Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What a weird coincidence that this "firm" releases info about this supposedly spyware program after Google announces they are ditching windows internally.

Good point. We should probably expect a lot of this corporate-sponsored nonsense about how Windows is just as secure as OS X in the fext few days and weeks. Lies, of course, but that's how the game is played.
 
Good point. We should probably expect a lot of this corporate-sponsored nonsense about how Windows is just as secure as OS X in the fext few days and weeks. Lies, of course, but that's how the game is played.

Oh, yeah, and the "Windows 7 is so much better", don't forget that!
 
I could b e wrong....

I could be wrong, but the way I read this, you have to install the software yourself and type in your password to make this effective. I do not believe that it comes as part of software you get via MacUpdate, with the possible exception of some obscured software.

As the arcicle reads the additinal software is downloaded when you download the legitimate package, which means to me that either MacUpdate is responsible for the malware since they allow it to be sent to us or the issue is with the developer responsible for the software package that gets downloaded to my system.

Even withthe auto download, it sounds like you have to accept installing the foreight package and type your password to install.

Anyone can write a script that causes damages, however you have to download it, decide to install it, then you need to also execute it before it bites you in the butt.

This is probably a concern for those auto-clickers that click yes to anything without even reading. I do not believe most OSX users will need worry about it.

Those that provide the downloads like MacUpdate and others will need to worry about it or they may see their butget eaten by legal fees.
 
I know what Netstat do. I'm talking about the way to detecting it by running this netstat -an -f inet | fgrep 8254

Does this trojan uses the port 8254 only?

The spanish guy said in the comment, if netstat -an -f inet | fgrep 8254 does not return anything you are CLEAN. If it returns tcp4 0 0 *.8254 *. you got it.

Any comments on this here?

o sorry:D i tried to put that command in and it said command not found so either im doing something wrong, im in the clear or that command wont work so idk

edit: got the command to work and nothing came up so im good woooooo!
 
Was a good ride while it lasted.
Hate to break it to ya, but there's been a dozen posts like this one every single time something which even vaguely resembles a security threat has come along for OS X. And that trend is going to continue.
 
Oh, yeah, and the "Windows 7 is so much better", don't forget that!

Assuming Windows 7 and OS X are roughly equal in terms of security (I'm assuming here) but Windows has a much larger target on its back along with a far bigger catalog of malware, I'll go ahead and stick with OS X for the time being, for my main OS.
 
Where are all the people on this forum that for years proclaimed that Mac OS was virus/spyware free and there would NEVER be viruses/spyware due to OSX being built on Linux.

OS X is built on FreeBSD with a Mach-kernel. Linux is no part of it. At all.
 
Just for the sake of clarity it was a joke:

Google adopts Mac OS X -> Mac OS X becomes 'Mainstream' -> More Mac OS X viruses

Not at all. We all know that one of those developers decided to spend their 20% "me time" writing this thing. Apple should sue.
 
List of affected Apps from Macnn.

MishInc FLV To Mp3
• Secret Land ScreenSaver v.2.8 • Color Therapy Clock ScreenSaver v.2.8 • 7art Foliage Clock ScreenSaver v.2.8 • Nature Harmony Clock ScreenSaver v.2.8 • Fiesta Clock ScreenSaver v.2.8 • Fractal Sun Clock ScreenSaver v.2.8 • Full Moon Clock ScreenSaver v.2.8 • Sky Flight Clock ScreenSaver v.2.8 • Sunny Bubbles Clock ScreenSaver v.2.9 • Everlasting Flowering Clock ScreenSaver v.2.8 • Magic Forest Clock ScreenSaver v.2.8 • Freezelight Clock ScreenSaver v.2.9 • Precious Stone Clock ScreenSaver v.2.8 • Silver Snow Clock ScreenSaver v.2.8 • Water Color Clock ScreenSaver v.2.8 • Love Dance Clock ScreenSaver v.2.8 • Galaxy Rhythm Clock ScreenSaver v.2.8 • 7art Eternal Love Clock ScreenSaver v.2.8 • Fire Element Clock ScreenSaver v.2.8 • Water Element Clock ScreenSaver v.2.8 • Emerald Clock ScreenSaver v.2.8 • Radiating Clock ScreenSaver v.2.8 • Rocket Clock ScreenSaver v.2.8 • Serenity Clock ScreenSaver v.2.8 • Gravity Free Clock ScreenSaver v.2.8 • Crystal Clock ScreenSaver v.2.6 • One World Clock ScreenSaver v.2.8 • Sky Watch ScreenSaver v.2.8 • Lighthouse Clock ScreenSaver v.2.8
 
I agree, but somebody else made a point here earlier: Why don't they go after the loads of Linux servers out there, too? I bet if you can successfully hack into a server you get the data from everyone sending their banking credentials through there.

There's a big difference (in the results) of hacking servers vs. personal computers. If you attack a server, you're likely either trying to tick off a company and shut it down for a few hours or you're actively trying to steal massive amounts of data...whether it's trade secrets or credit card numbers. Also, to address your Linux question....I'm sure people are attacking Linux every day of the week...but for all the promotion of Linux being in the enterprise, it's not always serving up cool data that some hacker may want. I'm certainly not saying Linux is 2nd fiddle to Windows or Unix on a technical level, but from a business standpoint, Linux is rarely the critical system in an IT department's array of systems. I said rarely.

For personal computers, usually viruses are out there to erase your data. Spyware and Malware, on the other hand, are out there to steal your personal data and/or attempt to trick you to purchase a tool to supposedly fix the infestation. Sometimes the malware/spyware is just there to open popups and click on links so the author will get a nickel for every click. Some install keystroke loggers. I would much rather get a virus than malware/spyware.

So folks need to be clear about what kind of security threat they are talking about...spyware? virus? malware? DOS attack? etc.

I would have to guesstimate that since 2005, 90% of "virus reports" by PC end users are really Malware or Spyware. I know lots of people who have gotten malware or spyware...however, in the past 10+ years, I know of nobody who has truly gotten a "virus".
 
Well, it's time for all the self-proclaimed tech-savies out there to start bashing Mac OS X for no longer being virus-safe :rolleyes:

I'll just go ahead and install all the AV-software for the Mac out there, and hope it'll prevent me from being stupid....
 
List of affected Apps from Macnn.

MishInc FLV To Mp3
• Secret Land ScreenSaver v.2.8 • Color Therapy Clock ScreenSaver v.2.8 • 7art Foliage Clock ScreenSaver v.2.8 • Nature Harmony Clock ScreenSaver v.2.8 • Fiesta Clock ScreenSaver v.2.8 • Fractal Sun Clock ScreenSaver v.2.8 • Full Moon Clock ScreenSaver v.2.8 • Sky Flight Clock ScreenSaver v.2.8 • Sunny Bubbles Clock ScreenSaver v.2.9 • Everlasting Flowering Clock ScreenSaver v.2.8 • Magic Forest Clock ScreenSaver v.2.8 • Freezelight Clock ScreenSaver v.2.9 • Precious Stone Clock ScreenSaver v.2.8 • Silver Snow Clock ScreenSaver v.2.8 • Water Color Clock ScreenSaver v.2.8 • Love Dance Clock ScreenSaver v.2.8 • Galaxy Rhythm Clock ScreenSaver v.2.8 • 7art Eternal Love Clock ScreenSaver v.2.8 • Fire Element Clock ScreenSaver v.2.8 • Water Element Clock ScreenSaver v.2.8 • Emerald Clock ScreenSaver v.2.8 • Radiating Clock ScreenSaver v.2.8 • Rocket Clock ScreenSaver v.2.8 • Serenity Clock ScreenSaver v.2.8 • Gravity Free Clock ScreenSaver v.2.8 • Crystal Clock ScreenSaver v.2.6 • One World Clock ScreenSaver v.2.8 • Sky Watch ScreenSaver v.2.8 • Lighthouse Clock ScreenSaver v.2.8

Bottom line: if you see the words "Clock" and "ScreenSaver" less than one meter apart, RUN!!!
 
Let's see if I can find an example.. aha! The Trojan Horse! A gift from the Trojans, but in reality the horse was full of soldiers.
Except that it was the other way around, it was not a gift from the Trojans, it was gift given to the Trojans.
 
It seems that all but the FLV to MP3 program comes from the same company, called: 7art-screensavers
 
I know... but the 'fgrep' sounds creepy. Isn't that kind of "Search and replace/regular expressions" kinda stuff?

No, that would be sed. Ever heard of man ?

NAME
grep, egrep, fgrep - search a file for a pattern

Wow, what a dangerous command. I meant, searching a file for a pattern. Real trouble right there.

And before you ask, fgrep is simply grep -F. What -F does is an exercise left up to the reader.

I am also tempted to give that a try... :confused:

Can anyone else confirm this isn't a trap?

*sigh*

Seriously guys :

netstat - network statistics
-an - -a displays "all connections", -n is to prevent ressource resolution and just display numerical adresses/ports
-f inet - display only inet family. This would be TCP/UDP/IP connections.

| - The pipe symbol. Send whatever the netstat command writes to standard out to the next command on its standard in.

fgrep - search a file for a pattern (or in the case, search input on stdin for a pattern)
pattern - the pattern to look for.

The man command. Use it.
 
It's basically adware

I read up on this here:

http://blog.intego.com/2010/06/01/p...lications-that-install-osxopinionspy-spyware/

and here

http://www.premieropinion.com/About.aspx

Looks like this is a version of adware, which was once pervasive in Windows shareware (not sure if it still is - I don't download Windows software). It's a "sort-of" spyware, but that's unknown since we're unsure exactly what data they collect. But they're clear they do collect detailed web browsing habits - their privacy page makes that obvious. They claim the info isn't shared, and is only used in aggregate. Who knows.

Basically the PremierOpinion people pay shareware authors to include their software in their downloads. So the authors get their money from them instead of from you. In exchange, the PremierOpinion software sends some personal info to them, which they collect and then do something with. What they collect and what they do with that info isn't clear from their web site.

There are only two companies' products listed in the Intego blog post - one that makes a bunch of screensavers, and one that makes an audio converter. That's it. The developers of these apps are responsible for creating the relationship between them and PremierOpinion, and thus putting this in the hands of the users.

I haven't installed the software (nor will I) but it does NOT appear to be a virus or trojan of any type. It's a twist on adware. (Adware also collected your private info in addition to filling your screen with crappy ads.) There's a business behind it, of at least some level of legitimacy. In other words - someone who is responsible for this. They shouldn't exist, but they do.

In my opinion the software vendors are the ones to blame here, for agreeing to pollute their software with this crap. They should be embarrassed. Hopefully these two unknown companies are the only ones doing this, and it ends here.

Intego should also be held accountable for labeling this as something it isn't, and using it to their own marketing advantage.
 
No, that would be sed. Ever heard of man ?

NAME
grep, egrep, fgrep - search a file for a pattern

Wow, what a dangerous command. I meant, searching a file for a pattern. Real trouble right there.

And before you ask, fgrep is simply grep -F. What -F does is an exercise left up to the reader.

Thank you! I'm not a command-line guy, you know :) Yeah I heard of man back in school... the first example was (drumroll...) "man man"

EDIT: And sorry for starting the 'panic'... I wasn't that worried
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.