Sophos claims there is a new threat to OSX


Stella

macrumors G3
Apr 21, 2003
8,273
4,636
Canada
What they really mean by the 'registry' is the Preferences Directory:

Mac/Cowhand-A is a proxy Trojan for the Mac OSX platform.

The Trojan may copy itself to the user's Preferences folder. In order to run itself on startup, the Trojan may add itself to the user's Startup Items.
 

space2go

macrumors regular
Feb 5, 2004
162
0
LOl They didn't even try to make their hoax sound plausible.

Just sad that someone will believe it and buy their crap.
 

Mr. Anderson

Moderator emeritus
Nov 1, 2001
22,407
0
VA
So it adds itself to the startup items....but then what does it do? Makes sense to let people know its effects.

And wouldn't you have to *install* it to have it run?

D
 

thedoc1111

macrumors regular
Aug 13, 2003
123
0
And here we have a potted example of the total complacency that means when the first real OS X trojan comes out, many of you will fall for it...

Remember, all a Trojan needs is social engineering to get you to execute it and with the level of complacency you all seem to show, you would be making the trojan writer's job even easier.

All you have to do is double click an application disguised as an MP3 or a PDF and you could lose all your files in your home instantly...
 

mad jew

Moderator emeritus
Apr 3, 2004
32,194
6
Adelaide, Australia
Yawn! I think it's time for bed. I'm in the mood for a good night's sleep, safe with the knowledge that my Mac will be fine in the morning, there will still be no viruses out there on the big, bad, evil internet. These lame anti-virus companies need to take up a hobby and stop pestering us about upcoming threats. Anyone read about that kid Peter who yelled about wolves? ;)
 

stcanard

macrumors 65816
Oct 19, 2003
1,490
0
Vancouver
thedoc1111 said:
Remember, all a Trojan needs is social engineering to get you to execute it and with the level of complacency you all seem to show, you would be making the trojan writer's job even easier.
Remember, there is a difference between complacency, and laughing at a company that keeps yelling fire hoping eventually to scare someone into buying their product.

Don't confuse the two.
 

stoid

macrumors 601
thedoc1111 said:
And here we have a potted example of the total complacency that means when the first real OS X trojan comes out, many of you will fall for it...

You are dead wrong. What you see here is a shining example of why, even when a Mac OS X virus/trojan is finally (if ever) developed, that Mac OS X users WON'T get hit. What you see here is people researching the possible threat, trying to find out if they could really be affected, and learning that Sophos is full of ****.
 

buggybear

macrumors member
Feb 24, 2005
43
0
Trojan horses

thedoc1111 said:
And here we have a potted example of the total complacency that means when the first real OS X trojan comes out, many of you will fall for it...

Remember, all a Trojan needs is social engineering to get you to execute it and with the level of complacency you all seem to show, you would be making the trojan writer's job even easier.

All you have to do is double click an application disguised as an MP3 or a PDF and you could lose all your files in your home instantly...
That is interesting to realize that you don't have to explicitly grant permission for a program to delete files from your home directory. I guess something as simple as a shell script could be named hot.jpg.command. And the execute bit could be preserved during download by first placing it in an archive. Furthermore it could disseminate itself using the built-in mail command and the list of email addresses in ~/Library/Application\ Support/AddressBook/AddressBook.data

On the otherhand, at least the Trojan wouldn't be that well disguised. In fact none of the vulnerabilities listed on Sophos' site involve anything but Trojans. Filter out every line that does not include "troj" and the remaining entries still all seem to be trojans when you click on their descriptions.

Trojans are pretty distinct from viruses and worms. Software is unlikely to even limit Trojans very much, and they can be entirely prevented by exercising caution.

Trojans are little different than an email that instructs you to throw your computer out the window, but cannot physically move your computer by itself.

Randall
 

Iroganai

macrumors regular
Oct 18, 2003
201
0
let's forget about Sophos' stupidity and discuss how the supposed trojan
give 'others' to access the computer...

I don't think it is easy to punch a hole in the OS X security
even if you're logged in with an administrator privilege.

You need to at least give password to that trojan once.

Yes, trojans are all about social engeneering, but just double-clicking it
cannot give the trojan to crack the system !
(or maybe the trojan uses the security hole in iSync, fixed in Update 2005-004)
 

Applespider

macrumors G4
buggybear said:
That is interesting to realize that you don't have to explicitly grant permission for a program to delete files from your home directory. I guess something as simple as a shell script could be named hot.jpg.command. And the execute bit could be preserved during download by first placing it in an archive.
Didn't I read something that under Tiger, Safari will warn you if a downloaded item contains an app? I feel I've read so much about different Tiger features that I have no idea of where I read it or even if the source was credible.

Doesn't OS X warn you if a script tries to run that hasn't run before?
 

Bear

macrumors G3
Jul 23, 2002
8,089
4
Sol III - Terra
They have a lack of credibility...

They lack credibility for serveral reasons, including the fact that they don't have a description of what the supposed trojan does or how it gets onto ones system.

It looks more like an ad to buy their antiviral software.

When some place reputable announces a trojan floating around for Macs, I'll belive it then.
 

buggybear

macrumors member
Feb 24, 2005
43
0
Applespider said:
Didn't I read something that under Tiger, Safari will warn you if a downloaded item contains an app? I feel I've read so much about different Tiger features that I have no idea of where I read it or even if the source was credible.

Doesn't OS X warn you if a script tries to run that hasn't run before?
1. it could be hidden in an archive anyway
2. There is no warning with scipts
 

thedoc1111

macrumors regular
Aug 13, 2003
123
0
Iroganai said:
You need to at least give password to that trojan once.
Not to delete files which you have permission to change without a password (i.e. all of your documents)
 

thedoc1111

macrumors regular
Aug 13, 2003
123
0
stcanard said:
Remember, there is a difference between complacency, and laughing at a company that keeps yelling fire hoping eventually to scare someone into buying their product.

Don't confuse the two.
I don't entirely see how having an small web page with descriptive information buried inside their website is yelling fire. It is called updating your anti virus software to cope with a minor trojan, something that is surely quite acceptable for an anti-virus company.
 

Iroganai

macrumors regular
Oct 18, 2003
201
0
thedoc1111 said:
Not to delete files which you have permission to change without a password (i.e. all of your documents)
You're right, but my point was the sofos' description of "allowing others to access the computer." Can you do that without a password ?

BTW, what d'you think about the name Mac/Cowhand-A ?
Is it related to the cow Longhorn ;)
 

Mr. Anderson

Moderator emeritus
Nov 1, 2001
22,407
0
VA
Iroganai said:
You're right, but my point was the sofos' description of "allowing others to access the computer." Can you do that without a password ?

BTW, what d'you think about the name Mac/Cowhand-A ?
Is it related to the cow Longhorn ;)
That might be stretching a bit there....

Maybe it was first developed on a a Gateway?

Who knows or really cares, since its not going to be an issue

D
 

buggybear

macrumors member
Feb 24, 2005
43
0
I think the solution is to delete the following
/bin/rm
/bin/mv
/bin/*sh
/usr/bin/*
Then trojans won't be able to operate.

** WARNING: this is a joke. Do not remove these files

The real solution is of course to keep backups of your home directory, and exercise some caution with suspicious emails and untrusted online sources of software like Microsoft. Trojan horses are unlikely to be hindered by anti-virus software, but they are easily prevented by the user.