backtop


Print 88 comment(s) - last by overzealot.. on Mar 6 at 1:06 AM


The new Apple Trojan "BlackHoleRat" sneaks itself in through OS X users' open back doors. It is currently in "beta" and its capabilities are being expanded.  (Source: Sophos Labs)

One of its capabilities is to pop up fake administrator password request windows as a phishing attempt  (Source: Sophos Labs)

The trojan even delivers humorous messages to users in current form.  (Source: Sophos Labs)

  (Source: Chris Moncus)
Malicious program still appears to be in "beta" form, unlike its Windows counterpart

Security researchers at Sophos Labs have discovered a naughty new trojan that's in the process of beta testing attack capabilities against the growing population of Mac users.

The trojan exploits open back doors in OS X to gain a good deal of access to the system.  It can be transmitted through a variety of vectors, including torrent files or seemingly legitimate download programs.  It could also be, in the future, delivered via the exploitation of browser flaws to perform "drive by downloads".

Once inside, the Trojan gets down to business, allowing the attacker to have their way with their Apple victim.  The attacker can plant text files on the desktop, force URLs to open, run shell commands, and pop up fake password windows in a phishing attempt.

They can also force the users machine shutdown or reboot. When a reboot is forced an amusing message pops up, informing:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The virus is a port of darkComent, a remote access trojan for Windows.  The new OS X versions has been dubbed "OSX/MusMinim-A", or "MusMinim" for short, by Sophos.  Its creators, however, call it BlackHoleRat.

Sophos believes its creators will likely expand its functionality now that the concept has been proven.  It will likely be loaded with far nastier tricks in the future.

Despite its obscurity, Apple's poor security track record virtually ensures that Apple OS X users back doors will be open in years to come.  And increasingly they may find malicious individuals looking to poke and prod their way inside.

Still Apple has been quite quiet in its direction to users to get an anti-virus program.  To this day it still tries to portray Windows as "virus-laden" and OS X as virus-free.  As a result of this ostrich-in-the-sand attitude, some users may fall victim of unwanted backdoor intrusion.

Apple has yet to comment on its users' latest infection or hint at how widespread it might be.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Wut?
By messele on 2/28/2011 3:41:42 PM , Rating: -1
quote:
There's different definitions of what a computer "virus" is, but in a broad sense it's a malicious program that installs itself and performs unwanted functions on your machine.


Err no. A virus does not necessarily install itself, more it is capable of self-replication.

...nor are they necessarily malicious or programs that perform unwanted functions. That is at the discretion or skill of the author.

Can you link us a single article relating to a virus in the wild on Mac OS Jason? Much better if you can find one that has done real damage...


RE: Wut?
By JasonMick (blog) on 2/28/2011 3:47:36 PM , Rating: 5
You're arguing semantics here. This is clear OS X malware, and it clearly could become what your definition of a virus is.

quote:
Can you link us a single article relating to a virus in the wild on Mac OS Jason? Much better if you can find one that has done real damage...


To save you the trouble of looking up articles on Mac OS viruses/worms/trojans, etc.:

http://lmgtfy.com/?q=os+x+viruses

http://www.dailytech.com/New+Trojan+Virus+Attacks+...

http://www.dailytech.com/Apple+Gets+Its+Own+Trojan...

http://www.dailytech.com/Malware+Hits+OS+X+No+Majo...


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By JasonMick (blog) on 2/28/2011 4:07:13 PM , Rating: 5
I'll ignore your insults and try to nicely help you out.

quote:
If you can find a single one (no more DailyShit links please) I'll retract everything I have said (publicly) and tattoo your RSS feed URL on my chubby, I am THAT confident you can't do it.


http://www.networkworld.com/news/2009/041709-first...

...Please don't do the tattoo, though...

But I did want to just say I can tell the subject of an Apple computer getting infected by viruses and trojans like a Windows one is a very sensitive one for you. That must have been very tough reading this. I'm so sorry...


RE: Wut?
By messele on 2/28/11, Rating: -1
RE: Wut?
By Iaiken on 2/28/2011 5:02:51 PM , Rating: 5
We were playing with this on a mac at work today and you seem to not understand it's capabilities.

It can do all of the following WITHOUT need of the administrative password:

- Remote execution of shell commands
- Create text or other script files remotely
- Send data to a remote server

- Open up a web page from safari
- Send a message to the victims screen
- Perform shutdown, restart and sleep operations

The bold items above are cause for concern since I could essentially send script files to your PC that create opportunities for any manner of exploit. The 'Finder' dialog example is one such example of just what you can do.

Once this is better fleshed out it will become more sophisticated as the payloads increase in size and complexity. The best attacks will be ones that mimic authentic dialog boxes at appropriate times. This is not hard to do since you can see which programs are running even without administrative rights.

All you need to do is something like this:

quote:
#!/bin/sh
PIDS=`ps ax | grep 'updatedb\|find' | grep -v grep | sort | awk
'{print $1}' | perl -ne 'chomp;print "$_ "'`
if [ "$PIDS" ]
then kill $PIDS
fi


This will try to kill the updatedb script which will prompt for an administrative password. You then immediately follow it up with a prompt saying "oopsie, the service has failed" and that you need to type in your administrative password to restart it.

And this is just the first one I could think up off the top of my head.


RE: Wut?
By testerguy on 3/3/2011 4:39:50 AM , Rating: 2
Are you saying you were able to install this an run dangerous shell commands remotely on the machine without ever entering your Administrator password?


RE: Wut?
By StraightCashHomey on 2/28/11, Rating: 0
RE: Wut?
By KoolAidMan1 on 3/1/2011 6:51:42 AM , Rating: 2
quote:
You're arguing semantics here. This is clear OS X malware, and it clearly could become what your definition of a virus is.


It is malware, but there are many kinds of malware. The term "virus" is erroneously used for types of malware that aren't necessarily viruses. What distinguishes a virus from a trojan is that a virus is self-replicating and self-propagating.

A virus is infectious malware. A trojan on the other hand is based around concealment, which in most cases is a malicious program that invites a user to run it. Any operating system is susceptible to a trojan. There will always be the opportunity for harmful software to fool a user into executing it. Modern operating system requiring users to elevate to admin/root is a huge step in the right direction, but nothing can stop someone from ignoring a UAC prompt or typing in their admin password even though they shouldn't.

You are arguing that this trojan is a virus, when I don't see evidence that this piece of malware fits the strict definition of what a virus is. If you want to use "virus" interchangeably with any kind of malware, be they trojans, rootkits, whatever, fine, but it is technically incorrect.


RE: Wut?
By omnicronx on 2/28/2011 6:24:01 PM , Rating: 2
A computer virus now has multiple accepted terms, traditionally you would be correct, unfortunately the term has seen widespread usage in other areas such as malware, trojans, spyware etc.

Its now an accepted generic term, get over it..

http://www.microsoft.com/security/pc-security/viru...

As for viruses in the wild, there have been multiple and clearly not even a fraction of that found on windows, but they do exist.

http://news.techworld.com/security/5392/worlds-fir...

http://www.theregister.co.uk/2007/10/31/in_the_wil...

http://www.theregister.co.uk/2009/01/22/mac_trojan...

Furthermore if they did not exist, then why did Apple sneak anti malware blacklist tools into SL?


RE: Wut?
By KoolAidMan1 on 3/1/2011 7:02:48 AM , Rating: 2
Apple used to bundle anti-malware into .Mac subscriptions. Those went away when it became MobileMe, but they still sell anti-malware software packages at their own Apple Stores.

I don't think anyone sane denies that malware is out there. Apple certainly doesn't deny it based on the fact that they sell the software themselves. Braindead fanboys will deny it, sure, but there is no such thing as a completely secure piece of software.

Whether or not it is a credible threat is a different story though. Do you know what the biggest victim of malware was outside of Windows XP? MacOS 8 and 9.

There were far fewer MacOS users than OS X users now, yet it had way more issues with viruses. Yes, there is malware out there for OS X, but the UNIX base of OS X has done a lot to keep it safe, even if it has been poorly curated compared to Windows (which has to be vigilant, being such a giant target). I'm not freaked out over the prospect of viruses in Windows 7, it is really secure and there is elevating of user rights, etc, but I still keep NOD32 running just in case.

These stories regarding security on OS X have been running for over a decade, and I still wait for some crazy botnet that turns the millions of Macs out there into zombies that self-propagate their sickness to every other Mac out there, but it has yet to happen. Practically speaking, it still isn't an issue, and I don't know if it ever will be.


RE: Wut?
By testerguy on 3/3/2011 4:24:39 AM , Rating: 2
'Whether or not it is a credible threat is a different story though. Do you know what the biggest victim of malware was outside of Windows XP? MacOS 8 and 9.'

Sorry, where's your source for that claim?


"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki