backtop


Print 45 comment(s) - last by matty123.. on Nov 7 at 8:49 PM

It just works -- except when you're infected

Apple, Inc. (AAPL) has long maligned the Windows PC as being virus laden, while promoting its own Mac computers as being immune to such evils.  But despite this "It just works" publicity campaign, recent OS X malware [1][2][3][4] has forced Apple onto the defensive, silently rolling out tools to remove malicious programs from users' computers.

I. Malware Enslaves Unwitting Mac Users' GPUs

Now another piece of malware has struck unsuspecting Mac owners.  The new multiplatform trojan, reported in the wild by security firms Sophos Security and Intego, is much more sophisticated than most of the past malware to hit the Mac platform.

The malicious program installs as part of infected torrent downloads from sites such as The Pirate Bay.  Thus far the malware has been primarily found to be piggybacking on pirated copies of the image editing app GraphicConverter version 7.4 (whose authors are not involved in the screen and do not approve of the pirating in the first place).  The onboard malware is officially known in security circles as OSX/Miner-D, and is nicknamed the "DevilRobber".

Mac torrent client
Mac torrenters may find themselves the victim of a clever new trojan -- as usual Apple remains silent on the issue. [Source: iQuid]

Once installed on the victim's machine, the malware opens a back-door to the OS X system, allow remote command-and-control.  It also monitors your computer, attempting to steal personal information like credit cards.  

OS X miner installed
The malware targets multiple platforms -- including the Mac. [Source: Intego]

To do this it takes screenshots.  It also periodically dumps confidential information from various applications -- such as truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history -- into the creatively named file dump.txt.  It also records your username and passwords via monitoring using a proxy server (on port 34522 in the most common variant, but likely to change).

But its biggest target is the crypto-currency "bitcoins".
 
malware code
The DevilRobber trojan uses screen captures to steal your password and private information. [Source: Sophos]

Bitcoins are a nation agnostic cyber-currency, beloved by hackers, internet aficionados, and libertarians (among others).  In order to seed the initial distribution of "wealth" on the market, people can use computing resources to "mine" Bitcoins, via clients.

The key part of DevilRobber is a Bitcoin mining Java program which the core trojan executes.  The trojan enslaves the target's GPU to harvest Bitcoins.  Due to the hard-to-trace nature of the cryptocurrency, the malware's authors can successfully obfuscate their identity and safeguard their profits.

The mining program is often how the infection is first noticed, as it makes the system respond sluggishly, given the load it places on the GPU.

As a secondary tactic, the core trojan also attempts to access any unencrypted Bitcoin wallets it can find.  It is unknown whether it contains code to access encrypted wallets, but it is reasonable to assume that future updates could deliver the ability to "crack" weakly encrypted wallet files.  Compromised wallets transfer their Bitcoin riches to the attacker.

Curiously, the trojan also deletes any files leading pthc.  This acronym is associated in internet forums with the phrase "pre-teen hardcore pornograph", aka child porn.  It almost appears that the trojan writers have attempted to do a bit of good amid all the evil they have created.

II. Lessons Learned

The new attack illustrates some of the issues surrounding both Apple computers and Bitcoins.

Bitcoin ButtonBitcoin badges
[Sources: Bitcoin Forum (left); Nerd Merit Badges (right)]

For Apple, it's yet another indication that company's public effort to feign ignorance on malware is harming customers.  While tech-savvy Mac users understand their platforms are just as susceptible to infections as PCs, in theory if not in practice, less tech-savvy users often believe their Mac is magically immune to infection.  This belief is perpetuated by Apple's advertisements and the company's technicians, which were revealed to be under orders to lie to customers -- feigning ignorance of infections.  This approach has led to at least some of Apple's customers being victimized by the hacking community. 

This situation is only likely to get worse, as Apple refuses to publicly acknowledge the danger, as Microsoft has, for risk of losing its "it just works" public image.  But currently in third place in computer sales by vendor, and with what some hackers say are weaker protections than Windows 7, interest in malicious Mac hacking is trending upwards.

As for Bitcoins, the cryptocurrency holds great promise, as it is formulated to prevent local government corruption, double spending, inflation, and ineffectual government monetary regulation.  However, the Bitcoin market has been dealt a series of setbacks, both via the entrance of cybercriminals as large-scale miners, and from account breaches.  

With Bitcoin's largest exchange recently hacked, the currency's proponents have raced to safeguard their brainchild.  More work clearly needs to be done to exclude cybercriminal miners, or Bitcoin risks being intimately associated with illegality.

Sources: Intego, Sophos Security



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Inconceivable!
By Denigrate on 11/1/2011 11:27:23 AM , Rating: 5
How could this happen in the magical Apple World?




RE: Inconceivable!
By corduroygt on 11/1/2011 11:43:40 AM , Rating: 3
Because you're using it wrong!


RE: Inconceivable!
By Shig on 11/1/2011 1:33:28 PM , Rating: 2
GENIUSES, go!


RE: Inconceivable!
By AnnihilatorX on 11/1/2011 2:40:27 PM , Rating: 4
Downloading pirated stuff without checking for viruses is definitely 'using it wrong' category ;)


RE: Inconceivable!
By Alexvrb on 11/1/2011 10:25:48 PM , Rating: 3
I would argue that they're using Macs exactly as intended.

Most PCs have AV running at all times, checking everything you touch. Most Macs don't have AV at all. Kind of hard to check it for a virus if you don't have AV (and in fact think Macs don't get viruses). Apple isn't exactly going out of their way to arm Mac users with constant security updates and free AV the way MS does. In fact they try to sweep such matters under the rug so people continue to believe that Macs are "safer" etc.

With that said, yes, when you download questionable material, you are asking for trouble.


RE: Inconceivable!
By Gio6518 on 11/1/2011 3:39:19 PM , Rating: 4
Steve isn't around anymore to magically wave his hand and say it doesn't exist....


RE: Inconceivable!
By Natch on 11/2/2011 8:09:45 AM , Rating: 2
I guess that, even in a world full of gum drops and magical fairy dust, you can still find yourself stepping in dog shit.

Not to worry. I'm sure the fruity ones will come out with a software patch, call it an updated OS, and only charge $10 for you to install it on your machines, all the while denying the existance of any problem and crowing about the improved performance you will get from your machines, which are technologically superior in every way.


RE: Inconceivable!
By fteoath64 on 11/6/2011 12:23:03 AM , Rating: 2
Because you have a government who uses paid shills to attack Bitcoin as it constitute a threat to their corrupt system.

Why would any sane person (even a lowly hacker) want to hack anything that is worth very little when there are far more profitable and easier target to hit ?.

BitCoin has been attacked by organised groups very often and you have to wonder who those people are and why are they doing it ?. Wonder long enough and the answer is clear.


LoLz
By bubbastrangelove on 11/1/2011 12:58:50 PM , Rating: 5
Bob, do you remember the other day we were discussing 'irony'?




It's simple....
By blankslate on 11/1/2011 2:01:49 PM , Rating: 3
...all Apple needs to do is make minor tweaks to the Reality Distortion Field so that affects the malware writers as well as the fanbois




RE: It's simple....
By JediJeb on 11/2/2011 10:10:28 AM , Rating: 2
It would take the full power of the TARDIS to generate a field big enough to make that effective.


Macs with GPUs
By sleepeeg3 on 11/2/2011 3:42:30 AM , Rating: 3
So this affects what... like 10 computers?




Say it isn't so!!!!!!!!!!
By masamasa on 11/1/2011 5:42:10 PM , Rating: 2
When asked about the Malware Steve Jobs commented....well, er nothing.




Apple Flat Earthers.
By dark matter on 11/1/2011 7:12:44 PM , Rating: 2
I'm actually waiting for the Apple Flat Earth brigade to come along and point out that actually, it's not Volcanoes that can wipe out the Apple ecosystem, as the Apple ecosystem doesn't have them, it's Asteroids.

Yeah, we get it, Apple doesn't get viruses, it gets trojans instead...

Doesn't make much difference as the end point is exactly the same, a burning scorched planet...




Bumpgate
By Spikesoldier on 11/1/2011 2:56:05 PM , Rating: 1
Would be hilarious if they mined on a bumpgate affected apple notebook and make it go kaput by stressing the little GPU.

Oh well they'll go buy another overpriced $2K P.O.S.




Same old crap
By Tony Swash on 11/1/11, Rating: -1
RE: Same old crap
By blankslate on 11/1/2011 2:26:58 PM , Rating: 3
If Apple paid more attention to people like Charlie Miller instead of having their browser just about always getting beat down first in those contests I'd pay less attention to events like this.

If Apple continues to follow the same protocols about malware that they have in the past I can only hope that the market share for their computers does not go up significantly.
That way malware writers don't target Apple computers any more than they are already.


RE: Same old crap
By Tony Swash on 11/1/11, Rating: -1
RE: Same old crap
By dark matter on 11/1/2011 7:17:19 PM , Rating: 2
You REALLY need a girlfriend.


RE: Same old crap
By blankslate on 11/1/2011 8:17:07 PM , Rating: 3
Yeah, Windows in the past was really bad at security. Lately however they've improved to the point where people are also turning to weaknesses in 3rd party applications to find ways to compromise the OS as well as attacking the OS directly.

I know it probably galls you to have this shoved in your face but recently Microsoft has gotten better at securing their OS to the point where they are surpassing the relatively lax and complacent practices of Apple
For example they implemented Address Space Layout Randomization for Vista and later Win 7 before Apple made it available for OS X.

Apple also has had the benefit of having their OS ignored in the past due to a relatively low market share by writers of Malware.

This is not the case anymore.

Read the 4th paragraph of this article.

http://arstechnica.com/apple/news/2011/05/apple-ac...

Apple ignored initially ignored an instance of malware that infected a fair amount of their computers and also instructed employees not to even acknowledge it. When they grow in market share that kind of bullshite will be unacceptable.

While people who don't have the time or inclination to become educated about how they can protect themselves from malware or just have their heads in the sand (like you) will probably not change their opinions about OS X and the need to secure it; perception and reality are not always the same thing. In this instance you are being willfully ignorant and allowing your false perceptions of Apple to obscure the facts.


RE: Same old crap
By Gio6518 on 11/1/2011 4:20:44 PM , Rating: 4
And how is this any different then how MAC users spread rumors about windows viruses, I've never had a windows virus, don't know anyone that has gotten one since vista, or even heard of any major outbreak, in years...

Reality is MAC users are more vulnerable to malware than Windows users due to the fact that they are under the false assumption that they are safe and do not need malware protection...The biggest downfall of Windows users in this catagory is that the unknowledgeable user, buys a PC which usually comes with a trial antivirus and assume that will work for life and not just the 30,60,or 90 days that the trial is good for...


RE: Same old crap
By Tony Swash on 11/1/11, Rating: -1
RE: Same old crap
By blankslate on 11/1/2011 8:22:14 PM , Rating: 2
quote:
Windows and Macs security reputations are both richly deserved.


You are proof positive that the RDF exists.

Just because no one bothered to try shooting your OS until recently doesn't mean it is bullet proof.

Windows has become harder to compromise than it was before.

Quit living in the past.


RE: Same old crap
By Gio6518 on 11/2/2011 3:34:40 AM , Rating: 3
quote:
Windows and Macs security reputations are both richly deserved.


In the last couple years the majority of attacks have been to OS10...lets take a look at the lastest 10 Windows vulnerabilities

quote:
Apple is advising Windows users to update their systems following the release of a patch for the QuickTime media player tool. Ten of the flaws could be targeted by way of a maliciously crafted PICT or FlashPix movie file to cause an application crash and allow remote code execution.

The update also fixes a cross-site scripting flaw which could allow an attacker to insert code into an HTML file, and a vulnerability which could allow an attacker to view a user's memory contents by way of malformed movie file
The company said in a security advisory that QuickTime 7.7.1 addresses 12 vulnerabilities in the Windows version of the platform, but does not affect Mac OS X users.
Apple urged Windows users to install the 7.7.1 update, which can be obtained through the Apple Software Update utility or manually downloaded from the Apple support site. The update supports Windows versions from XP to Windows 7.

So in other words the flaws in Windows comes from using Apple software..


RE: Same old crap
By its tom hanks on 11/3/11, Rating: -1
RE: Same old crap
By karlostomy on 11/1/2011 11:16:10 PM , Rating: 1
Here, let me fix that for ya, Tony...

Same old crap.

A security firm 'discovers' a new malware threat to Macs, usually a trojan. The Tony Swash goes ape shit, a minority of aware Apple defenders piss their pants with fright. Relevant and factual data is released about actual infections and the new threat is reported in the media as it is a major problem in the real world that does affect Mac users. Time passes. Not a lot of time, a week or two. The story fades, as the majority of Mac fans delude themselves into thinking this has no effect on their machine. A few weeks later Tony Swash writes a wall of text about how it turned out that no mac users are aware of a real world Mac malware event, mistakenly assuming the usual Mac fan ignorance automatically means there is no problem. Later still the original story, the one about the Trojan that infected Mac machines but did not get reported because most mac users do not understand what is going on, get's used in a forum comment by some switched on tech savvy user (or Windows fan - they do tend to be) to prove that 'Macs are just as insecure as Windows - worse even!!'

Time passes.

A security firm 'discovers' a new malware threat to Macs, usually a trojan. The Tony Swash goes ape shit, a minority of aware Apple defenders piss their pants with fright. Relevant and factual data is released about actual infections...

Insanity: doing the same thing over and over again and expecting different results.
- Albert Einstein

No need to thank me, Tony.


RE: Same old crap
By DJ Brandon on 11/2/2011 1:06:40 AM , Rating: 2
Insanity: doing the same thing over and over again and expecting different results.
- Albert Einstein


Internet's definition of a typical blind running AppleFanBoi - Tony Swash

Brandon


RE: Same old crap
By Cheesew1z69 on 11/2/2011 10:46:19 AM , Rating: 2
quote:
Insanity: doing the same thing over and over again and expecting different results.
Like I said, that fits you to a T.


Same old...
By messele on 11/1/11, Rating: -1
RE: Same old...
By kattanna on 11/1/11, Rating: -1
RE: Same old...
By borismkv on 11/1/2011 12:12:50 PM , Rating: 2
People are always the weak link. There are two general rules involving system security:
1. You can control the system, but all you can do is train people.
2. If an unauthorized user gains physical access, you're screwed.
What I wish I could append to those rules:
3. If an idiot gains physical access and screws things up, apply a hammer directly to their forehead.


RE: Same old...
By kleinma on 11/1/2011 11:49:21 AM , Rating: 2
fanboy much?


RE: Same old...
By MistaP on 11/1/2011 11:59:28 AM , Rating: 5
I don't get the need to defend Apple so blindly. Do people make money off of defending Apple so fanatically? If so where do I sign up?

The article basically states that, "Hey there is a new flaw found in Apple systems being exploited and here is what it does." It also touches on how this is a growing occurance as the systems become more and more mainstream, and then points out the company's less than honest tactics to not acknowledge this and keep the image they have previously marketed.

Nothing fictional there so we start splitting hairs over wording?

One word. Fanatical.


RE: Same old...
By Helbore on 11/1/2011 1:39:19 PM , Rating: 2
You'd think Apple customers would be pleased that this information is getting reported, wouldn't you? I mean, otherwise they would remain ignorant of potential infections to their computers. Surely it is of benefit to the consumer to know of risks in products they use.

Some Apple fans are so blinkered, tohugh that it would seem they would rather run a machine covered in trojans that steal their personal data and withdraw money from their bank accounts, than admit that Apple don't make magic boxes.

Still, they buy Apple products, so I suppose they're used to being ripped off. (note to Apple fans, this is called a joke. Please do not take it as a personal attack on your virility. No personal insult is intended.)


RE: Same old...
By borismkv on 11/1/2011 12:09:29 PM , Rating: 3
Actually, there are very very few traditional Viruses running in the wild these days (using the definition of a self-replicating piece of software). The vast majority of security breaches involve Trojans and the like. But since you're complaining about terminology, Apple fanbois like to point out that there are *MILLIONS* of "Viruses" on PCs. In this sense they are using Virus as an all encompassing term for any type of malware, trojans, rootkits, spyware, etc. But when the same all encompassing term is applied to Apples, we get the opposite.

Also:
quote:
If you KNOWINGLY install a piece of software from KNOWINGLY dubious sources it is neither:


Using this statement, there is no reason to believe that the OS is at fault for *any* type of malicious software download. Because there are precious few viruses (using the all encompassing form of the word) that are distributed through legitimate means.


RE: Same old...
By SoCalBoomer on 11/1/2011 2:14:42 PM , Rating: 1
quote:
If you KNOWINGLY install a piece of software from KNOWINGLY dubious sources it is neither:


Except that this is NOT installed this way - it's installed via an infected torrent file. Read the article and the report from Sophos.


RE: Same old...
By Fritzr on 11/1/2011 6:06:30 PM , Rating: 2
Trojan: Malware disguised as a benign or beneficial program. Often included as an undocumented "Bonus Feature" of an otherwise useful program.

This attack is being distributed as part of a popular image editor. True the acquisition of the unlicensed torrent is illegal, but the downloader KNOWINGLY installs the image editor with it's "Bonus Feature" and KNOWINGLY obtains it from a dubious source. (Torrents are indexes and do not normally do malware detection before adding a torrent)

It is installed in exactly the way the quote describes. True the installer is unaware of the "Bonus Feature" but that is the reason for the Trojan label. Troy was not notified in advance that the gift horse would include a delegation from the besieging army :D


RE: Same old...
By Tony Swash on 11/2/11, Rating: -1
You've lost me, DailyTech
By Tafter on 11/2/11, Rating: -1
RE: You've lost me, DailyTech
By Tafter on 11/2/11, Rating: -1
RE: You've lost me, DailyTech
By matty123 on 11/2/2011 7:13:51 PM , Rating: 3
Wow dude hate much!!

Don't know where you are going to go for your ""unbaised news"" since almost every site is reporting the same thing

http://www.zdnet.co.uk/news/security-threats/2011/...
http://nakedsecurity.sophos.com/2011/10/29/devilro...
http://news.cnet.com/8301-1009_3-20128065-83/devil...

You really can't blame the journalist for reporting the news just because YOU don't like it, I reckon a lot of people will find this newsworthy.


RE: You've lost me, DailyTech
By Tafter on 11/7/2011 7:26:14 PM , Rating: 2
I really wish I closed the browser window this was in instead of refreshing.

The link you provided actually proves my point: that article is indeed a decent example of unbiased journalism. It states the facts, gives helpful advice and avoids sensational ledes and editorial. This isn't about what is reported, it is about how it is reported. If you read both stories and don't see severe stylistic differences, you aren't even trying to be fair.

This isn't hard, folks. Just try a little objectivity now and again, won't you? Not everything has to be us vs. them, my tool vs. your tool. Jason Mick is playing to the very worst, most base of human behavior and doing it for the worst possible reason: clicks (aka ad money). Please stop playing right into his hand.


RE: You've lost me, DailyTech
By matty123 on 11/7/2011 7:45:51 PM , Rating: 2
I do find {Note} stylistic differences granted but in other words all your saying is that you don't like the author's style, which seems almost absurd as everybody has a different style.

Note I am not condemming you and am relatively new to these forums but I havn't noted any bais in any of the author's posts except for apple fanbois who don't like article's that reflect negatively on any apple product in any way or form.

In fact after re-reading all three articels {links in older post} I find that they all have "severe stylistic differences" ecspecially between the ZdNet and CNET articles, note the CNET article doesn't note in it's header that's it's onlt macs that would suffer from this problem, but I don't see any of the articles as bad they all present the facts and give the same main points.


RE: You've lost me, DailyTech
By Tafter on 11/7/2011 8:19:44 PM , Rating: 2
Just open your mind up a little: you used the term "apple fanboi". Do you really think that fanbois for Windows, Android, or "insert your company or toy here" don't exist? Really?

Look at the comments on this thread. Look at how they mock apple, apple fans and Steve jobs death. Not convinced? Head over to MacRumors forums. Note how the contrarians there act like Tony Swash. Note how the arguments there play out almost in the exact opposite manner as they do here.

This isn't about specific technologies or their supposed superiority. We all pick favorites based on our personal preferences. It's when we take to the Internet and attack others for their choices that everything breaks down. It isn't about logic and reason, it's about taking down "the enemy."

Certain writers play to this natural tendency of humans. Jason Mick is one of those people. Go ahead: rationalize that apple sux, it's users are the worst fanbois and your choice is superior. But you are kidding yourself. Fanbois are fanbois. If you aren't willing to look at the fanbois on your side and see them in the same harsh light as your "enemies" you are part of the problem.


RE: You've lost me, DailyTech
By matty123 on 11/7/2011 8:49:34 PM , Rating: 2
While I do understand your point I use an iphone but I couldn't stand the absurd things some apple fans were throwing around so I did research and am now trying to correct people on where they go wrong.

Anyway I get what you are saying but I think you answer yourself in your post,

quote:
We all pick favorites based on our personal preferences.


Now I agree that some posters are as you would say "part of the problem" but I don't find that in the author's work, I find that most topics are good solid headlines that catch the eye and spark intresting debates about whatever the topic is.

Also I and I am sure many others larelgy read these forums for the comments and debates around the articels, now I won't lie nothing ruins it more than when a really crazy fanboi/phandroid comes along and spouts utter garbage and refuses to listen to any other points or faults in their logic {but this isn't the writer's fault} but the rest of it is good and at least I apperciate that it attracts intresting people to chat to.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki