So I come home this evening to a little bit of a surprise. My Hard Drive name has somehow been changed. Now I wouldn't normally think anything of this but the name of the hard drive was changed to the this symbol "=]- " Which to me is basically a smiley face. Now i think it would be pretty difficult for me to accidentally change the name of my disk to this symbol. Now immediately after noticing this change I quickly thought of the recent mac remote desktop trojan, which was recently announced. After checking my osx version i realized that I missed several updates including a security update. Do you think my machine was exploited or am i nuts? i think im gonna wipe my hard drive tonight cuz an exploit like this is pretty disconcerting.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
was my mac hacked?
- Thread starter simplenation
- Start date
- Sort by reaction score
Does anyone else have access to the machine? I doubt it was "hacked." If you installed a trojan you would know, since it would require you to enter your admin password to install it. Have you installed anything recently that you wern't %100 cetain was a legit application? Im thinking someone is playing a joke on you. Check your logs and see what kind of activity there was while you were gone.
do you have a cat, a young family member or have anything that could of rested on your keyboard? as its pretty easy to type "=]-" as its just the press of three keys near each other.
thanks for the response. well whats strange about that is that the machine has been home all day with noone home... except for my sister.. who well couldnt have done it.. i dunno.. I have installed several applications that are less than legal .. which i downloaded from limewire.. apps.. etc. now i dunno but I haven't had any other problems. Btw. . My girl friend is sitting here and thinks i'm just being paranoid.
Not true, not with the trojan he's talking about. That was why it was actually worth mentioning as a valid threat.
Good catch, but the cat/child, etc... would have had to select Macintosh HD first. Although I spose the OP could have left the icon selected. Heck my cat has sent my friend IMs before
Yea thats exactly what im worried about.. now do i need to have the rdp client on my computer ?? or is that something thats just built into osx. btw.. no cat or children here.
And a quote from that article states that "Like any Trojan horse, AppleScript.THT does not spread on its own but relies on user actions, such as downloading and launching, to infect a machine."
The article also says that "[It] allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging,"
So unless you install software without looking at what it is I doubt that you have this trojan.
Sounds like a dangerous hacker attack to me. Apparently someone clicked on the name of your hard drive, then typed in =)-. Might have been your cat. Might have been your girlfriend. Might have been your own clumsy fingers.
Now think about it: A "trojan" is software that _you_ must download from the internet yourself, and then _you_ must start it yourself. And you'll be told by your Mac first that you are downloading a program, and then you are told that you are starting a program that was just downloaded, and the Mac tells you what website it comes from and asks you if you really want to start it. A trojan can't sneak up on you and bite you in the arse, it needs _your_ help and complete loss of your judgement in order to run.
And think about it again: If I was a hacker, and I was capable of infecting your Mac with a virus, and I was up to no good, do you really think I would create a virus that changes your hard drive name so that you figure out something is wrong? Nonsense. If I was an evil hacker and could hack into your computer, I would either cause _real_ damage and destroy all files on your hard drive, or (more likely) I would install some software that sends all your credit card numbers to a server where I can pick them up. And I would make sure that this leaves no traces.
Ok well I know that its not some "hacker" .. im just thinking that someone .. a kid.. a neighbor .. someone might be messing with me which just bothers me a little.
That's completely wrong. It is an application that you need to download and then run. Once you download and run any application, it can do lots of damage without using any clever hacker tricks - it can easily delete all files in your home directory without any chance for you to recover them if you have no backup. This one also managed to get access to the operating system, which is slightly worse, but still only if you downloaded it and ran it, completely ignoring two safety warnings from your Mac.
And five minutes after you wiped your hard drive and reinstall MacOS X your neighbour's kid knocks on the door and asks "did you like the smiley that I put on your computer?"
And five minutes after you wiped your hard drive and reinstall MacOS X your neighbour's kid knocks on the door and asks "did you like the smiley that I put on your computer?"
That would suck....
... and the OP has said that they have installed 'less than legal downloaded software' , which means that is entirely possible they could have downloaded and run an application thinking it was something else.
just wanted to thank everyone for the comments.. i decided to just go ahead and be safe.. gonna wipe it clean today and patch the machine before installing any additional apps. I may also be purchasing a few of those apps this time around
Good call, but also ask your sister if she or perhaps her friends have typed a smily face on your computer.
All you have to do it press enter and press those 3 keys. Since they are all really close together it wouldn't surprise me if you did it by accident by simply leaning on the keyboard. My kids sometimes lean on my keyboard when they are not paying attention and I find quite a few icons have been changed.
Yes, that wasn't my point. My point was this one doesn't need your admin password. The post I replied to stated that you would've needed to enter your admin password to install a Trojan, which isn't true.
HD renamed
this also happened to me, which prompted me to look for answers, my hd was renamed from mac hd to numbers and letters also some files where moved around and renamed, does anybody know what could cause this? I'm gonna take human error out of the equation ,we my wife and I are both
working people and have no kids messing with our computer, we just want to make sure someone isn't trying to get personal information.
this also happened to me, which prompted me to look for answers, my hd was renamed from mac hd to numbers and letters also some files where moved around and renamed, does anybody know what could cause this? I'm gonna take human error out of the equation ,we my wife and I are both
working people and have no kids messing with our computer, we just want to make sure someone isn't trying to get personal information.