Reply to topic  [ 11 posts ] 
Malware be thy new friend Mac 
Author Message
I haven't seen my friends in so long
User avatar

Joined: Thu Apr 23, 2009 7:10 pm
Posts: 5490
Location: just behind you!
Reply with quote
clicky
Quote:
Intego’s security researchers have been examining the code of this new Trojan horse, which we announced yesterday. They have found some interesting elements in the code.
First, the code itself is quite sophisticated. The Trojan horse installs a backdoor, at ~/Library/Preferences/Preferences.dylib, which communicates with a remote server, sending and receiving data using RC4 encryption. The backdoor uses the infected Mac’s hardware UUID (a unique identifier) as a user agent, and to identify specific computers. It also sends information about the infected Mac, such as which version of Mac OS X, which architecture (Intel or PowerPC), and more.

Quote:
“The backdoor is able to download further software, but, for now, we are not seeing this activity,” Intego's analysis stated. “It is also able to update itself, and creates an Sha1 hash of the malware to see if it has changed. If the Sha1 of the software version on the server is different from that installed, this means that an update is necessary.”

MAc Malware .. it just works ;)

_________________
johnwbfc wrote:
I care not which way round it is as long as at some point some sort of semi-naked wrestling is involved.

Amnesia10 wrote:
Yes but the opportunity to legally kill someone with a giant dildo does not happen every day.

Finally joined Flickr


Wed Sep 28, 2011 10:52 am
Profile
Legend
User avatar

Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
Reply with quote
Malware was eventually going to target Macs as it is becoming more popular.

_________________
Do concentrate, 007...

"You are gifted. Mine is bordering on seven seconds."

https://www.dropbox.com/referrals/NTg5MzczNTk

http://astore.amazon.co.uk/wwwx404couk-21


Wed Sep 28, 2011 11:31 am
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:46 pm
Posts: 10022
Reply with quote
+1. The defence for Macs about no viruses/malware etc was because less than 1% of the population used them. As it increases, more and more malware will be targetted and the true "security" and "stability" of Mac OS will be tested.

_________________
Image
He fights for the users.


Wed Sep 28, 2011 3:58 pm
Profile
Doesn't have much of a life
User avatar

Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
Reply with quote
* yawn *

Do we *really* need yet another post on Mac OS X malware?

As long as you keep your Mac up to date then you *should* be protected from this. Apple updated the built-in malware/trojan detection in Snow Leopard and Lion yesterday (Tuesday) to guard against this and other threats, according to this article on MacWorld...

http://www.macworld.co.uk/mac/news/inde ... id=3306358

...unless this is another one. In which case, Apple will again update its signatures database and push it out to all 10.6 and 10.7 users. What's the big deal here? It's a non-story really, as Apple have already acted to protect users from this haven't they?
:roll:

Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

_________________
* Steve *

* Witty statement goes here *


Wed Sep 28, 2011 4:40 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:46 pm
Posts: 10022
Reply with quote
steve74 wrote:
if us Mac users kept posting threads on Windows vulnerabilities


Has been going on for years. The entire "should have bought a mac".

_________________
Image
He fights for the users.


Wed Sep 28, 2011 5:37 pm
Profile
Legend
User avatar

Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
Reply with quote
steve74 wrote:
Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

I have an old Powerbook that is not even connected to the internet any longer so no need for AV etc. I just play old PowerPC games on it.

_________________
Do concentrate, 007...

"You are gifted. Mine is bordering on seven seconds."

https://www.dropbox.com/referrals/NTg5MzczNTk

http://astore.amazon.co.uk/wwwx404couk-21


Wed Sep 28, 2011 6:17 pm
Profile
Doesn't have much of a life
User avatar

Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
Reply with quote
cloaked_wolf wrote:
Has been going on for years. The entire "should have bought a mac".

Not on here. Not that I've seen anyway. Not the way certain PC users here seem to delight in posting these Mac-baiting "stories" - or rather non-stories. I certainly don't feel the need to bait Windows/Linux users on their choice of OS - why should it be different when it comes to Macs? If someone wants to use Windows, Mac OS or Linux then I respect that - it's their choice, good for them. I choose a Mac because it's best for me, allows me to get on with the task in hand and doesn't get in the way (I could say not like Windows, which just gets in the way and nags me all the time, but I'm not that petty).

I dunno, I just think this apple-baiting on here lately is more indicative of an underlying vulnerability or inadequacy of the posters, that's all. Sorry, ignore me, I've had a rubbish week at work and this thread just annoyed me - of course that's probably what the intention was and normally I wouldn't rise to the bait. So, mission accomplished then!
:roll:

_________________
* Steve *

* Witty statement goes here *


Wed Sep 28, 2011 7:59 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
Reply with quote
I think it's valid to post news items on new Mac flavoured malware.
Especially when they're clearly becoming more clever in their approaches, rather than encouraging you to click on a badly spelled 'Install this app to see Scarlett Johansson naked' sort of vector.

_________________
www.alexsmall.co.uk

Charlie Brooker wrote:
Windows works for me. But I'd never recommend it to anybody else, ever.


Wed Sep 28, 2011 10:06 pm
Profile
Legend
User avatar

Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
Reply with quote
ProfessorF wrote:
I think it's valid to post news items on new Mac flavoured malware.
Especially when they're clearly becoming more clever in their approaches, rather than encouraging you to click on a badly spelled 'Install this app to see Scarlett Johansson naked' sort of vector.

Totally agree. It might not affect anyone here directly but it might encourage people to be more careful about what they actually do online. For example at the old place there was mention of the problems of users operating in a admin account. With that advice I set up Admin accounts and downgraded my user accounts to simple user accounts. I still spend 99% of my time in my user account and very rarely use my admin account but it does protect me more than before.

_________________
Do concentrate, 007...

"You are gifted. Mine is bordering on seven seconds."

https://www.dropbox.com/referrals/NTg5MzczNTk

http://astore.amazon.co.uk/wwwx404couk-21


Wed Sep 28, 2011 10:25 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
steve74 wrote:
As long as you keep your Mac up to date then you *should* be protected from this. Apple updated the built-in malware/trojan detection in Snow Leopard and Lion yesterday (Tuesday) to guard against this and other threats, according to this article on MacWorld...

But the update doesn't cover the current Flash-Installer malware. Apple are also appauling at keeping their software patched.

Probably one of the reasons they've stopped bundling Java, it took them 18 months to release the last patch, after Sun had released the code to Apple and patched all other platforms.

There have been many cases of security holes in OS X going months unpatched, even though they had been reported to Apple. It was only after the researcher got fed up of being ignored and published the information about the flaw publicly, that Apple finally get around to patching.

It seems, every time there is a security threat, Apple bury their heads in the sand, hoping nobody will notice that there is a gaping hole, if Apple stays quiet. They then release a patch, once they start getting bad press.

Just look at the recent SSL Cert clusterf***! Google released a patch the same day, Firefox a day later, Microsoft 2 days later, Apple, after being pilloried in the press for being the only major browser maker not to have patched the whole, patched it over a week later!

This was for a cross platform exploit that was being actively exploited!

steve74 wrote:
http://www.macworld.co.uk/mac/news/index.cfm?newsid=3306358

...unless this is another one. In which case, Apple will again update its signatures database and push it out to all 10.6 and 10.7 users. What's the big deal here? It's a non-story really, as Apple have already acted to protect users from this haven't they?
:roll:

That they only release the updates when they want to, not when they have to, and they are not up to date!

steve74 wrote:
Of course, if you're running 10.5 or earlier (as I am, being a PowerPC user), then you've got to either rely on 3rd party software or your common sense. Don't get me wrong, I'm not complacent, but I see no reason to keep posting these little snipes - if us Mac users kept posting threads on Windows vulnerabilities, the die-hard Windows users here would be up in arms, and probably rightly so - not that most Mac users on here would do that.

I think, because of Apple's laissez faire attitude to protecting their customers, it is more important to inform Mac users of possible threats, so that they can protect themselves.

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246


Thu Sep 29, 2011 4:23 am
Profile ICQ
Legend
User avatar

Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
Reply with quote
Also patching software is not a sexy side of the business so Apple probably do not fund it adequately.

_________________
Do concentrate, 007...

"You are gifted. Mine is bordering on seven seconds."

https://www.dropbox.com/referrals/NTg5MzczNTk

http://astore.amazon.co.uk/wwwx404couk-21


Thu Sep 29, 2011 4:40 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 11 posts ] 

Who is online

Users browsing this forum: No registered users and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.