New Mac Trojan Reported

Discussion in 'macOS' started by Bazzy, Mar 2, 2011.

  1. Bazzy macrumors regular

    Joined:
    Jun 8, 2009
    #1
    Hi All,

    I have just come across this bit of news & thought I would share it here just in case - I am a novice unlike most here so most will be able to better determine potential threats than I - the source seems credible as far as I can tell - is it anything to worry about?

    Bazzy!


    Virus shows that Mac OS X is not invulnerable

    Trojan through the back door
    By Asavin Wattanajantra
    Mon Feb 28 2011, 11:02

    A MAC OS X TROJAN is out in the wild, a further sign that criminals are looking at the Apple PC operating system with more interest due to its increasing market share.

    The "Blackhole Remote Access Trojan (RAT)" has been found and analysed by the insecurity firm Sophos. A variant of a Windows Trojan called Darkcomet, the malware carries a number of features that could be used for nefarious purposes.

    This includes the ability to send URLs, which could allow criminals to lead web surfers to malicious websites. It can also pop up fake administrator password windows. A hacker who successfully gets a user to type in their actual password will then have full system access.
    The creator of the malware seems to have created Blackhole RAT to make a point. Another of the Trojan's features is the ability to put up a full-screen window that only allows you to click on a reboot button.

    On it a message reads, "I am a Trojan Horse, so I have infected your Mac computer. I know, most people think Macs can't be infected, but look, you are infected!"

    "I have full control over your computer and I can do everything I want, and you can do nothing to prevent it. I'm a very new virus, under development, so there will be many more functions when I've finished."


    Mac OS X users shouldn't panic about something like this, but it is worth being careful about downloading unauthorised applications, especially from dodgy Bittorrent websites. Of course, keeping up with security patches is also advised. µ


    http://www.theinquirer.net/inquirer/news/2029303/virus-mac-invulnerable
     
  2. Valve1138 macrumors newbie

    Joined:
    Feb 8, 2011
    #2
    So what AV software should I run?

    ClamAV still viable?
     
  3. Kebabselector macrumors 68030

    Kebabselector

    Joined:
    May 25, 2007
    Location:
    Birmingham, UK
    #3
    Oh noes, I shall sell and return to safe world of Windows :rolleyes:

    (it was reported a few days ago, not a big issue. Still requires users to install the trojan to be effective)

    Fairly lazy/crap reporting, a Trojan is not a Virus.
     
  4. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #4
    you will only get this if you are an extremely un-careful user. nothing to worry about really. carry on.
     
  5. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #5
    Just some information for people able to employ something called "come on sense". Really, software makes it easier anyway.
    But nevertheless I present the glory fail of*:

    *
     
  6. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #6
    I stopped reading here
    There is NO antivirus software that can protect against this

    Nothing new
     
  7. Hastings101 macrumors 68000

    Hastings101

    Joined:
    Jun 22, 2010
    Location:
    K
    #7
    Thanks for sharing, it's nice to know when there are new threats out there, always good to keep an eye out for anything strange happening on your computer.

    However, this is also a nice time to remind everyone to never enter your password unless you know exactly what is asking for permission :)
     
  8. GekkePrutser macrumors 6502a

    GekkePrutser

    Joined:
    Aug 18, 2005
    Location:
    Ireland
    #8
    Yes, it would be good though if Apple would incorporate something like this in OS X Lion. Similar to what Android does, it asks for permissions and lists the reasons, like: "Application wants SIM card access", "wants I/O access", "wants to manage processes" etc etc. And it should enforce that nothing else can be done of course.

    I think OS X should have something more specific than the current: "Needs system privileges" popup.

    Of course there's a delicate balance between being too restrictive (iOS-like) and too slacky security measures.
     
  9. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #9
    Please post your user name, password, banking details and dna sequence to decode read the rest of my post...

    (&#(*&#%&(#*&$#(*&#$$#( (#&$(#&(@#& (&#$(&# (&($#&(*& (#&(*(&# (&(#&&$(@*&#& (#&($&*# (#&($&*#(&,

    < r0k is heard snickering while he waits for some n00b to type in their login info, but he then realizes the only user that might do it is perhaps the guy that wrote the enquirer article linked above. >

    :rolleyes:

    nothing to see here...

    this isn't the OS X virus you were looking for...

    move along.
     
  10. flopticalcube macrumors G4

    flopticalcube

    Joined:
    Sep 7, 2006
    Location:
    In the velcro closure of America's Hat
    #10
    Sophos has done this before. It's getting old. "insecurity firm"? :D
     
  11. Winni macrumors 68030

    Winni

    Joined:
    Oct 15, 2008
    Location:
    Germany.
    #11
    Okay, a Trojan is not a virus, but basically that's just semantics these days, since most people use the word virus synonymous for "malware".

    Viruses are no longer an issue (okay, they are an issue on Facebook, but that is WANTED and BY DESIGN). It's been YEARS since the last virus was successfully self-replicating on Windows machines; the NT family of Windows platforms has out-grown its virus problems.

    I don't know when the last time was that one of the many Windows machines in our company reported the detection of some malware. Most of the real issues are usually reported by... the web browsers (IE8, IE9, Firefox 3 & 4, Chrome).

    The current dangers come from Phishing, a couple of worms and cleverly disguised Trojans. And here it comes: ALL of those also work very well on Mac OS X or Linux. You just need somebody to implement such malware, and then you need to seduce your average computer John or Jane Doe to click on the right button - and especially the latter is usually the most trivial part.

    A couple of days ago, the well-reputed German Heise Online magazine reported that one of the successful Trojans for Windows is currently being ported to Mac OS X and that its basic functions were already operational at the time of their writing. It's being used as a test balloon for the OS X market, they noted.

    Heise had also repeatedly reported about Hacker contests in the past which always revealed massive security holes in Mac OS X and that Apple does not take security issues serious enough. They appear to change this with Lion, because for the first time, Apple invited external security auditors to test their new OS for security holes. (Which is something that Microsoft has now been doing for years, and even Vista reportedly has already had a higher level of security than OS X.)

    Anyway. The average Mac user still wants to believe Apple's old marketing lies that Macs are safe while PCs aren't, and people only believe what they want, even when the facts prove them wrong.
     
  12. whooleytoo macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #12
    The problem is, how can you really "know" what's asking for permission? We've been lucky so far in that most Trojans are obvious, clumsy attempts to get access to your machine; but if someone was to built malware into a genuinely playable game, or a codec, or a useful utility, how would any user know/recognise it?
     
  13. Hastings101 macrumors 68000

    Hastings101

    Joined:
    Jun 22, 2010
    Location:
    K
    #13
    It'd be hard to know in that situation, that's why I think it's best that everything you put onto your mac comes directly from Apple or a third party that you trust.
     
  14. RedTomato macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #14
    It's at times like this that I really value one of OSX's security features.

    If you type in your password on a web forum, and press post, it automatically converts the password into asterisks.

    *******

    See? Give it a go and test it yourself.
     
  15. John T macrumors 68020

    John T

    Joined:
    Mar 18, 2006
    Location:
    UK.
    #15
    This really is getting boring!!

    As has already been said, this is just a "frightener" sales ploy, put out by Sophos in order to con the computer inexperienced into buying their so-called security software.
     
  16. stainlessliquid, Mar 2, 2011
    Last edited: Mar 2, 2011

    stainlessliquid macrumors 68000

    Joined:
    Sep 22, 2006
    #16
    All the people who had "virus" problems on Windows will have the same problem with these things. Virtually all windows "viruses" are trojans. The word trojan means it is spoofing as something it is not, there is no possible way to tell if the app you just downloaded contains a trojan, all you know is that you want that app so you are going to install it and give it your password. People can pretend all they want that they wont install a trojan when they come across one but the fact is that they will never know when they have downloaded a trojan until after theyve given it the clear to install.

    You can protect yourself from trojans by only installing things from big established companies from their own website, but nobody does that and especially not the people who had "virus" problems on windows.

    So keep pretending trojans arent an issue because they need your password, they are pretty effective on Windows and your ignorance on the issue makes you a prime target.
     
  17. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #17
    Do you have proof of this claim?
     
  18. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #18
    No. Let's not spread misinformation about windows viruses alongside misinformation about (alleged) OS X viruses.

    Virus: Malware sometimes capable of "spreading" with user intervention and sometimes without user intervention on insecure platforms (windows) which allow scripting in email or web pages to run with admin privileges. Viruses often carry a destructive "Payload" that either deletes a users' data or allows some other exploit to occur (see trojan). Common preventions: use common sense, (on windows) run antivirus software, run firewall software.

    Worm: Malware capable of "spreading" from machine to machine without user intervention. Requires OS vulnerabilities. Common prevention: keep OS updates current, run firewall software.

    Trojan: Malware which can be either of the above, whose principal purpose is to allow remote exploit of the user's machine to either: send spam or capture passwords or personal information.

    Adware: Software (considered by many to be malware) that often comes preinstalled on windows computers or downloaded automatically on windows by IE toolbars. This software is designed to track browsing habits but is sometimes considered a more serious security risk. Just as difficult to remove as viruses and often involves a trip to safe mode and the deletion of hundreds (or thousands) of exe and dll files associated with the adware. Common prevention: keep os updates current, run firewall software, run adware detection software. Adware is often bundled with freeware and shareware. Always do research (even on OS X) before you download and install software.

    Please, please, please don't go around saying windows users don't need anti virus software. The windows OS has so many vulnerabilities and so much malware in the wild I recommend avg or other freeware av software even if a user uses common sense.
     
  19. stainlessliquid macrumors 68000

    Joined:
    Sep 22, 2006
    #19
    http://news.bitdefender.com/NW1094-...ats-Adapting-to-Online-Behavioral-Trends.html and that was 2 years ago. Viruses are very uncommon, its mostly trojans with the occasional worm.

    I dont know what this has to do with my post. I didnt say anything about antivirus software and I didnt get any definitions wrong.
     
  20. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #20
  21. stainlessliquid macrumors 68000

    Joined:
    Sep 22, 2006
    #21
    yes of course, why would we have to worry about Windows 95 viruses?
     
  22. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #22
    Most excellent response! LOL!
    OK, here's a method you can use to minimize the chances of unwittingly installing a trojan.

    You've probably gotten emails from your bank or other financial institutions that tell you to go to their website and login, rather than clicking a link in the email to login. That's because an email can be spoofed to make it look like it's from the bank, and if you click a link in the email, you can be directed to a site that's not owned by the bank, but is made to look like the bank's login page. If you login there, you've just given your login and password to the hacker. That's why it's important to look at the address bar when you're about to enter login credentials, to make sure you're on the site you think you're on.

    In the same way, if you visit a site that claims you need an updated version of Flash, or some other plug-in or codec, don't install it from that site. Instead, go to the Adobe site or the codec author's site and install from there, to make sure you're getting a legitimate copy of the software, and not one that could have been tampered with.
    Yes, some of us do. No anti-virus will protect a user from their own stupidity. If you install software from porn sites, torrent sites, etc., or if you install apps without first searching to see what others have said about them, you're asking for trouble. If you exercise common sense and THINK before you install, your chances of being infected with malware on a Mac are extremely remote.
    Trojans are an issue only to the extent that the user is foolish/gullible/uninformed enough to install them. The fact that they require the admin password is only a reminder to think before acting. Being informed and careful about where you get the software that you install is your first line of defense. The password requirement is only the second line of defense.
     
  23. stainlessliquid macrumors 68000

    Joined:
    Sep 22, 2006
    #23
    Those defenses are not mac specific and apply to Windows as well, yet tons of people still get trojans because they simply dont follow those rules. What Im saying is that if they didnt follow those rules on Windows then they sure arent going to follow them on OSX, especially with their "OSX doesnt get viruses" sense of security. The password does nothing to protect against a trojan, many legitimate apps require the password, every app with an installer Ive used has required a password, theres no reason a password should raise flags since its completely normal. I would bet money that most people would be much less likely to to be wary of installing some strange app on a Mac than on Windows due to the volume of malware on each platform, they will assume they are protected since its OSX (and 9 out of 10 times theyd be right since theres so few trojans for OSX, but this new trojan shows that hackers are becoming more interested).
     
  24. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #24
    I agree that there's a problem with having a false sense of security on any system. That's why you won't see me recommending anti-virus apps for Mac users. They can't detect Mac viruses, because none exist. They couldn't detect a new Mac virus, should one be introduced, because they wouldn't know what to look for. As far as trojans, a user with AV installed may, under the influence of that false sense of security, be less careful about what they install. No anti-virus will protect a user from themselves. That's why, especially for Mac OS X, where no true viruses have ever existed, the best defense against malware is for users to educate themselves and practice prudence in installing software.
     
  25. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #25
    Yes, it does. Say you open a file you believe to be an image (say, pictures of the latest screenshots from the upcoming Leopard) and suddenly it asks you for an admin password. Trojan alert!
     

Share This Page