Malware

[simonsi]

I did, maybe you should ...that's where the comments I posted came from.

Did you read the part where he ran the tests, as I said Admin Password required, just as with most other serious malware on the platform. Doesn't stop some future exploit being found but this malware hasn't found one, it uses a time-honoured attack vector of stolen software and Admin permissions to install it.

In case you missed it: "The very first thing that happened when I opened the app was that I was asked for my admin password. I provided it, and an official-looking Adobe installer started up, but by then the damage was done. The instant I provided the password, the iWorm malware was installed....It’s just a trojan in the form of pirated software that has been modified.."

If you give Admin permissions to ANY software that has come from such a source then this is likely what you will get. No blinkers here, just being guided by the facts as presented.

BTW you linked to a different article to the one I did.

 

[GGJstudios]

You're trying to insult me into submission, but I won't be swayed!

I'm not insulting or trying to insult anyone. I'm simply stating facts. How you choose to react to those facts is not my problem.

Here's your post in its entirety and your new problem is that I read only too well ...sometimes between the lines.

I know what I posted. You're reading things into it that I didn't say.

If you're not claiming evidence of Piracy, why do you insist this is a breach of the basics of safe computing, when the comments I've posted describe how it could also be the result of legitimate software installation ...or is that a breach of your precious safe computing too

There was some evidence made public, which I provided links to.
That evidence pointed to installing pirated software as a possible vector.
Installing pirated software is contrary to safe computing.

It's not "my precious safe computing". It's not something I invented or claim credit for. It's common sense applied to using computers. If it's a concept that you don't understand or don't believe is valid, I encourage you to read the links that have been provided, to educate yourself on the topic.

The public statements pointing to piracy were substantiated by actual facts: in one case, a user admitted installing pirated Adobe software:

I had a pirated a copy of photoshop cc 2014 from pirate bay. (yeah i am utterly broke and unemployed, and i had launched it only once to export one file to a specific format). And as far as i can see right now that is the only app that has the same'ish timestamp (in my apps folder) as the javaW binary from the lib/app support/javaW/ folder.

In another instance, a user found the malware in pirated software being offered on the web:

I’ve located the dropper in torrents by this user (link deleted), who offers bootleg copies of Adobe Photoshop, Illustrator, Microsoft Office and Parallels Desktop for OS X.

In both of the examples that you posted, suggesting infection via legit software, those statements were hypothesis only by posters, and were not substantiated by any documented evidence supporting their claims.

You Guys need to have the blinkers you're wearing surgically removed, then maybe then you'll see that infections can happen to the most careful of users.

In the 13+ years since OS X was released, all OS X malware in the wild has been avoidable through practicing safe computing, with no need for any 3rd party software to provide protection. So far, no documented evidence has been provided proving that scenario has changed.

 

[Artimus12]

Did you read the part where he ran the tests, as I said Admin Password required, just as with most other serious malware on the platform. Doesn't stop some future exploit being found but this malware hasn't found one, it uses a time-honoured attack vector of stolen software and Admin permissions to install it.

In case you missed it: "The very first thing that happened when I opened the app was that I was asked for my admin password. I provided it, and an official-looking Adobe installer started up, but by then the damage was done. The instant I provided the password, the iWorm malware was installed....It’s just a trojan in the form of pirated software that has been modified.."

If you give Admin permissions to ANY software that has come from such a source then this is likely what you will get. No blinkers here, just being guided by the facts as presented.

BTW you linked to a different article to the one I did.

I didn't actually link to anything, I l copied\pasted the first two comments from the page you linked to.




Since you're guided by the facts, don't ask me how you've skipped the facts that point to a much wider possibility of infection.

I'll post my previous comment again below, as you seem to have only read\quoted the first line and the answer is in the boxout ...as said this is from your link - in the comments

It's still speculative!

The first comment and subsequent reply in the link is as much evidence as you've provided to the contrary.

Chas4 says:
October 4, 2014 at 10:35 am
It can also be in legal software too. If the build machine is infected some malware will attach itself to the software being compiled, or site gets infected, there are many ways.

Reply
Thomas says:
October 4, 2014 at 10:44 am
There’s no sign from my testing that this is actually infecting other apps and spreading in a virus-like fashion. That said, there’s certainly nothing preventing this malware from also being distributed within legal apps, in much the same manner that a lot of adware is being distributed right now. There’s also the possibility that the hackers could send a command out to the botnet to make modifications to other apps, once the malware is installed.

Don't shoot the messenger, but I think you're being a little too hasty in condemning folk for piracy in this case.

Evidence for: 0

Evidence against: 0

Result: Stop claiming there's some public evidence, when there isn't.

Edit: FYI: The second commentator (@Thomas) above, is the guy that actually wrote that article - so if you want to question his knowledge be my guest.

 

[simonsi]

Since you're guided by the facts, don't ask me how you've skipped the facts that point to a much wider possibility of infection.

But it has only been demonstrated in pirated software, even by the author.

Yes it could be distributed in legit apps, when Adobe choose to distribute trojans I'm sure we will all find out soon enough.

"Trusted source" is the key.

 

[Artimus12]

Adobe?

Think; Coconut Battery, DaisyDisk, TG Pro and a half gazillion other little utilities downloaded daily.

Think; Different, I dare ya.

Blinkers off now please, it's not funny anymore.

I'm out, as I'm missing the F1.

 

[simonsi]

Adobe?

Think; Coconut Battery, DaisyDisk, TG Pro and a half gazillion other little utilities downloaded daily.

Think; Different, I dare ya.

Blinkers off now please, it's not funny anymore.

I'm out, as I'm missing the F1.

Yep, "trusted source" is the key, how that is achieved was in the article. If your contention is that <any> app from <any> source could be an attack vector then cool - but that manifestly isn't the case and hasn't been demonstrated so far. If your contention is true then what do you want to happen??? Not be careful installing software? Do install from known poor/infected/illegitimate sources???

Safe computing has a demonstrated history of keeping users safe, if you want to prove that unsound then provide a little useful evidence, not just a hypothesis that it <could> happen, move it onto a testable theory or provide a demonstration or example of it working that obviates all the developer/publisher safeguards.

I don't get genuine Adobe from Piratebay, so even if a genuine installer can be a vector it doesn't come from a trusted source.

To use that vector you have to corrupt the genuine installer AND fake its signing by Adobe AND make it download from Adobe.com....

Yes there are lots of legit Apps out there that are downloaded but agin, using a trusted source (who in turn use trusted relationships with the sources of their files), minimizes the risk.

 

[Ccrew]

You Guys need to have the blinkers you're wearing surgically removed, then maybe then you'll see that infections can happen to the most careful of users.

You won't get anywhere here. There will always be a counterpoint from the fanboy faithful that will drag you down and beat you with stupid.

What they fail to realize is the best virus is the one that they haven't found. A year ago they'd have argued that you couldn't remotely turn the camera on too, but I'm in a job where I know better.

 

[leman]

OS X has an integrated malware scanner, so you don't really need anything else. It's also a good thing to only allow execution of signed apps.

 

[simonsi]

What they fail to realize is the best virus is the one that they haven't found.

But calling a user-installed trojan a virus helps how?

 

[leman]

What they fail to realize is the best virus is the one that they haven't found.

What is the purpose of this very basic fact of computer security in the context of this thread? A malware/virus scanner is obviously ineffective agains something which is unknown.

Again, the best general solution agains malware is code signing — and Apple has been heavily pushing in this direction for quite some time now.