backtop


Print 117 comment(s) - last by JKflipflop98.. on Nov 6 at 8:52 PM


Mac users are now at risky of getting a nasty virus.  (Source: Listmania)

If it you approve, you are a sad noob, and your Mac is infected.  (Source: Intego)
Mac: Hi PC, I'm not feeling so hot today... PC: Oh, I know ALL about that. I think you have a virus!

Security experts by and large agree that security via obscurity is not a wise model for protecting customers over the long term.  That's exactly the model Apple has employed successfully for some time now.  However, its luck finally appears to be running short.

Hot on the heels of a newly discovered iOS exploit that allows access to locked iPhones, new reports [1] [2] from security research firms 
SecureFirm and Intego reveals that a new trojan is targeting Mac users using a vulnerability in OS X's Java player.

According to the 
Intego report the new malware, trojan.osx.boonana.a, is really a reworked version of the Koobface malware, which has attacked Windows in the past.  The malware acts as a worm when it spreads and as a trojan when it is infecting your computer.

Users may encounter the worm via links posted on Facebook, MySpace, Twitter, and other websites.  When clicking the link, the applet attempts to run.  Users can stop the infection before it starts by denying the applet permission to run when OS X's Java player pops up a dialogue.

If they allow the applet to run, they may get another warning if they have a Mac antispyware program like VirusBarrier X6’s Anti-Spyware installed.  If they don't get the warning, or choose to disregard it, the applet will attempt to make a connection with a remote server and installs a rootkit, backdoor, command and control, and other elements.  These files are copied to an invisible folder -- .jnana -- in the user's home directory.

If the virus is allowed to carry out its infection process, the unsuspecting Mac user may find themselves part of a botnet.  When they log on social networks, the virus will post links to spread the infection.  It may also send spam e-mail via their logged-in accounts

Other variants of this virus target Windows and Linux, making it a rare true cross-platform virus.  All these viruses share the fact that they use the Java player as a route of attack.  According to 
Intego, other OS X-specific versions of the virus have shown up, but most are broken or try to connect to offline servers.

The malware could become potentially more dangerous in the future if it is able to eliminate the warnings from the Java player and/or change the name/location of the infection directory, making it hard for virus removal software to find it.

While it does not appear that this virus takes advantage of any unique flaws in Apple's version of Java, some security experts say that Apple's Java player may have more vulnerabilities than Window's.  That's because Apple makes its own Java player, which according to an e-mailreportedly attributed to Apple Chief Executive Steve Jobs, is always a version behind the official Linux/Windows builds from Sun and Oracle.

Apple is reportedly considering ditching its Java player in future versions of OS X, such as OS X 10.7 "Lion".  Similarly it's considering rejecting Flash, another multimedia web technology.  Ultimately these efforts may eliminate some routes of attack, but now that Apple is being targeted it must realize -- there is 
always a back door.

 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: More pleasing fantasies for the truly insecure
By Luticus on 10/28/2010 10:24:43 AM , Rating: 2
Funny, if this where the other way around and it were a windows article you'd pipe up in a heartbeat, just like you did on the botnet article earlier...

Point by point:

quote:
Its a Java exploit that is theoretically cross platform.
This does not take away from the fact that it's still a mac exploit.

quote:
there are no reports of any Mac or Mac user actually being compromised
Even if that were the case it doesn't matter, it's only a matter of time now. Do you seriously think a virus author is going to just "give up and go away"? No! They are going to continue to build the virus until it's effective, it's a constant war no matter what platform you happen to use. The fact that mac/apple devices can be jail broken is proof that they can be exploited. Something that can be exploited for good can also be exploited for evil.

quote:
security companies trying to frighten Mac users
Good, a false sense of security is a dumb way to live anyway. by the way, i could use a source for this.

quote:
in order to be theoretically comprised a Mac user would have to give permission
UAC on windows does exactally the same thing in a lot of cases. People are stupid and mac users are lulled into a false sense of security... Case n' point, your quote "Macs don't get exploited." Yes... yes they do, yes they can! Maybe not on the grand scale windows does (yet) but they get exploited. Just wait though, your time will come.

From your article:
quote:
A side note from Intego is that they claim the malware is 'broken' or downloads the wrong files
It might not be perfect yet but i'm sure it'll get there. "Downloads the wrong files" is a pretty easy fix. It's not like they have some huge security challenge!

And finally:
quote:
Apple is in the process of dumping Java and is well into the process of dumping Flash. Both are crap and both will not be missed.
I should be able to install whatever i want on my own computer. I will not be told what i can and can not install by jobs or anyone else. Doing away with java and flash is retarded and shouldn't be job's choice to make. If they don't want to put it on by default that's one thing but block me from installing it is insane!

That's apple for you: "OMG java has a hole that can let viruses in! I know, instead of working with oricle/sun and finding a fix we'll just be elitist douche bags and act like we're too good for them! Then we can continue not using resources too beef up security while at the same time still running with the false idea that our system is unhackable." If someone hacks iTunes are they going to kill that too?

Apple is a joke, and these days it just gets worse and worse...


RE: More pleasing fantasies for the truly insecure
By Tony Swash on 10/28/10, Rating: -1
By inighthawki on 10/28/2010 10:52:05 AM , Rating: 3
quote:
It's Windows that is the security disaster and not Mac.

lol, are you basing that off of anything? Or do you simply mean to say that since Windows was at one point insecure that it is just as, and always will be, insecure?

Try reading up on the latest news.
http://lifehacker.com/5518787/famous-hacker-calls-... / http://www.neowin.net/news/hacker-says-windows-is-...
http://www.tomshardware.com/news/hack-windows-secu...

Then we have articles like
http://www.eweek.com/c/a/Security/Why-Is-the-Mac-O...
where the author gives no evidence of the code in OSX being more secure than Windows, just false arguments like "OSX disables services that may allow for vulnerability", which I hope I don't have to explain how that is not better security.


RE: More pleasing fantasies for the truly insecure
By Tony Swash on 10/28/10, Rating: -1
By Luticus on 10/28/2010 12:09:59 PM , Rating: 2
I'm in the process of finding a test machine now that i can infect.


By inighthawki on 10/28/2010 12:16:57 PM , Rating: 2
So you're saying that some of the lead security experts who develop hacks for a living don't count as a valid reference? Wow, what are you expecting, a complete run down of each OSs source code and analysis by a dozen third parties?


By gamerk2 on 10/28/2010 12:31:35 PM , Rating: 3
Your statement is provablly false: My sisters Mac got infected.

Your argument also ignores the fact there are 10x the Windows PCs on the market; of COURSE they will have more PC's infected by some virus or another. Likewise, PC's, having the larger user base, is a far more tempting target for people creating viruses.

Now that Macs are gaining share, combined with their piss-poor anti-virus measures, you will see Macs get exploited far more. I'm saying this as a programmer who regularlly attends confrences where your precious platform is laid open for us to play with. Macs have about as much security today as Windows ME had when it released. The only difference is that the people who create viruses tend to ignore your platform. That doesn't make it safe.


By fsardis on 10/28/2010 1:05:57 PM , Rating: 3
http://www.theregister.co.uk/2010/10/28/adobe_read...

oh so much fun... this one is cross platform too and unpatched.
so if OSX is so superior, how come it is not immune?


RE: More pleasing fantasies for the truly insecure
By Akrovah on 10/28/2010 10:59:54 AM , Rating: 3
No Flash on the iPhone and iPad is LIMITATION, not a feature.

And no, no one is able to show you an actual example on an infected Mac because most of the people here are smart enough to avoid such things, however, as there are actually screen shots of this thing in effect, or at least the warnings that pop up when it tries to install (and you know some people are going to be stupid enough to click Yes. It will just happen, there is no sense denying it) I think it makes it pretty clear that it CAN and WILL happen.


By bakupon on 10/28/2010 11:05:02 AM , Rating: 2
maybe soon jobs will ban java for ios


RE: More pleasing fantasies for the truly insecure
By Luticus on 10/28/2010 11:37:27 AM , Rating: 3
quote:
show me an example of a single mac that has been compromised
Give me a little while and i'll get one infected just for you.

quote:
Windows that is the security disaster and not Mac
talk about a false sense of reality... Windows isn't perfect, we all get that... you apparently are having trouble understanding that neither is your candy coated mac!

quote:
You can install Flash and Java on your Mac
for now... but will it remain that way forever?

quote:
No Flash on the iPhone and iPad is feature not a bug.
i disagree. removing software from a device because your device can't handle it is not a feature. again i should have the choice to install it!

quote:
If you don't own Apple products why are you getting in a such a froth
i'm posting this from a macbook pro running osx 10.6.

quote:
if you do own Apple products I assume it's because you want to
Assuming didn't work out for you this time. The macbook is my work computer because we actually support about 150 of them along side our windows 7 support. I elected to assist in the mac side of the support because i and one of my coworkers know the most about them. Thus to help us support the platform we were giving macs with virtual machines for windows support. I still prefer windows in EVERY way and i live in my virtual environment because mac is WAY to confining and doesn't support simple things that i need and/or like.

quote:
Either way please stop whining.

You're mistaking my laughter for whining... My apologies, perhaps i should laugh louder so you can tell the difference.


By earlgpz750 on 10/28/2010 12:07:59 PM , Rating: 2
Wow - Fanboy -
To show an example of an infected Mac is like asking for every single Mac Owner to Come to one site and log yes or no if they have it.

Look there are reasons why an individual wouldnt show on a site that they are infected. Jobs will come knocking down the door or some how have that retracted.

Reality is , some people are not that smart and may not come forward with an infection 1) Cause they dont know 2) Dont know that they should report to THIS FORUM

Get over your self with MAC and realize the truth "If it is made by man, it can be broken by man"

That being said, no matter what you say that Mac is more secure is a matter of perspective not reality.

Sure Windows has its flaws, but there is no perfect software OS out there that will be flexible and user (non technical) friendly.

I have been an admin and support for many people so I have seen everyday users and understand thier concerns and seen their habits and usage.

Heres another thought: a Large US company gets their security punched though many layers before they ever shut it of and change connections. But they never advertise that? Why because its bad publicity. So why dont you ask all companies to tell you their security flaws instead of looking for 1 little MAC device?

Again in BOLD for you Tony and your reading pleasure "If it is made by man, it can be broken by man"

Also remember before Jobs kept saying Windows 95/98 should be an "OPEN PLATFORM" and give users the rights to install what they want. All of a sudden he is locking down his OS. Geez,so in one breath he says open system, now that his market share is growing and the false sense of security, he locks and says Yay or Nay to what can and cannot be installed or preloaded?

I own mac and windows lol ironiclly my Macbook Pro is my fastest WINDOWS7 system.

so judging from your remarks here on the forum, you are Job Cult follower and believe everything he says is truth. Mac Evangelistic marketing is fine for competition, but seriously; defending them is honorable outside the fact you think MAC is still Virus Proof.


RE: More pleasing fantasies for the truly insecure
By testerguy on 10/28/10, Rating: -1
By Luticus on 10/28/2010 12:44:22 PM , Rating: 3
quote:
Give ME a little while and I'll show you that you still haven#t got one infected
working on it... i'll let you know when/if it gets infected and the steps to remove it. Just gotta find a test machine that i can image. I'll probably get it done after work if my "workload" permits.

quote:
Nobody is claiming OSX is perfect.
HAH, talk to tony and many more like him/her for about 5 seconds....

quote:
The simply fact is that it's more secure than Windows
i disagree, the ONLY thing "more secure" about mac (if this even still counts) is that it's based on bsd and thus has a stronger security model by default than windows, windows is made the flawed structure go away with the introduction of UAC which emulates the linux/unix root/user account privileged system.

quote:
It's still less prone to be the subject of viruses
nobody is arguing that windows doesn't get more viruses... that's unanimously true.

quote:

Do you know the answer to this question? For any platform? No. Most irrelevant point of the day.
trends in the iphone/ipod/ipad world are pointing to the fact that apple is moving toward this. It could be incorrect but i wouldn't put it past them.

quote:
due to the fact that the use of flash on any device impacts on performance and battery life in an unacceptable way.
if you run flash on an "as needed basis" like i do on my windows phone then the impact is not nearly as bad.

quote:
Well, what a ridiculous coincidence. You know the 'most' about macs whilst also believing all of the criticisms you stated above, I wonder where you gained such knowledge.
i got my skills with mac from a combination of virtualization, linux/unix knowledge that i apply to the mac platform, a friend who owns a mac which i used to study the platform, and through demoing mac computers at mac stores. Among other places, not to mention i have this uncanny ability to "read"... and there are plenty of places on the internet with mac documentation.

quote:
Surely you didn't gain that knowledge by not buying such inferior products? What does that say about your decisions? Or more accurately, about your honesty.
To date i have owned/posessed only 2 devices made by apple. the first was an ipod shuffle that was given to me for christmas which broke a long time ago (it was a software problem that i quit fixing, no i did not sabotage it) and the second is my current macbook pro that i did not, nor ever would, pay for. As for my honesty, i think that i'm fairly honest about my knowledge/skills/devices owned.

quote:
i don't hate apple devices, i hate the smug customer base and it's lie driven marketing... granted the marketing aspect seems to be going away now.

quote:
Look at all the posts on here, people overjoyed that a virus has the potential to infect a system
i am not overjoyed that a virus has the potential to hurt people or their systems, i was overjoyed that there may have been some slight chance these smug pricks who think their overpriced computers are better than mine because theirs were build by apple's outsourcing and mine was built by me and runs windows...

I am currently in the process of testing this virus and hopefully will be able to develop a fix or at least a guide on detection and removal if it warrants it.

quote:
You know the 'most' about macs whilst also believing all of the criticisms you stated above

I am a regular user of many different operating systems to include all windows 7 and below, windows server 2003 - 2008, debian, fadora, kubuntu, ubuntu, mandriva/mandrake, mint, osx .0 - .6, windows mobile, and ios... the criticisms i stated anywhere on here (besides where i'm being clearly sarcastic just to get a few laughs) are not something i just believe, but know to be 100% true. There are just as many issues regarding mac as there are windows. they might be about different things but there are issues none-the-less, that much i can assure you of.

i have no hate for my macbook pro, i just prefer Windows/Debain to it 100%.

Say what you like... unless you're a tech who knows his stuff you won't stand a chance at discrediting me, and if you are a tech who is in fact good and well informed about all of these platforms then you'll know by reading my posts my credentials are in order. I don't like to brag but i live on all things technology. If you want to argue history you'd probably win, but if there's one thing i know it's computer tech.


By INeedCache on 10/29/2010 10:03:16 AM , Rating: 1
"Talk about a huge sense of insecurity. Nobody is claiming OSX is perfect. The simply fact is that it's more secure than Windows. Whether that's due to the fact that it's less of a target or not, is irrelevant. It's still less prone to be the subject of viruses."

Do you realize just how nonsensical that statement is? You're saying it's more secure than Windows, yet the fact that it's much less of a target is irrelevant. The fact that it's much less of a target is TOTALLY relevant, as without it being on about equal footing as far a marketshare and being targeted, you, nor anyone else, can back up the claim it's more secure than Windows.

You also mention an unnatural hatred amongst some for all things Apple. That may be. But you should also then mention the unnatural feeling of superiority most Apple users exhibit toward any and all competitors. People overjoyed that a computer could get infected? Well, what do you expect when the Apple Kool-Aid gulpers weigh in on any and every article regarding Windows infections with their typical superior, smug attitude "It can't happen to us." It certainly CAN happen to them. Forgot to mention that. Or do you expect human nature to be one-sided?

Is OSX more secure than Windows 7? You can believe and claim whatever you wish. But the FACT is we will never know, as it will never come close to achieving the market share necessary for even a loose comparison. If you believe otherwise, your illogic is even worse than displayed here in this more or less laughable diatribe.


RE: More pleasing fantasies for the truly insecure
By gstrickler on 10/31/2010 7:08:03 PM , Rating: 2
quote:
This does not take away from the fact that it's still a mac exploit.

Actually, it's a user exploit. In fact, it doesn't even work correctly on many Macs. It doesn't do anything unless the user allows it and enters an administrator password so it can install. It's classic social engineering. A trojan that tries to trick the user into installing it. Nothing more, nothing less.

quote:
should be able to install whatever i want on my own computer. I will not be told what i can and can not install by jobs or anyone else. Doing away with java and flash is retarded and shouldn't be job's choice to make. If they don't want to put it on by default that's one thing but block me from installing it is insane!
Jobs isn't choosing for you, they're just choosing not to install it for you. You're free to install Flash and Java yourself if you choose. No one is blocking you from installing it. Pure FUD.

MS Windows doesn't install either one for you, you have to go install it yourself. Linux doesn't install flash for you, and may or may not install Java.

There is no difference, so stop spouting your Apple/Jobs hatred, or at least give an example that doesn't fall apart with a trivial amount of logic. You're welcome to hate Apple/Jobs, just quit spouting inaccurate info and FUD.


RE: More pleasing fantasies for the truly insecure
By Luticus on 11/1/2010 8:29:58 AM , Rating: 2
quote:
Actually, it's a user exploit. In fact, it doesn't even work correctly on many Macs. It doesn't do anything unless the user allows it and enters an administrator password so it can install. It's classic social engineering. A trojan that tries to trick the user into installing it. Nothing more, nothing less.
I'm not arguing that this isn't a "user exploit", my point is that these types of viruses will only get worse from here on... if you want to stay in a sugar coated bubble, or frolic in a meadow of denial... fine.

quote:
Jobs isn't choosing for you, they're just choosing not to install it for you. You're free to install Flash and Java yourself if you choose. No one is blocking you from installing it. Pure FUD.
See ipod, iphone, ipad... now there's talk of a mac store opening up for the mac computers. If they go completely to a mac store for software distribution on the mac then how long until you "can't" install it. As i stated above, this is a growing trend with apple and while this might not ever become a reality i certainly wouldn't put it passed them.

quote:
MS Windows doesn't install either one for you, you have to go install it yourself. Linux doesn't install flash for you, and may or may not install Java.
i know...

quote:
You're welcome to hate Apple/Jobs, just quit spouting inaccurate info and FUD.
i do not hate Apple or Jobs. I don't like the way that apple does business sometimes and i don't particularly care for the amount of control i feel apple/jobs have over what i can and can't do with the computer/devices i paid for. seeing as this exact thing has been a reoccurring theme in just about every apple/mac article I've read in the last year or two i really don't think this statement is too far off. None of my "information" is inaccurate. Sure sometimes i say some sarcastic things just to get a laugh or make a point (and usually i'll note when i'm doing it), but my information is always accurate. I'm working on a mac right now. I know mac pretty well so you cannot use the "you're uninformed and just a hater" argument against me. I use apple and i still prefer windows/linux, if this bothers you... examine your life and why you care. I'm just poking a little bit of fun at all the smug mac people who think macs are protected by the force and that all windows users are stupid for using windows. 'nuff said!


By gstrickler on 11/1/2010 12:52:40 PM , Rating: 2
quote:
See ipod, iphone, ipad... now there's talk of a mac store opening up for the mac computers. If they go completely to a mac store for software distribution on the mac then how long until you "can't" install it. As i stated above, this is a growing trend with apple and while this might not ever become a reality i certainly wouldn't put it passed them.
Different market, different context. They won't lock down the Mac the way they have iOS devices. They're just adding an app store that makes it easier to purchase, install, and upgrade software that is available via that app store. I certainly don't have any inside info, but locking down the Mac would kill that market, and I'm sure Jobs knows that.
quote:
my point is that these types of viruses will only get worse from here on...
Agreed.
quote:
if you want to stay in a sugar coated bubble, or frolic in a meadow of denial... fine.
Not me, I've found and reporte a number of security issues for Mac, Windows, and various other products over the years.
quote:
I don't like the way that apple does business sometimes and i don't particularly care for the amount of control i feel apple/jobs have over what i can and can't do with the computer/devices i paid for. seeing as this exact thing has been a reoccurring theme in just about every apple/mac article I've read in the last year or two i really don't think this statement is too far off.
I use Macs, Windows, and Linux/Unix also, been using and supporting all of those since the mid 80's. I didn't like the way SCO did business (good riddance), I don't like some of Oracle's practices, I don't like some of Apple's practices, but I dislike MS business practices even more. It's personal preference, nothing objectively significantly better or worse as far as business practices go. Still, I choose the best tool for the job, sometimes that's an Oracle database, often it's an MS product, but for me personally, it's usually a Mac. For some things I prefer Windows, but since my goal is to accomplish work, I prefer the system that requires the least time supporting the system and helps me get my work done faster with the least hassle. For me, that is generally a Mac, so I prefer a Mac. Everyone has different preferences and different tasks to accomplish, so not everyone will be best served by any one system.

I'm glad Apple switch to x86 based systems 4 years ago, it makes it much easier to run a Mac with Windows in a VM, so I have both handy in one machine. For some things, I use both at once tanking advantage of the strengths of each OS and the software for each to accomplish a task more easily than I could on either system separately.

BTW, Apple recommends AV software for Mac OS X, and they have for quite a few years. In fact, they ship ClamAV on OS X Server. They don't "push" or promote it in "ovbious" ways, but it's on their web site. The choice to not prominently promote using AV software is a marketing decision, after all, it might be tough to promote the use of AV software while you are also (accurately for now) pointing out that Mac users don't have to deal with as many AV/malware issues that Windows users do. Yes, most of the difference is due to market share differences, but it doesn't change that fact that in practice, Windows users will be attacked at least 10x more, which means that a Mac user will have much less of that to deal with. Not an inherent advantage of the OS (at least not since Vista shipped using UAC), just an inherent advantage of having a much smaller installed base.


RE: More pleasing fantasies for the truly insecure
By Luticus on 11/2/2010 8:50:14 AM , Rating: 2
For the most part i completely agree with everything you've said here.

quote:
They won't lock down the Mac the way they have iOS devices.
This could be true and i certainly hope this is the case.

quote:
nothing objectively significantly better or worse as far as business practices go.
I agree this is all preference, for me i feel that ms is the winner here because ms attacked other business while apple deceives customers, and limits customers use of their computers. i want a machine that will let me do whatever i want with it, anything less than that is no good to me. For the most part windows lets me do this, so 99.9% of the time I'll use windows and the rest of the time I'll use Linux/Mac.

quote:
I'm glad Apple switch to x86 based systems 4 years ago
As am i, best move ever!

quote:
Apple recommends AV software for Mac OS X
I know, this is something else i don't like about apple. They recommend anti-virus but they do so quietly so that they save face. They don't care if their customers get viruses as long as they are still seen as the clean "cool" sterile environment. Yet if customers do get viruses they can point out "see we've recommended anti-virus for years!" Making users sign agreements not to talk about problems they've had with their platform.... yea I'm not buying into that. If you use mac then great, i hope you enjoy it and never have a problem. If you understand that windows has it's place and that people are morons for choosing it then ever better! When it comes down to it, that's really all i want. I don't get why people have to be smug about what operating system their using... i just don't get it.


RE: More pleasing fantasies for the truly insecure
By Luticus on 11/2/2010 8:55:12 AM , Rating: 2
quote:
If you understand that windows has it's place and that people are morons for choosing it then ever better!

This should read: If you understand that windows has it's place and that people are NOT morons for choosing it then ever better! :-)


By gstrickler on 11/3/2010 11:08:35 PM , Rating: 2
quote:
This should read: If you understand that windows has it's place and that people are NOT morons for choosing it then ever better! :-)
I liked the typo better. :)


"And boy have we patented it!" -- Steve Jobs, Macworld 2007














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki