0 Reply With Quote
Old May 17, 2013, 12:55 PM   #53
SmileyBlast!
macrumors 6502a
 
SmileyBlast!'s Avatar
 
Join Date: Mar 2011
Quote:
Originally Posted by Zaren View Post
Domain Name:SECURITYTABLE.ORG
Created On:04-Mar-2013 06:58:36 UTC
Last Updated On:16-May-2013 16:02:07 UTC
Expiration Date:04-Mar-2014 06:58:36 UTC
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant IDI_26714386
Registrant Name:Christopher
Registrant Organization:N/A
Registrant Street1E-10387
Registrant Street2:Nairobi
Registrant Street3:
Registrant City:Nairobi
Registrant State/Province:Central
Registrant Postal Code:50563
Registrant Country:KE
Registrant Phone:+254.204973957
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:n.christopher@mail.ru


Domain NameOCSFORUM.INFO
Created On:04-Mar-2013 05:10:28 UTC
Last Updated On:16-May-2013 16:03:02 UTC
Expiration Date:04-Mar-2014 05:10:28 UTC
Sponsoring Registrar:PDR Ltd. dba PublicDomainRegistry.com (R159-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Registrant IDI_26714386
Registrant Name:Christopher
Registrant Organization:N/A
Registrant Street1E-10387
Registrant Street2:Nairobi
Registrant Street3:
Registrant City:Nairobi
Registrant State/Province:Central
Registrant Postal Code:50563
Registrant Country:KE
Registrant Phone:+254.204973957
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:n.christopher@mail.ru

Same registrant for both servers, both created less than two weeks ago, both servers appear to be dead in the water. Good to see some people on the case here.
What's up with the Russians and all the hacking?
SmileyBlast! is offline   0 Reply With Quote
Old May 17, 2013, 02:45 PM   #54
adamtore
macrumors member
 
Join Date: Sep 2011
Location: Sweden
Quote:
Originally Posted by subsonix View Post
Funny, the Windows platform has orders of magnitude more malware, the few (lame) sporadic incidents reported on the Mac platform is not even a blip on the radar in comparison.
Exacly. Just like any other mac software. Its always behind the windows unless made by apple.
adamtore is offline   0 Reply With Quote
Old May 17, 2013, 02:51 PM   #55
splitpea
macrumors 6502a
 
Join Date: Oct 2009
Location: Among the starlings
So is this thing somehow a drive-by install, or how is it getting onto people's machines?
__________________
What's the point of a sig showing the system I owned in 2006?
splitpea is offline   0 Reply With Quote
Old May 18, 2013, 02:20 PM   #56
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by splitpea View Post
So is this thing somehow a drive-by install, or how is it getting onto people's machines?
Apparently, the distribution method is emails that rely on social engineering to trick users into installing the software.

http://www.zdnet.com/lame-mac-malwar...ng-7000015541/

Last edited by munkery; May 18, 2013 at 02:26 PM.
munkery is offline   0 Reply With Quote
Old May 19, 2013, 08:33 AM   #57
Tech198
macrumors 601
 
Join Date: Mar 2011
Location: Australia, Perth
I'm beginning not to read these articles in full anymore, as people know what to do by not getting them in the first place "or should know"

Trouble is, people never listen or learn. ..even with "education" since this is not always the answer.

I'm in I.T, but i've given up helping people till they learn and understand this themselves....

How else are they gonna learn ? Force it on them, and you'd be surprised how quickly it works.
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."
Tech198 is online now   0 Reply With Quote
Old May 19, 2013, 09:00 AM   #58
subsonix
macrumors 68030
 
Join Date: Feb 2008
Quote:
Originally Posted by Tech198 View Post
I'm beginning not to read these articles in full anymore, as people know what to do by not getting them in the first place "or should know"

Trouble is, people never listen or learn. ..even with "education" since this is not always the answer.
In this case it was found on the computer of a human rights activist participating in a conference (check the link). If I can speculate, I would say that It's pretty likely that it was targeted at that single individual or a special group, not something that is spread randomly.

Quote:
The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This year's conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activist's Mac.
subsonix is online now   0 Reply With Quote
Old May 19, 2013, 03:06 PM   #59
the Rebel
macrumors newbie
 
Join Date: Feb 2005
Quote:
Originally Posted by MacRumors View Post
New Mac spyware was discovered earlier this week on a computer
What makes this program "spyware" rather than just a rudimentary monitoring program?

Quote:
Originally Posted by MacRumors View Post
The malware is a backdoor application called "macs.app,"
In what way is it a "backdoor application" when nothing about it even seems to be hidden?

Quote:
Originally Posted by MacRumors View Post
which launches automatically upon login
Launching a program automatically at login is a function of OS X. Many non-spyware programs make use of it.

Quote:
Originally Posted by MacRumors View Post
captures screenshots that it then sends to a MacApp folder in the user's home directory.
That is not very covert.

Quote:
Originally Posted by MacRumors View Post
Two command-and-control servers, located at securitytable.org and docsforum.info, are associated with the malware, but one does not function and the other gives a "public access forbidden" message.
Since the generically named application does not hide itself and does not even send the screenshots to the remote servers, it really sounds like it is just a beta program under development. It could be a precursor for malicious spyware or a precursor for a legitimate commercial app for employers/parents wanting to monitor computer usage.
the Rebel is offline   0 Reply With Quote
Old May 21, 2013, 07:45 AM   #60
msephton
macrumors member
 
Join Date: Jan 2004
Location: St Ives, Cornwall & London, UK
Quote:
Originally Posted by B2k1977 View Post
I like the gatekeeper. I usually leave it set to be as restrictive as possible, and when I need to install something, I open the control panel and change the setting, then change it back afterwards.
I keep it on all the time, and if I need to make an exception I right click the app and choose Open from the context menu - this makes Gate Keeper give you different options for running the app.
msephton is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Bitcoin-Stealing Mac OS X Trojan Discovered MacRumors Mac Blog Discussion 34 Feb 19, 2014 12:50 PM
How to install Mac OS X on a newly installed HD Ramtink OS X 7 Nov 21, 2012 11:04 AM
ONDESOFT RELEASES NEW W3Capture FOR MAC CAPTURES WEBPAGES AS PDF FILES, EXACTLY AS ondesoft Mac Applications and Mac App Store 0 Sep 29, 2012 12:52 AM
Newly-Discovered Java 7 Security Vulnerability Poses Risks to Macs MacRumors MacRumors.com News Discussion 149 Aug 30, 2012 03:16 PM
New Mac OS X backdoor discovered borcanm OS X 5 Jul 4, 2012 06:19 PM

Forum Jump

All times are GMT -5. The time now is 10:00 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC