Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Transmission Malware Transmitted Through Server Hack, Downloaded 6,500 Times
- Thread starter MacRumors
- Start date
- Sort by reaction score
I personally don't use this client, so I am not familiar with the website download.
Anybody knows if they had MD5 checksums for the downloads to make sure they are "authentic"?
Anybody knows if they had MD5 checksums for the downloads to make sure they are "authentic"?
I think they did or at least they now do. But the same issue happened with Mint Linux distros recently. Even though there were MD5 posted on the downloads page, since the site was compromised, the "hackers" not only compromised the ISO but also updated the MD5 on the website. So you would think you have downloaded the correct one.
The Mac App Store is a great idea, too bad it's so poorly implemented that many developers avoid it like the plague.
Hopefully never, providing Apple sticks to it's walled garden philosophy. Malware for OS X is easy if you can convince the user to install your "app", for iOS however, you've got to find the equivalent of a jailbreak to really do any damage.
I remember a while back, Facebook lit up with people "pranking" one another with the "Crash Safari" website. As a CS student studying security, I couldn't help but cringe as people willingly flocked to a website by the thousands to run an exploit in their browser which, as far as they knew, could have meant the installation of a jailbreak style backdoor. Not to mention there was the story not too long before that about the group offering a substantial amount of money for someone to find an iOS 9 jailbreak to be sold off to "whoever wanted to buy it".
On the subject of KeRanger does anyone else find it curious that this thing had a delay? It does the necessary server contact to get an encryption key, then waits 3 days. I've seen ransomware that waited for activation from a central server, presumably so it could reach a critical point undetected, but just waiting 3 days from infection seems odd. That and the high decryption cost, it's almost as if whoever planted it did so as more of a PR stunt.
Define "live". "Survive" as in "not dying at this very moment"? I do not in any way condone piracy, nor am I involved in it myself, but it is *never* as simple as that. May I suggest some traveling outside your own country? Watching the evening news does not count.
Do you have any statistics for http downloads? Or particular car brands involved in speeding? Crowbars? Human beings? Fuggedaboutit. Stop producing more of those ASAP. If you looked into it you would probably find that most of this world's technologies has seen nefarious use at some point.
Bittorrent is simply a protocol that due to being decentralized can be practical to use over http (large files, less strain on a single point, interrupts due to a bad connection...). Decentralization is of course what makes it a good candidate for software piracy in the first place. If I were you I'd go for total bandwidth use/network strain angle instead. On the other hand, the entertainment industry and ISPs shoot themselves in the foot somewhat by promoting cloud services and (legal) on-demand, high definition streaming over networks that aren't quite up the task, forcing bandwidth limits and/or throttling where there were none before. So what do I know?
Wikipedia has a note on bittorrent adoption but of course it is tagged as disputed - I assume since a pro-bittorrent showcase must be pro-piracy...
Anyway, we seem very good at polarizing just about anything nowadays. If you're not with us you're against us. The never ending supply of misguided high horses and leaning piedestals that beg to be mounted unfortunately silence many discussions, important or not. (Let's hope this is not the case here, regardless of opinion.)
I wish you'd find another OS. Some of us need to run real software, not turn our Macs into iPads.
If you want ALL your applications to be sandboxed, all you need to do is leave Gatekeeper in its original turned ON mode and you will never be able to install software that isn't approved by Apple. Only get your software from the Mac App Store and you will never have an application that isn't sandboxed. See how easy that is to get what you're asking for without affecting everyone else that isn't intimidated by a couple of low-life hackers and still wants to be able to run far more powerful software than is possible with sandboxing and/or Apple blocking Apps they don't "like" for whatever reason?
The point is that these requests to sandbox EVERYONE'S COMPUTER is speaking for all those people. Speak only for yourself and only run sandboxed software for yourself. Leave the rest of us out of it. Sandboxed software is far too limited in many cases and speaking as someone who has never seen a Mac malware in the past ten years and I have gatekeeper completely disabled, I see no reason to limit my computer out of misplaced (IMO) FEAR.
Keep a bootable backup of your computer (better yet keep a 2nd backup off-site that is updated less often as well) and you don't have to worry about ransomware as you can easily restore from the pre-infected OS.
Last edited:
You would only be infected if you downloaded the app directly from the Transmission web site. If you updated in app you are okay.
To stop this happening in the future the developers should make their app use Gatekeeper. You can do this even if you are not distributing through the Mac App Store. The app is then sandboxed and can be made to only be able to read/write files that are in directories the user explicitly grants access to. If this had happened under that scenario then your downloads folder could still have been affected by this but it wouldn't have been able to get to the rest of your drive.
I did not understand what had the .91 version if infected or not. I had exactly this version, updated immediately to .92. It's been days and I have not found the process and the various files created, I can feel calm?
P.S. I did not remember if before .91 I run also .90, I think not, but as I said, now with .92, I found nothing on my computer of the listed files, I'm safe?
P.S. I did not remember if before .91 I run also .90, I think not, but as I said, now with .92, I found nothing on my computer of the listed files, I'm safe?
Digital certificates do not offer ANY additional layer of security enhancement at all. The certification system is essentially broken, and has been for a long time. Apple does not understand this, and the average "it just works" - user does not want to understand this.
A once popular internet browser once had an easy revokation feature for "bad" plug-ins, called ActiveX-killbits, which did not work at all... And even Microsoft understood this. Digital application signatures only creates unecessary hassle, when certificates run out and become invalid because the company "forgets" to renew them. With the biggest problem being, that the user believes to be on the safe side, only installing digitally signed apps through controlled channels.
A once popular internet browser once had an easy revokation feature for "bad" plug-ins, called ActiveX-killbits, which did not work at all... And even Microsoft understood this. Digital application signatures only creates unecessary hassle, when certificates run out and become invalid because the company "forgets" to renew them. With the biggest problem being, that the user believes to be on the safe side, only installing digitally signed apps through controlled channels.
No, kernel_task is a system process. The malware process is named in a similar fashion to make it seem like a legitimate process.
Yes... if you have installed 2.92 you are safe. Even if you had been infected, 2.92 would have removed the malware.
You are missing my point. Yes, the stats show that there are more USERS of BitTorrents that are for nefarious reasons compared to legal users. That's not the point. My point was people making blanket assumptions that ALL users of BitTorrent are ALL being used for pirating (as well as statements like "Well, since it is used only for piracy, they all deserve what they got" throughout this forum). I work with at various times with torrent files with collaborators and clients. You can show me stats all day long. That will not change the fact that there ARE legal (as well as other "under-the-covers technology") uses for a torrent file. BitTorrent is just a protocol. That's it. It's a way to process and download files through various streams as opposed to one bit fat data pipe through only one channel. Just because you or anyone else do not have a legal use for the protocol doesn't mean that others do not.
VersionTracker was a great idea.
Regardless of anyone's opinion of the Apple Mac Store and how is is ran, be that good, bad or somewhere in between, It leaves us with a "all our eggs are in one basket" situation with apps.
Regardless of anyone's opinion of the Apple Mac Store and how is is ran, be that good, bad or somewhere in between, It leaves us with a "all our eggs are in one basket" situation with apps.
Not really...
go to http://www.macupdate.com
Or use google.
There are very good reasons why developers are giving up on the AppStore. Apple isn't doing OSX software developers many favours. OSX isn't iOS. OSX applications need far more flexibility.
Yes, that solution will protect me from ransomware. There is all kinds of other malware that could really ruin my day. Not much exists yet, but it'll happen as OS X (hopefully) gains popularity.I wish you'd find another OS. Some of us need to run real software, not turn our Macs into iPads.
[etc...]
Keep a bootable backup of your computer (better yet keep a 2nd backup off-site that is updated less often as well) and you don't have to worry about ransomware as you can easily restore from the pre-infected OS.
As a backend programmer, I think I run "real" software. Seems that your definition of powerful software is that which requires a lot of permissions. Most software needs only a small fraction of the permissions granted to it. I didn't mean actually all programs, but practically anything you'd download, excluding things that ask for root privileges (which are mostly system utilities). And if something needs to not be sandboxed, it should require the user's password. What "powerful" software are you running that needs to be able to edit files all over the place anyway?
A sandbox is only good if reputable programs use it. Why don't I get stuff from the Mac App Store? Because there's nothing on it, and it's nearly unusable anyway due to bugs. Last time I tried to update Xcode through it, it was such an ordeal that I felt like torching my computer with a can of Febreeze.
Oh well. I haven't been hacked (to my knowledge), and neither have you, but maybe it'll happen some day. Just think of this every time you run a binary that you trust for no real reason.
[doublepost=1457493018][/doublepost]
Exactly. It's a good idea, but literally every aspect of it is garbage. Even the App Store application itself is a buggy mess. I wish Apple had done it right.
Last edited:
What amazes me is that Apple is SO staunch to defend our "rights" to "privacy" on the one hand, yet they value freedom none what-so-ever (i.e. limiting and arbitrarily choosing what software is "allowed" on their App Store and not allowing trial periods or paid updates, etc.). There's a massive hypocrisy in pretending to defend one Constitutional right, but then to wholesale ignore all the others. They don't want "duplicate" software if it competes with their own even if their own sucks. They don't like torrent clients. They don't like adult software of any kind. They don't want anyone improving their horrible Finder (with say something like XtraFinder) and refuse to improve it themselves. They spend a ton of time on making a flat interface, but don't improve the underpinnings much at all. They have a huge bug in Gatekeeper that renders it near useless, but let's work on pastel color schemes some more instead. They don't even give a "busy" indicator for the new Spotlight so you can't even tell if it's still looking or not. Ridiculous.
What's wrong with Apple? Everything. At least Oculus Rift made it quite clear why they won't support Macs. There's not a SINGLE Mac (other than a Hackintosh) that has a good enough GUI to support the device. Not even a $6000 configured Mac Pro. Some of us have been saying that for years about Macs, but the fanboys always chime in how the Mac isn't a game machine, etc. and they can game just fine, blah blah blah blah. The TRUTH is the Mac is vastly under-powered in the GPU, has terrible outdated drivers, a lot of bugs that aren't being addressed nearly fast enough (even though the update cycle is too short now) and you can't find a single "truck" computer among them (the Mac Pro hasn't had a single update yet since its "new" version that doesn't support PCI cards). Honestly, I'm amazed Macs are still selling.
But then you have Microsoft turning into the NSA Branch #2 so....
And that proves absolutely nothing! Jump on Bittorrent and download away and you're asking for trouble!
I hope you did not misunderstand my comment, I think bit-torrent is an awesome technology for software and file distribution. My point was that it's a shame that it's automaticaly assumed that it's only use is for doing wrong.
You've completely missed the point.
Bittorrent as a protocol is useful. I am against all kinds of piracy. I love the protocol however. Don't blame it if it is used for piracy. It's like blaming hairpins for burglary.
Heh, MP3 is the piracy format once again. People doing sketchy things often use old codecs for some reason.
Bit torrent is great for under-funded organizations. I always torrent BSD and Linux distributions. The BeamNG updater used to exclusively use bit torrent. But I do take issue with Bitcoin and bit torrent for being intentionally geared towards crime by supporting anonymity.