x404.co.uk
http://www.x404.co.uk/forum/

Malware be thy new friend Mac
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=14848
Page 1 of 1

Author:  bobbdobbs [ Wed Sep 28, 2011 10:52 am ]
Post subject:  Malware be thy new friend Mac

clicky
Quote:
Intego’s security researchers have been examining the code of this new Trojan horse, which we announced yesterday. They have found some interesting elements in the code.
First, the code itself is quite sophisticated. The Trojan horse installs a backdoor, at ~/Library/Preferences/Preferences.dylib, which communicates with a remote server, sending and receiving data using RC4 encryption. The backdoor uses the infected Mac’s hardware UUID (a unique identifier) as a user agent, and to identify specific computers. It also sends information about the infected Mac, such as which version of Mac OS X, which architecture (Intel or PowerPC), and more.

Quote:
“The backdoor is able to download further software, but, for now, we are not seeing this activity,” Intego's analysis stated. “It is also able to update itself, and creates an Sha1 hash of the malware to see if it has changed. If the Sha1 of the software version on the server is different from that installed, this means that an update is necessary.”

MAc Malware .. it just works ;)

Author:  Amnesia10 [ Wed Sep 28, 2011 11:31 am ]
Post subject:  Re: Malware be thy new friend Mac

Malware was eventually going to target Macs as it is becoming more popular.

Author:  cloaked_wolf [ Wed Sep 28, 2011 3:58 pm ]
Post subject:  Re: Malware be thy new friend Mac

+1. The defence for Macs about no viruses/malware etc was because less than 1% of the population used them. As it increases, more and more malware will be targetted and the true "security" and "stability" of Mac OS will be tested.

Author:  steve74 [ Wed Sep 28, 2011 4:40 pm ]
Post subject:  Re: Malware be thy new friend Mac

* yawn *

Do we *really* need yet another post on Mac OS X malware?

As long as you keep your Mac up to date then you *should* be protected from this. Apple updated the built-in malware/trojan detection in Snow Leopard and Lion yesterday (Tuesday) to guard against this and other threats, according to this article on MacWorld...

http://www.macworld.co.uk/mac/news/inde ... id=3306358

...unless this is another one. In which case, Apple will again update its signatures database and push it out to all 10.6 and 10.7 users. What's the big deal here? It's a non-story really, as Apple have already acted to protect users from this haven't they?
:roll:

Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

Author:  cloaked_wolf [ Wed Sep 28, 2011 5:37 pm ]
Post subject:  Re: Malware be thy new friend Mac

steve74 wrote:
if us Mac users kept posting threads on Windows vulnerabilities


Has been going on for years. The entire "should have bought a mac".

Author:  Amnesia10 [ Wed Sep 28, 2011 6:17 pm ]
Post subject:  Re: Malware be thy new friend Mac

steve74 wrote:
Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

I have an old Powerbook that is not even connected to the internet any longer so no need for AV etc. I just play old PowerPC games on it.

Author:  steve74 [ Wed Sep 28, 2011 7:59 pm ]
Post subject:  Re: Malware be thy new friend Mac

cloaked_wolf wrote:
Has been going on for years. The entire "should have bought a mac".

Not on here. Not that I've seen anyway. Not the way certain PC users here seem to delight in posting these Mac-baiting "stories" - or rather non-stories. I certainly don't feel the need to bait Windows/Linux users on their choice of OS - why should it be different when it comes to Macs? If someone wants to use Windows, Mac OS or Linux then I respect that - it's their choice, good for them. I choose a Mac because it's best for me, allows me to get on with the task in hand and doesn't get in the way (I could say not like Windows, which just gets in the way and nags me all the time, but I'm not that petty).

I dunno, I just think this apple-baiting on here lately is more indicative of an underlying vulnerability or inadequacy of the posters, that's all. Sorry, ignore me, I've had a rubbish week at work and this thread just annoyed me - of course that's probably what the intention was and normally I wouldn't rise to the bait. So, mission accomplished then!
:roll:

Author:  ProfessorF [ Wed Sep 28, 2011 10:06 pm ]
Post subject:  Re: Malware be thy new friend Mac

I think it's valid to post news items on new Mac flavoured malware.
Especially when they're clearly becoming more clever in their approaches, rather than encouraging you to click on a badly spelled 'Install this app to see Scarlett Johansson naked' sort of vector.

Author:  Amnesia10 [ Wed Sep 28, 2011 10:25 pm ]
Post subject:  Re: Malware be thy new friend Mac

ProfessorF wrote:
I think it's valid to post news items on new Mac flavoured malware.
Especially when they're clearly becoming more clever in their approaches, rather than encouraging you to click on a badly spelled 'Install this app to see Scarlett Johansson naked' sort of vector.

Totally agree. It might not affect anyone here directly but it might encourage people to be more careful about what they actually do online. For example at the old place there was mention of the problems of users operating in a admin account. With that advice I set up Admin accounts and downgraded my user accounts to simple user accounts. I still spend 99% of my time in my user account and very rarely use my admin account but it does protect me more than before.

Author:  big_D [ Thu Sep 29, 2011 4:23 am ]
Post subject:  Re: Malware be thy new friend Mac

steve74 wrote:
As long as you keep your Mac up to date then you *should* be protected from this. Apple updated the built-in malware/trojan detection in Snow Leopard and Lion yesterday (Tuesday) to guard against this and other threats, according to this article on MacWorld...

But the update doesn't cover the current Flash-Installer malware. Apple are also appauling at keeping their software patched.

Probably one of the reasons they've stopped bundling Java, it took them 18 months to release the last patch, after Sun had released the code to Apple and patched all other platforms.

There have been many cases of security holes in OS X going months unpatched, even though they had been reported to Apple. It was only after the researcher got fed up of being ignored and published the information about the flaw publicly, that Apple finally get around to patching.

It seems, every time there is a security threat, Apple bury their heads in the sand, hoping nobody will notice that there is a gaping hole, if Apple stays quiet. They then release a patch, once they start getting bad press.

Just look at the recent SSL Cert clusterf***! Google released a patch the same day, Firefox a day later, Microsoft 2 days later, Apple, after being pilloried in the press for being the only major browser maker not to have patched the whole, patched it over a week later!

This was for a cross platform exploit that was being actively exploited!

steve74 wrote:
http://www.macworld.co.uk/mac/news/index.cfm?newsid=3306358

...unless this is another one. In which case, Apple will again update its signatures database and push it out to all 10.6 and 10.7 users. What's the big deal here? It's a non-story really, as Apple have already acted to protect users from this haven't they?
:roll:

That they only release the updates when they want to, not when they have to, and they are not up to date!

steve74 wrote:
Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

I think, because of Apple's laissez faire attitude to protecting their customers, it is more important to inform Mac users of possible threats, so that they can protect themselves.

Author:  Amnesia10 [ Thu Sep 29, 2011 4:40 am ]
Post subject:  Re: Malware be thy new friend Mac

Also patching software is not a sexy side of the business so Apple probably do not fund it adequately.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/