please, get a life.
Agreed.
Does anyone know who to scan for infection without having to buy anything?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Antivirus Firm Warns of New Mac OS X Spyware Application
- Thread starter MacRumors
- Start date
- Sort by reaction score
Agreed.
Does anyone know who to scan for infection without having to buy anything?
Anyone know the exact files and processes involved in this crap? I want to roll and pump out my own search-and-destroy solution for my enterprise.
There is a huge difference. Your computer CANNOT be infected with spyware or a trojan unless YOU installed it YOURSELF. YOU downloaded it, YOU clicked the installer, YOU input your admin password and YOU gave it permission to install itself and do whatever nasty stuff it was programmed to do.
Of course (as this article states) there is always some social engineering aspect, the program is hidden inside another installer, or it's disguised as the latest porn or warez or even as a program that purports to help.
A virus, on the other hand, sneaks in on its own, and there's nothing you can do to stop it. Much nastier, harder to detect, harder to get rid of once you've got one. I remember in 2001 working away on my Windows machine at work when the Nimda virus took down the entire corporate network. It marked a new chapter in computing for me because up until then, I had the same attitude when it came to viruses on PCs. "I never open suspicious looking email attachments", I said, "nor do I stick foreign floppies into my computer, nor run suspicious executables. Therefore, there is NO WAY that a virus could execute and attack my PC and therefore I am safe." And up until that point, it was true. Nimda, however, used some Windows background networking vulnerability. All you had to do was be connected to an infected network drive, and the virus invaded your PC. That's how it took down the entire company network in a matter of minutes.
Any person worth their salt knows that the Trojan Horse was gifted by Greeks to the Trojans, and not a gift from Trojans...
Conficker and it's variants were the same way. Spread through NetBios and various other exploits all without any user interaction. I can't believe these anti-OS X trolls really believe that a user installed trojan-in which no OS is vulnerable to (a user's supidity)-is akin to legitimate bonafied orchestrated virii like the Nimdas, Confickers and Blasters of the computing world, of which could spead by merely being connected to the internet.
Almost. It was a gift from the Greeks, to the Trojans. Hence the phrase "beware Greeks bearing gifts".
It's amazing how many people think that the Trojan horse was made by the Trojans, though...
Would it still be able to catch this since it sounds like it installs itself without the user knowing?
Is there any way to determine if you've installed the spyware without buying virusbarrier? List of suspect applications? Process names? A burning sensation when you pee?
It seems that most of the suspect installers emanate from one site:
http://7art-screensavers.com/
(click with care)
The site seems legit. I wonder if anyone's contacted the owner for a response?
Source:
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?olo=rss&NewsID=3225415
http://7art-screensavers.com/
(click with care)
The site seems legit. I wonder if anyone's contacted the owner for a response?
Source:
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?olo=rss&NewsID=3225415
Caution advised
Well, apparently this contains it:
http://7art-screensavers.com/secret_land_screensaver.shtml
Can't believe there is so much talk going on here there and everywhere without any hint or clue about what process does this stealthy bastard runs as... so we can run activity monitor to screen the computer without buying the a lousy barrier software for non-existent viruses.
What does Norton and McAfee got to say about this?
What does Norton and McAfee got to say about this?
K so it's not really a virus or spyware since it needs permission to be installed lol... How can someone be a spy if they ask their victim for permission? :\ beats me. so yeah this will probably be fixed anyway and as always no virus can get into an apple system without admin authorization
iAntivirus is free and gets decent reviews. If you use it DO NOT leave protect my mac on cause it makes the processor work really hard and is not necessary to me.
As far as this security risk goes I always better be safe than sorry. So I have AV on my Mac, but only run it once a month and never leave it on in the background or anything like that. Just like to be sure, I can never get people who say that they have no AV or whatever and dont have a Virus, I dont get how you would know.
I did catch an article on CNET where a ton of security experts plain out say OSX is more secure since its minority. Everyone of them to be exact. I tend to think what OSX is built on is a lot rougher to write a virus for and you would really have to drop the ball to get something malicious on there. My guess is if OSX was 90% marketshare there would obviously be a lot of malicious BS out there but far less than what Windows has. IMO anyway.
I expect more from the 10 millionth poster, come on man!
Do you want me to sugarcoat it, or do you want the reality of it? Targeted attacks make the OS irrelevant. A good hacker will get in.
I don't think OS X/Linux would have made a difference in the Google attacks.
signature for ClamXav to detect OSX/OpinionSpy
At present a search of the ClamAV Virus Database finds nothing relating to OpinionSpy. My understanding is that a signature for OSX/OpinionSpy is to be added very soon.
http://wiki.clamav.net/bin/view/Main/WebHome#Virus_Database may be of interest.
I have been using ClamXav Sentry 2.5.3 (154) with ClamXav 2.0.5 (223) on Snow Leopard for a few months, the combination is very stable.
Postscript
Thanks to whoever edited part of this post to correct
the mistake 'OSX/OnionSpy' that appeared where
we should have seen 'OSX/OpinionSpy'. AFAICT my mistake originated from http://isc.sans.edu/diary.html?storyid=8890 Google finds the mistake in many places.
At present a search of the ClamAV Virus Database finds nothing relating to OpinionSpy. My understanding is that a signature for OSX/OpinionSpy is to be added very soon.
http://wiki.clamav.net/bin/view/Main/WebHome#Virus_Database may be of interest.
I have been using ClamXav Sentry 2.5.3 (154) with ClamXav 2.0.5 (223) on Snow Leopard for a few months, the combination is very stable.
Postscript
Thanks to whoever edited part of this post to correct
the mistake 'OSX/OnionSpy' that appeared where
we should have seen 'OSX/OpinionSpy'. AFAICT my mistake originated from http://isc.sans.edu/diary.html?storyid=8890 Google finds the mistake in many places.
I don't run any antivirus and I don't have a virus.
Ok what can I get on a fully patched 10.6.3 installaton.
Additional Info:
I don't pirate warez.
I don't download screen savers.
I don't give my Admin credentials to any application that asks for it and I do daily tasks in a standard user account.
My firewall rules are well defined.
I don't have any unidentifiable processes floating in the background.
A Windows thing? Hardly. Even Screen savers on Windows 7 are disabled by default. Screen savers are more of a "Ooo pretty colors" type of thing now-a-days. The only reason it still exists on modern OS's is because it adds to the overall UI experience for some people.
Using Windows, including Vista and Seven, without Antivirus definitely is NOT a good idea.
My two cents
Thats all true. But for practical purposes its not a good idea playing down non-viruses for the possible need for user interaction. It doesnt make that big of a difference because fooling people is easy. And some people just do click on every link
. Im not trying to promote any doomsday scenarios because theres just no real outbreak. Im just saying that many Mac users should take all sorts of malware much more seriously.
Just being pedantic - but your Mac can be infected with spyware without running an installer or entering your admin password.
And there have been Safari vulnerabilities in the past that enabled auto downloading & running of executables, it's possible there still might be.