Anyone have a Mac get hacked?

[Tom Light]

As a reformed Wintel server admin, I was curious how many Mac users have *ever* had their boxes get compromised by a worm, virus, etc...

I patch my Mac desktops and servers like a good boy, but how much danger is there really out there?

Any horror stories to share?

Tom

 

[gwuMACaddict]

nope. never. although... it is fun to get your friend's passwords and IP address and have a little ssh fun with the terminal once in a while...

 

[revenuee]

Re: Anyone have a Mac get hacked?

Originally posted by Tom Light
As a reformed Wintel server admin, I was curious how many Mac users have *ever* had their boxes get compromised by a worm, virus, etc...

I patch my Mac desktops and servers like a good boy, but how much danger is there really out there?

Any horror stories to share?

Tom

LOL .... half the people here probably don't even own Anti-Virus software

Umm the only real threat that i've heard of are the Macro Viruses that exist in Microsoft Office Products.

I've received tons of Emails that my friends told me not to open because it's a virus, and i've done just for fun to see what would happen - after a backed up everything off-course - and i just got a "does Not recognize file" response

This was under OS 9 mind you... OS X is FreeBSD based so it could be different.

www.securemac.com as you probably already know yourself has all the latest info on mac security issues

 

[Counterfit]

I've been using Apple computers since I was 4 or 5, (about 1989 or so when we got our Apple IIgs). I have NEVER had a virus worm or anything else. Unless there were some that my brother didn't tell me about. But I can say with absolute certainty that I haven't experienced a virus since at least 1998.

 

[Counterfit]

Originally posted by gwuMACaddict
nope. never. although... it is fun to get your friend's passwords and IP address and have a little ssh fun with the terminal once in a while...

Hell yeah it is! I love ssh

 

[bousozoku]

After 10 years, I've never had anything like that happen. I don't even have anti-virus software for Mac OS X. I imagine that I'll need it at some point, but that time is not now.

I just check to see that the firewall is properly configured and running.

 

[Rower_CPU]

Heh, after a Win2K server getting "t@gged" here at work yesterday this is a relevant topic for me.

We had one Mac server get used as an open SMTP relay for a bit. That's all.

PC/Linux servers have had several large compromises:
PCs: tagged twice
Linux: open FTP relay

Not to mention the lovely Blaster and Nachi outbreak in August all over campus.

 

[mklos]

Someone please correct me if I'm wrong...but as far as I know there are NO...yes ZERO Mac OS X viruses/worms/trojan horses.

I have Norton Anti-Virus for Mac OS X and I rarely ever use it. I never remember to update my virus definitions which isn't a problem because the file size of the definitions never changes which tells me that they are never changed except for just changing the definitions date.

I'm telling PC people all the time that the Mac is the way to go. They are less prone to viruses, rarely break down, easy to use, and easy to use peripherals with them. So while they may seem expensive at first, they will more than pay for themselves in a long run.

 

[Dippo]

I gotten my Windows XP machine hacked a couple of weeks ago, if that makes anyone feel any better.

They uploaded a virus and were try to conduct DoS attacks

 

[Java]

Originally posted by mklos
Someone please correct me if I'm wrong...but as far as I know there are NO...yes ZERO Mac OS X viruses/worms/trojan horses.

I consider Microsoft Office vX a virus. But that is just my opinion.

I had someone steal my static IP address once, but I am not sure if that was computer specific.

 

[revenuee]

Originally posted by Java
I consider Microsoft Office vX a virus. But that is just my opinion.

I had someone steal my static IP address once, but I am not sure if that was computer specific.

Static IP address is not that big of a deal ... unless you've got all your ports open and have not set up an sort of firewall or password

 

[cb911]

how easy would it be for someone to get access to your Mac? like via SSH?

from some of the strange behavior i've been experiencing with the Finder i'm beginning to think that someone might be messing around with me...

also a couple of weeks ago, my little brother had a friend over and he bought his PC and tried to hack my Mac. and he was also connected from inside our router/firewall. but he said he couldn't get in or anything...

 

[Makosuke]

I've used OSX hooked to broadband at home since the day of its release, without special security precautions (I didn't even have the firewall on until recently, and I own no antivirus software) and I've never had anything untoward happen.

I also administer about a dozen Macs on a campus network, also without antivirus software (but, in the case of the OSX machines, with the firewall on), and they've also never been victim to any funnybusiness.

I did, once, see a client's copy of Microsoft Word infected by a Macro virus, though. It did no damage (couldn't on the Mac), but it did infect all his outgoing Word documents. That was about three years ago.

I see virus infected PCs all the time, on the other hand, and am happy to charge people plenty of money to purge them.

 

[leet1]

Originally posted by mklos
Someone please correct me if I'm wrong...but as far as I know there are NO...yes ZERO Mac OS X viruses/worms/trojan horses.

There are a few.

 

[Rower_CPU]

Originally posted by leet1
There are a few.

For OS X? Linkage.

[edit - According to http://www.sarc.com, there are no OS X specific viruses/trojans/worms. In fact, the only mention of "OS X" in their database is related to a kadmind buffer overflow issue that affected all *nixes, saying that OS X wasn't affected since they weren't using the daemon.

So much for that one.]

 

[revenuee]

Originally posted by cb911
how easy would it be for someone to get access to your Mac? like via SSH?

from some of the strange behavior i've been experiencing with the Finder i'm beginning to think that someone might be messing around with me...

also a couple of weeks ago, my little brother had a friend over and he bought his PC and tried to hack my Mac. and he was also connected from inside our router/firewall. but he said he couldn't get in or anything...

Assuming the ssh port is open, relatively easy, - it would be like opening the screen door to your house
However you still need to login - if you have a user account on your computer that does not require a password, thats like leaving your front door unlocked.

If you don't open the SSH port then it's like trying to break into your house through a brick wall...

If your worried... use the network utility to run a PORT SCAN on LOCALHOST (127.0.0.1 - as you already know), and see what ports are open, then just go in and close them off ... i think 1033 and like 634 are open, but they are no know security issues associated with them that i have found yet...

 

[cb911]

aren't there also keystroke loggers and other things that could cause weird behavior?

as for linkage...http://undergroundmac.com/viruses.html. that's not too hard to find, i'm sure alot of people have seen that site already. but they're just scripts.

there's also this:http://freaky.staticusers.net/internet.shtml. lots of hacking stuff there & also some more stuff that could mess with your compy.

http://freaky.staticusers.net/virus.shtml - apparently these are all live virus'. use at your own risk.

http://freaky.staticusers.net/macintosh.shtml - even more goodies. keystroke loggers and password crackers. oh woe is me.

so lets say someone is fully into all that kind of stuff. how easy is it for them to access Panther and do nasty stuff?

 

[leet1]

Originally posted by Rower_CPU
For OS X? Linkage.

[edit - According to http://www.sarc.com, there are no OS X specific viruses/trojans/worms. In fact, the only mention of "OS X" in their database is related to a kadmind buffer overflow issue that affected all *nixes, saying that OS X wasn't affected since they weren't using the daemon.

So much for that one.]

Yup, just classic, had heard someone say that on here.

 

[Rower_CPU]

Originally posted by leet1
Yup, just classic, had heard someone say that on here.

So why did you say there were a few for OS X?

 

[leet1]

Originally posted by Rower_CPU
So why did you say there were a few for OS X?

Thought thats what they were talking about, but then saw the link

 

[revenuee]

Originally posted by cb911
aren't there also keystroke loggers and other things that could cause weird behavior?

as for linkage...http://undergroundmac.com/viruses.html. that's not too hard to find, i'm sure alot of people have seen that site already. but they're just scripts.

there's also this:http://freaky.staticusers.net/internet.shtml. lots of hacking stuff there & also some more stuff that could mess with your compy.

http://freaky.staticusers.net/virus.shtml - apparently these are all live virus'. use at your own risk.

http://freaky.staticusers.net/macintosh.shtml - even more goodies. keystroke loggers and password crackers. oh woe is me.

so lets say someone is fully into all that kind of stuff. how easy is it for them to access Panther and do nasty stuff?

They are primary stuff that affected OS 9

plus a key logger is useless if he can't get back into your computer to retrieve that logged file IE through an open port, Assuming he lied to you, and did get your password file, and he cracked it to get at your passwords, he still can't get in their is no ports are open

assuming he has a trojan installed, that trojan needs to open a port, in order for someone to get in, if you run a PORT SCAN you will know what port is open...

Now, as far as damage, well it's like any other system, the majority of major tasks need to be done from the root user account

Have you set this up? if you have, and have no real use for it, shut it down, and now he has no real way of damaging your system .... but first and foremost, close the ports, and end the problem

 

[cb911]

yeah i'm not too worried about all of those 'virus' and stuff you can find on the net.

i just ran a port scan... i'm not going to say what ports i have open, but what is netbios-ssn? also some other descriptions it put to ports: ipp, netinfo-local, daap (which is used for iTunes sharing, right?) and newoak. so what do all of those mean? anything there that looks out of place?

also, Apple wouldn't use a vulnerable port for a service would they? for example the iTunes sharing port has no vulnerabliities, right?

 

[caveman_uk]

netbios-ssn - something to do with windows file sharing???
ipp - printer sharing (port 631)
netinfo-local - netinfo is the central database of mac os x though it isn't used for everything
daap - itunes

All ports >1024 are equally 'vulnerable' - it just depends how vulnerable what's listening is.
IIRC the ports <1024 are special. Something to do with priviledges...

 

[bousozoku]

Originally posted by cb911
yeah i'm not too worried about all of those 'virus' and stuff you can find on the net.

i just ran a port scan... i'm not going to say what ports i have open, but what is netbios-ssn? also some other descriptions it put to ports: ipp, netinfo-local, daap (which is used for iTunes sharing, right?) and newoak. so what do all of those mean? anything there that looks out of place?

also, Apple wouldn't use a vulnerable port for a service would they? for example the iTunes sharing port has no vulnerabliities, right?

netbios has to do with DOS/Windows networking. Remote logins default to 22 for ssh and 23 for telnet. iTunes is 3689. The Sharing preferences show these, as well as the Services within Netinfo Manager.

Generally, anything up through 1024 is a system port and from there through 65536 is an application port.

 

[revenuee]

Originally posted by cb911
yeah i'm not too worried about all of those 'virus' and stuff you can find on the net.

i just ran a port scan... i'm not going to say what ports i have open, but what is netbios-ssn? also some other descriptions it put to ports: ipp, netinfo-local, daap (which is used for iTunes sharing, right?) and newoak. so what do all of those mean? anything there that looks out of place?

also, Apple wouldn't use a vulnerable port for a service would they? for example the iTunes sharing port has no vulnerabliities, right?

not off the top of my head... but this is what you wanna do

open the terminal

and type in "telnet"

when you see this

"telnet>"

type open 127.0.0.1 "port" ie open 127.0.0.1 34 (port is the port number you want to access)

so the full line would be

telnet>open 127.0.0.1 [port]

then see what happens, if it opens the port ... type, either "man" "help" or "?" to see if it recognizes commands

or try things like "login" and see what happens?

or "Helo" and see if it responds.