backtop


Print 88 comment(s) - last by overzealot.. on Mar 6 at 1:06 AM


The new Apple Trojan "BlackHoleRat" sneaks itself in through OS X users' open back doors. It is currently in "beta" and its capabilities are being expanded.  (Source: Sophos Labs)

One of its capabilities is to pop up fake administrator password request windows as a phishing attempt  (Source: Sophos Labs)

The trojan even delivers humorous messages to users in current form.  (Source: Sophos Labs)

  (Source: Chris Moncus)
Malicious program still appears to be in "beta" form, unlike its Windows counterpart

Security researchers at Sophos Labs have discovered a naughty new trojan that's in the process of beta testing attack capabilities against the growing population of Mac users.

The trojan exploits open back doors in OS X to gain a good deal of access to the system.  It can be transmitted through a variety of vectors, including torrent files or seemingly legitimate download programs.  It could also be, in the future, delivered via the exploitation of browser flaws to perform "drive by downloads".

Once inside, the Trojan gets down to business, allowing the attacker to have their way with their Apple victim.  The attacker can plant text files on the desktop, force URLs to open, run shell commands, and pop up fake password windows in a phishing attempt.

They can also force the users machine shutdown or reboot. When a reboot is forced an amusing message pops up, informing:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The virus is a port of darkComent, a remote access trojan for Windows.  The new OS X versions has been dubbed "OSX/MusMinim-A", or "MusMinim" for short, by Sophos.  Its creators, however, call it BlackHoleRat.

Sophos believes its creators will likely expand its functionality now that the concept has been proven.  It will likely be loaded with far nastier tricks in the future.

Despite its obscurity, Apple's poor security track record virtually ensures that Apple OS X users back doors will be open in years to come.  And increasingly they may find malicious individuals looking to poke and prod their way inside.

Still Apple has been quite quiet in its direction to users to get an anti-virus program.  To this day it still tries to portray Windows as "virus-laden" and OS X as virus-free.  As a result of this ostrich-in-the-sand attitude, some users may fall victim of unwanted backdoor intrusion.

Apple has yet to comment on its users' latest infection or hint at how widespread it might be.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

the truly important question then would be....
By marvdmartian on 2/28/2011 2:39:42 PM , Rating: 3
....do OS X users that suffer from this back door action at least get a reach around??




By morphologia on 2/28/2011 2:43:04 PM , Rating: 2
I'd think they're dreaming if they expected the courtesy of a tissue and cab fare.


RE: the truly important question then would be....
By Dean364 on 2/28/2011 2:56:39 PM , Rating: 5
If you didn't get one at the Apple store when you got screwed on your purchase I hightly doubt they'll start handing them out now.


By Mitch101 on 2/28/2011 3:33:41 PM , Rating: 4
The rainbow was removed from the logo some time ago I guess the free offer expired.


RE: the truly important question then would be....
By Motoman on 2/28/2011 3:06:18 PM , Rating: 5
They're far too tired for that anyway...having been thoroughly reamed by Apple for...well, forever.


By Pirks on 2/28/2011 4:01:03 PM , Rating: 2
They are not tired, they are intensively enjoying it, dumbo. Just look at Swash as a recent example :P


By Omega215D on 2/28/2011 5:43:58 PM , Rating: 3
Sgt. Hartman: I bet Apple is the type of company that would f*ck a person in the a$$ and not even have the goddamn common courtesy to give him a reach around! I'll be watching them!


By putergeek00 on 3/2/2011 4:06:52 PM , Rating: 3
quote:
....do OS X users that suffer from this back door action at least get a reach around??


STOP!!!! You're holding it wrong!!


Awaken the Blissfully Ignorant
By morphologia on 2/28/2011 2:41:05 PM , Rating: 4
Seriously, it gets to the point where Macolytes are religiously opposed to antivirus, because using antivirus is like publicly admitting that the Mac propaganda is wrong. And like religious groups, it'll probably take Apple a couple of centuries to admit their mistakes. Meanwhile, people will continue to ignore the problem even if they themselves fall victim to the vicious problem that they've steadfastly pretended didn't exist.




RE: Awaken the Blissfully Ignorant
By Tony Swash on 2/28/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By sprockkets on 2/28/2011 7:58:57 PM , Rating: 5
http://discussions.apple.com/thread.jspa?threadID=...

soooooooooooooooo,

where is that wide scale infection of vista or win7 devices?


RE: Awaken the Blissfully Ignorant
By themaster08 on 3/1/2011 3:51:41 AM , Rating: 4
Expect no response from Mr. Swash as he completely disregards the link you have posted, as he turns away stroking the back of his Mac, assuring it won't get any viruses.

I'm actually surprised that Apple have kept it on their support forums.


By struzzin20 on 3/1/2011 4:06:33 AM , Rating: 2
Nice

I just wish they would open up and tell us how much Apple is paying them to post on here!

Well Tony ?

*This message sent from a secure Windows 7 PC*


RE: Awaken the Blissfully Ignorant
By Tony Swash on 3/1/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By chick0n on 3/1/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By Tony Swash on 3/1/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By ClownPuncher on 3/1/2011 3:33:22 PM , Rating: 2
Do you have some form of retardation or something?


RE: Awaken the Blissfully Ignorant
By Tony Swash on 3/1/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By ClownPuncher on 3/1/2011 7:23:48 PM , Rating: 2
Because most malware was created for Windows. I think that is pretty clear.

If the amount of malware is what you hinge your OS purchase on, then go for it. People who run windows can just use MSE and not open links in spam email. It's pretty simple to keep your computer clean, and you no longer need to be a "guru".


RE: Awaken the Blissfully Ignorant
By Alexstarfire on 3/1/2011 7:51:27 PM , Rating: 2
I'd agree, but people in general seem to be stupid when it comes to the unfamiliar. That might seem odd to say considering computers have been around for so long, but to the vast majority of people they are still very unfamiliar with most things on a computer.

I've literally told people to their face to NOT do something just to watch them do it like 30 seconds later. I can't get more clear/direct than that. When most people use a computer it's like them having unprotected sex with a stranger even when a condom is sitting on the night stand. Sure, some of the time you might be ok, but just that one bad sex partner and it's all over.


By ClownPuncher on 3/2/2011 7:53:55 PM , Rating: 2
That is actually a good thing. People will either learn from their mistakes, or be doomed to fail. Life.


RE: Awaken the Blissfully Ignorant
By sprockkets on 3/1/2011 8:06:24 PM , Rating: 2
You asked:

quote:
Show-me-a-real-world-example-of-a-Mac-actually-gett ing-infected.


And I provided. So instead of changing the goal posts or some other bull sh it, admit you were wrong then shut the fu ck up.


RE: Awaken the Blissfully Ignorant
By Tony Swash on 3/2/11, Rating: -1
By sprockkets on 3/2/2011 4:47:47 PM , Rating: 2
quote:
You offer up a two year old forum thread containing exactly six comments. The only comment of substance in the thread is the opening one that says 'I clicked on a Goggle link and it didn't go where I expected'. There then follows five comments offering advice and some speculation about whether this might be Trojan related. And that's it!!!


Reading comprehension fail. And no, I won't tell you why you are wrong; you can figure that out for yourself.


RE: Awaken the Blissfully Ignorant
By leuNam on 3/3/2011 12:17:30 PM , Rating: 1
mark you in time, when OS X will be full of viruses it be named Tony...


RE: Awaken the Blissfully Ignorant
By Argon18 on 2/28/11, Rating: -1
RE: Awaken the Blissfully Ignorant
By bplewis24 on 3/1/2011 12:04:25 PM , Rating: 2
*facepalm*


RE: Awaken the Blissfully Ignorant
By KoolAidMan1 on 3/1/11, Rating: 0
By Alexstarfire on 3/1/2011 7:55:40 PM , Rating: 2
He certainly is correct, but I'm failing to see how this is less harmful to users. Any type of malware is bad, period. A virus and trojan are usually used for two separate purposes. They are both quite harmful in the end. Actually, a trojan could be far worse since usually all a virus can/is meant to do is make your computer useless and spread itself. A trojan could very well get your login and password to any account you use on that computer. That seems far worse to me.


By testerguy on 3/3/2011 4:11:03 AM , Rating: 2
Firstly - a Trojan CAN be a virus. It is possible to engineer a legitimate appearing malicious file which is also able to propagate (replicate and distribute) itself, thus satisfying both requirements.

Secondly - anti virus programs CAN and DO detect Trojan horses as well.

Thirdly - a Windows batch file is NOT a Trojan because it's clearly an executable, whereas a Trojan horse would masquerade as something else less dangerous.

Finally, a virus by definition does NOT have to be able to reproduce with no user intervention. For example, a user can intervene by removing a USB from one PC to another, thereby allowing the Virus to replicate. User intervention, and still a virus.

All of the above being said, and despite thinking that what you're arguing is a distinction without a difference in the real world (since whether it's a virus or a Trojan doesn't really matter much once your computer dies), what you write is largely correct.


By HomerTNachoCheese on 3/1/2011 8:57:29 AM , Rating: 1
Like Catholics and condoms, antivirus for a Mac is just wrong. (no offense to Catholics).


Beta?
By smackababy on 2/28/2011 2:43:47 PM , Rating: 2
How does one come across a beta testing of a trojan? Wouldn't releasing it to the wild, even in a beta version, make it easier to be detected and blocked?




RE: Beta?
By morphologia on 2/28/2011 2:46:40 PM , Rating: 3
I think it was the developers' open admission that it's under construction that indicated the beta status, and the implication is that it's nowhere near as insidious and difficult to stop as it will be later.


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By JasonMick (blog) on 2/28/2011 3:40:15 PM , Rating: 5
quote:
If I had to guess I'd say Sophos are behind the FUD to make a few bucks...


While I'd like to believe you are joking, if not I find it kinda incredible you believe a major antivirus firm would claim fake viruses for an operating system.

If that's the twisted logic you're going to try to use to somehow to defend your Apple superiority complex, good luck to you....

OS X isn't some magical operating system -- its ONLY real security advantage over Windows is because it is by and large pretty unpopular -- few people use it.


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By JasonMick (blog) on 2/28/2011 3:54:08 PM , Rating: 5
quote:
Why is that so incredible? In any case that is not what I am saying but since you are a great reporter who clearly went to great depth with this one (or just repeated what he read elsewhere without researching the background)


A) I never claimed to be great, but I appreciate your praise!
B) So I'm supposed to do my own security research in addition to reporting? Is it not legitimate to cite a professional report on a topic I'm reporting on? If that's your expectations, sorry to disappoint...

quote:
is it not possible that somebody had written this Trojan PoC and approached Sophos, who in turn broke the story to sell software?


rubbish.

quote:
Read elsewhere for an explanation as to why no virus has replicated on OS X yet, it's certainly not because the operating system is unpopular because to claim such a thing makes you laughable in your profession


Err that is precisely why it's not targeted. You don't find many pickpockets in Nome, Alaska.

And it may be "popular" among the small crowd that use it, but by and large most users don't prefer/like OS X for whatever reason (be it quality of hardware options, Apple's business behavior, gaming, software compatibility, etc.) as evidenced by their decision to pick Windows. Apple typically has had 5% market share or less.

But don't let me stop you from believing OS X is immune to viruses....


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By JasonMick (blog) on 2/28/2011 4:13:51 PM , Rating: 5
quote:
0MFG did you actually just type that? So as a reporter you just take it as read that what you are being told is entirely the truth and there is no possibility that there is ANY other angle or interpretation of this situation at all? Do you report or do you repeat press releases?


So when I report on a battery pack Tesla engineered for the Model S, I should have been in there engineering my own EV, huh?

quote:
You wont want my advice but I'm going to give it. Dump the tech and go report for a week in Libya. Gaddaffi is a professional head of state (he's been doing it long enough) and he'll be happy to give you LOADS of professional reports that you can share with the world.

I can guarantee you'll return a hero and black-gold tycoon.


FACEPALM.

Did you just compare Sophos Security researchers to a African dictator? Unreal...


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By omnicronx on 2/28/2011 6:14:21 PM , Rating: 5
Please buddy, take your conspiracy theories elsewhere..

You don't last long in the security firm business if your research does not hold true. Are you seriously surprised that what we knew all along is finally coming to fruition?

Every security expert in the world knows that Apple is only as secure as the size of its userbase. I.e they achieve security through obscurity.

There is no such thing as a completely secure system, which especially holds when connected to the web.


RE: Beta?
By B3an on 2/28/2011 11:16:55 PM , Rating: 4
I'd also like to add to your comment that it has been said by multiple security firms, and by hackers at hacking conventions, that OSX is less secure than windows.

I wouldn't be surprised if it was WAY less secure. MS have been fixing and patching security holes for so long and now have so much experience in it. Even when Apple do actually patch a hole, they have sometimes taken up to a year to do it, sometimes it never gets done. And when they do actually patch a hole it's hard to find anything from them that mentions they have done it because that would be admitting there precious OS has problems.


RE: Beta?
By wordsworm on 2/28/11, Rating: -1
RE: Beta?
By tamalero on 3/1/2011 2:02:54 PM , Rating: 2
could be developed to have a similar functionality of the good old Netbus.


why?
By sprockkets on 2/28/2011 3:12:15 PM , Rating: 5
Why oh why would anyone want to hurt apple users? Aren't they just the most happy blissful bunch, riding steve's unicorns on his cupertino powered rainbows? Why would anyone want to destroy such a peaceful bunch of fellows? What did they ever do to them to get such malware?




RE: why?
By InfinityzeN on 2/28/2011 3:20:03 PM , Rating: 5
Would the fact that their a bunch of iSheep who have a large disposable income (their buying Apple products after all) and little security sense (again, their buying Apple products) help any?

Come on, if I was going to write a virus to try to make money, OSX would have been my first target. Most of its users fit the best target point of Have Money/Not Tech Savvy. They are your best bet for stealing bank information and identity theft.


RE: why?
By sprockkets on 2/28/11, Rating: -1
RE: why?
By InfinityzeN on 3/1/2011 10:48:05 AM , Rating: 2
Oh I know that, but it was also the perfect lead in to my post.


RE: why?
By Alexstarfire on 2/28/2011 8:17:53 PM , Rating: 2
Phishing sites affect everyone on the internet and they are far easier to make.


So...
By jharper12 on 2/28/2011 4:35:00 PM , Rating: 3
Someone creates malware for OSX, and at least one Apple fan gets his/her panties in a bunch over it. That's a surprise. Apple is still at less than 6% market share, so you may want to just acknowledge the fact now, that everything can and will be hacked eventually, rather than having an aneurysm if/when Apple crosses the 10% market share threshold and become an interesting plaything for the devious and evil coders of the world.




RE: So...
By Tony Swash on 3/1/11, Rating: -1
RE: So...
By themaster08 on 3/2/2011 5:43:26 AM , Rating: 2
quote:
Apple retakes World's Biggest Computer Maker Crown after 3 decades - with power of iPhone, iPad and Touch
Apple retakes world's biggest computer maker crown.... with power of devices that are not computers. LOL!

Exchange the word computer with consumer electronics and the title would actually make sense.


RE: So...
By Tony Swash on 3/2/11, Rating: -1
RE: So...
By testerguy on 3/3/2011 4:33:31 AM , Rating: 1
ACTUALLY, (you pedantic fool), a computer is simply a machine which can be programmed.

So, TECHNICALLY, IPhone, IPad and ITouch ARE all computers.

Does that make 'SENSE' for you? It is pretty obvious too, btw.


RE: So...
By overzealot on 3/6/2011 1:06:48 AM , Rating: 2
If we're going to include all "machines that can be programmed" as you say it, might as well list Haier as one of the largest computer manufacturers since most of their whitegoods "can be programmed", and contain as much processing power as early computers.
Or we could just go by the methodology of the linked page, which explicitly states classic mainframes, desktop and laptop PCs and servers, and newer smaller comptuers, the netbooks, tablet PCs like the iPad, and the smartphones and pocket pc's.

I think that would be obvious, but I'm a pedantic fool too.


new meme in the making?
By JakLee on 2/28/2011 6:49:46 PM , Rating: 4
quote:
some users may fall victim of unwanted backdoor intrusion

Now we get to see Suprise Butt Sex - the apple edition!




This headline is great
By cditty on 2/28/2011 7:59:41 PM , Rating: 4
This is the funniest news headline I have ever seen on here.




By Nutzo on 3/1/2011 1:40:43 AM , Rating: 2
With so many systems moving to a more secure windows 7, plus the good quality free virus programs, it was only a matter of time before the small MAC market started looking like a better option.

Apple has been slow to patch exploits, and most users don't even run an anti-virus program, so most are open targets.




so funny
By kleinma on 3/1/2011 2:53:23 AM , Rating: 2
Based on the comments from mac users here, it would seem they are perfectly happy to keep those heads in the sand. When they get a drive by virus on their own screens mocking them, they will have no one to blame but themselves, and maybe SJ for making them think OSX was actually secure in the first place.




Wut?
By Penti on 3/1/2011 5:08:21 AM , Rating: 2
There is no back door really, what are you on about, it uses no exploits what so ever. If you install a VNC-server where I know the password I can takeover your computer no matter what OS your using. He simply wrote a poor remote control app. It's not a trojan until it's sneaked onto computers to take them over remotely. Looking like other apps. The concept of claiming that this is a virus is just bull. It's not something that automatically spreads to computers. Fishing attempts is of course possible on the Mac too. The only exploit they need to use is stupidity. It's not a worm with a trojan. An A/V only protects against known threats. OS X built in malware protection can be update for this without years of delay though. It's just a plist that needs to be updated.

There actually has been real trojans embedded in OS X software in real life before. It's nothing new here. Apple fully knows they have no protection against software with embedded trojans. It would be stupid and frankly retarded to contemplate any thing else.




Haha
By NellyFromMA on 3/1/2011 9:36:00 AM , Rating: 2
Doesn't Apple regulate the entire internet to ensure its users only get the best version?




Sophos AV
By blueeyesm on 3/1/2011 12:27:51 PM , Rating: 2
Now that Sophos has found it, who also has a free AV scanner for Mac users, the big question is:

Did they actually plug the backdoor with their app, or just announce they found it?




Fake
By Performance Fanboi on 3/1/2011 2:47:45 PM , Rating: 2
Can't get in the backdoor - Steve's already there.




Good Ol Safari
By bfellow on 3/2/2011 11:04:01 AM , Rating: 2
When they mentioned browser, I remember Apple's Safari Browser being hacked the quickest in that annual hacking competition. It is the most unsecure of the 5 major browsers. IE is even more secure than that.

Anyway, Apple has more security vulnerabilities and they don't even do Microsoft's monthly security patching.




Nice
By MeesterNid on 2/28/11, Rating: 0
Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By InfinityzeN on 2/28/2011 3:21:24 PM , Rating: 2
You fail to realise that most Apple users to not have much attention to detail here, since a Mac never gets a virus.


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By damianrobertjones on 2/28/2011 4:25:26 PM , Rating: 2
I resent and will never agree with this comment and even mentioning it (even though you put 'not always) makes my blood boil.

"B) Mac owners are often (not always) at the wealthier end of the spectrum and are therefore more lucrative targets."

In the UK you have people on the dole, thousands of them with macs and they are poor (in a fashion). This MYTH needs to go away, quickly.


RE: Wut?
By testerguy on 3/3/2011 4:20:27 AM , Rating: 2
Oh wake up, it's common knowledge that macs are certainly not at the budget end of the spectrum and therefore clearly not the mainstream option for cheap computers.

Take the Macbook Air, for example. Costs, what 1,000 GBP? Compare that an Acer 15 inch brick which costs 300 GBP. Only people who can afford to spend that kind of money will buy the Macbook Air, and that will (more often than not) be people with more money in general. Same applies to the iPhone, which is an expensive option, phone wise.

What you're saying is the equivalent of saying you resent the claim that Rolls Royces are purchased mostly by wealthy people.


RE: Wut?
By Alexstarfire on 2/28/2011 8:32:13 PM , Rating: 1
B) You don't need viruses/malware/trojans/etc to get people's money. Social engineering works on any platform and is a lot easier to do these days. Sure, trojans are probably far more effective on an individual basis for getting the pertinent information, but phishing can hit anyone and everyone. I don't think it'd be effective on me because not only am I aware that it's possible, but all the stuff I use for my passwords and security questions isn't stuff that you're just going to find on some social networking site. I make sure that at least 1 question is something that only I would know, and that can be hard since so many sites give you a set list to choose from.


RE: Wut?
By Shadowself on 2/28/11, Rating: -1
RE: Wut?
By JasonMick (blog) on 2/28/2011 3:36:01 PM , Rating: 5
Ah, denialism at its finest.

quote:
He even states, "The virus is a port of darkComent, a remote access trojan for Windows."...Seems Jason will never get this straight. And he's done a nice job of glossing over the fac that this trojan (darkComent) has been out on the Window side for quite some time!


Curious, you state that I explained this and then you proceed to say I glossed over it. It appears a reading comprehension deficit is at play.

As for the actual accuracy of the text, I feel it is quite accurate, despite your personally motivated attempts to redirect the attention back to Windows.

quote:
So this trojan is now a "virus", eh?


There's different definitions of what a computer "virus" is, but in a broad sense it's a malicious program that installs itself and performs unwanted functions on your machine.

So in a broad sense yes this is a virus, and yes it is on Macs. Glad I could clear that up for you.

quote:
It's just Jason doing his thing claiming a virus exists for OS X.


THERE ARE viruses that affect OS X. Sorry to burst your magical distortion field bubble.

This trojan clearly has the potential to do a lot of damage, once completed... and that shouldn't be too hard to do, given that the Windows one is already finished.


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By JasonMick (blog) on 2/28/2011 3:47:36 PM , Rating: 5
You're arguing semantics here. This is clear OS X malware, and it clearly could become what your definition of a virus is.

quote:
Can you link us a single article relating to a virus in the wild on Mac OS Jason? Much better if you can find one that has done real damage...


To save you the trouble of looking up articles on Mac OS viruses/worms/trojans, etc.:

http://lmgtfy.com/?q=os+x+viruses

http://www.dailytech.com/New+Trojan+Virus+Attacks+...

http://www.dailytech.com/Apple+Gets+Its+Own+Trojan...

http://www.dailytech.com/Malware+Hits+OS+X+No+Majo...


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By JasonMick (blog) on 2/28/2011 4:07:13 PM , Rating: 5
I'll ignore your insults and try to nicely help you out.

quote:
If you can find a single one (no more DailyShit links please) I'll retract everything I have said (publicly) and tattoo your RSS feed URL on my chubby, I am THAT confident you can't do it.


http://www.networkworld.com/news/2009/041709-first...

...Please don't do the tattoo, though...

But I did want to just say I can tell the subject of an Apple computer getting infected by viruses and trojans like a Windows one is a very sensitive one for you. That must have been very tough reading this. I'm so sorry...


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By Iaiken on 2/28/2011 5:02:51 PM , Rating: 5
We were playing with this on a mac at work today and you seem to not understand it's capabilities.

It can do all of the following WITHOUT need of the administrative password:

- Remote execution of shell commands
- Create text or other script files remotely
- Send data to a remote server

- Open up a web page from safari
- Send a message to the victims screen
- Perform shutdown, restart and sleep operations

The bold items above are cause for concern since I could essentially send script files to your PC that create opportunities for any manner of exploit. The 'Finder' dialog example is one such example of just what you can do.

Once this is better fleshed out it will become more sophisticated as the payloads increase in size and complexity. The best attacks will be ones that mimic authentic dialog boxes at appropriate times. This is not hard to do since you can see which programs are running even without administrative rights.

All you need to do is something like this:

quote:
#!/bin/sh
PIDS=`ps ax | grep 'updatedb\|find' | grep -v grep | sort | awk
'{print $1}' | perl -ne 'chomp;print "$_ "'`
if [ "$PIDS" ]
then kill $PIDS
fi


This will try to kill the updatedb script which will prompt for an administrative password. You then immediately follow it up with a prompt saying "oopsie, the service has failed" and that you need to type in your administrative password to restart it.

And this is just the first one I could think up off the top of my head.


RE: Wut?
By testerguy on 3/3/2011 4:39:50 AM , Rating: 2
Are you saying you were able to install this an run dangerous shell commands remotely on the machine without ever entering your Administrator password?


RE: Wut?
By StraightCashHomey on 2/28/11, Rating: 0
RE: Wut?
By KoolAidMan1 on 3/1/2011 6:51:42 AM , Rating: 2
quote:
You're arguing semantics here. This is clear OS X malware, and it clearly could become what your definition of a virus is.


It is malware, but there are many kinds of malware. The term "virus" is erroneously used for types of malware that aren't necessarily viruses. What distinguishes a virus from a trojan is that a virus is self-replicating and self-propagating.

A virus is infectious malware. A trojan on the other hand is based around concealment, which in most cases is a malicious program that invites a user to run it. Any operating system is susceptible to a trojan. There will always be the opportunity for harmful software to fool a user into executing it. Modern operating system requiring users to elevate to admin/root is a huge step in the right direction, but nothing can stop someone from ignoring a UAC prompt or typing in their admin password even though they shouldn't.

You are arguing that this trojan is a virus, when I don't see evidence that this piece of malware fits the strict definition of what a virus is. If you want to use "virus" interchangeably with any kind of malware, be they trojans, rootkits, whatever, fine, but it is technically incorrect.


RE: Wut?
By omnicronx on 2/28/2011 6:24:01 PM , Rating: 2
A computer virus now has multiple accepted terms, traditionally you would be correct, unfortunately the term has seen widespread usage in other areas such as malware, trojans, spyware etc.

Its now an accepted generic term, get over it..

http://www.microsoft.com/security/pc-security/viru...

As for viruses in the wild, there have been multiple and clearly not even a fraction of that found on windows, but they do exist.

http://news.techworld.com/security/5392/worlds-fir...

http://www.theregister.co.uk/2007/10/31/in_the_wil...

http://www.theregister.co.uk/2009/01/22/mac_trojan...

Furthermore if they did not exist, then why did Apple sneak anti malware blacklist tools into SL?


RE: Wut?
By KoolAidMan1 on 3/1/2011 7:02:48 AM , Rating: 2
Apple used to bundle anti-malware into .Mac subscriptions. Those went away when it became MobileMe, but they still sell anti-malware software packages at their own Apple Stores.

I don't think anyone sane denies that malware is out there. Apple certainly doesn't deny it based on the fact that they sell the software themselves. Braindead fanboys will deny it, sure, but there is no such thing as a completely secure piece of software.

Whether or not it is a credible threat is a different story though. Do you know what the biggest victim of malware was outside of Windows XP? MacOS 8 and 9.

There were far fewer MacOS users than OS X users now, yet it had way more issues with viruses. Yes, there is malware out there for OS X, but the UNIX base of OS X has done a lot to keep it safe, even if it has been poorly curated compared to Windows (which has to be vigilant, being such a giant target). I'm not freaked out over the prospect of viruses in Windows 7, it is really secure and there is elevating of user rights, etc, but I still keep NOD32 running just in case.

These stories regarding security on OS X have been running for over a decade, and I still wait for some crazy botnet that turns the millions of Macs out there into zombies that self-propagate their sickness to every other Mac out there, but it has yet to happen. Practically speaking, it still isn't an issue, and I don't know if it ever will be.


RE: Wut?
By testerguy on 3/3/2011 4:24:39 AM , Rating: 2
'Whether or not it is a credible threat is a different story though. Do you know what the biggest victim of malware was outside of Windows XP? MacOS 8 and 9.'

Sorry, where's your source for that claim?


RE: Wut?
By Akrovah on 2/28/2011 7:00:44 PM , Rating: 1
quote:
It's all centred around tricking the user and no anti-virus will ever protect systems against that.


Actually a well made anti-Virus program will detect and remove this kind of thing BEFORE it has a chance to try and trick the user. The fact that it is not getting removed from the system at all shows a deficiency in the system security.

I've had things like this try and get into my system, and MSE blocks it and warns me about it before it even gets a chance to give me a fake pop-up asking for an admin password.


"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki