still More reason to vigilant as Osx becomes more popular.
http://thehackernews.com/2011/09/mac-trojan-poses-as-pdf-to-open-botnet.html
http://thehackernews.com/2011/09/mac-trojan-poses-as-pdf-to-open-botnet.html
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac Trojan Poses as PDF to open botnet backdoor
- Thread starter MacFever
- Start date
- Sort by reaction score
- Status
Good find. I tipped the MR blog, gave you credit.
There are trojans out there, but OS X and Linux are still much more secure than Windows. Windows should require an admin password to modify anything in the filesystem.
There are trojans out there, but OS X and Linux are still much more secure than Windows. Windows should require an admin password to modify anything in the filesystem.
cheers.
yep..also one could say this is Adobe's bug but since PDF reading is built straight into the OSX "preview" app....it's now also an Apple's security issue.
most browsers will open a PDF automatically too..but the installation part of the trojan will probably still prompt for user credentials to get further.
yep..also one could say this is Adobe's bug but since PDF reading is built straight into the OSX "preview" app....it's now also an Apple's security issue.
most browsers will open a PDF automatically too..but the installation part of the trojan will probably still prompt for user credentials to get further.
It's not a problem with Preview. It's not a PDF at all; it's just a trojan (an .app, probably) that disguises itself as a PDF.
And it's already been added to the OS X Quarantine filter, so OS X will prompt you to delete it if you download it.
And it's already been added to the OS X Quarantine filter, so OS X will prompt you to delete it if you download it.
Shame on Adobe for allowing executable content in a pdf file. It's supposed to be a document format. Shame on Apple if Preview would have allowed infected PDF files to install malware. I don't use Adobe Reader. I have it installed but only use it when a Windows user sends me a pdf with some fonts or equations missing in Preview.
I'm curious to know how Preview would have dealt with this particular threat. Would it have ignored the executable content or were we in danger of having this thing spread before Apple put it in their quarantine list?
That applies if you have Snow Leopard or Lion:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
"When we tested the malware inside our labs, we couldn't manage to get it to execute as the author probably intended," Cluley admits, "however, strings embedded deep inside its code make it clear that it was written with malicious intent."
The message is clear: Apple's success in recent years is coming at a cost, as attackers start to see the company's growing market share as a valuable target for their attentions.
Despite this, it will be quite some time before Mac OS X reaches the heady heights of malware distribution from which its Microsoft-made rival platform suffers"
The message is clear: Apple's success in recent years is coming at a cost, as attackers start to see the company's growing market share as a valuable target for their attentions.
Despite this, it will be quite some time before Mac OS X reaches the heady heights of malware distribution from which its Microsoft-made rival platform suffers"
It doesn't do anything at all if you're on Snow Leopard or Lion, and not much at all on other versions.
This is absolutely NOTHING new, as even back in 2003 I was affected by a similar disguised file sent by disgruntled script kiddies from another Mac forum...
AGAIN: This is simply an app masked as a PDF file, and not at all a self-replicating virus or anything of the like. As long as you don't have Safari set to open files automatically or, obviously, you DON'T double-click on suspect files, you're fine.
- Status