backtop


Print 88 comment(s) - last by overzealot.. on Mar 6 at 1:06 AM


The new Apple Trojan "BlackHoleRat" sneaks itself in through OS X users' open back doors. It is currently in "beta" and its capabilities are being expanded.  (Source: Sophos Labs)

One of its capabilities is to pop up fake administrator password request windows as a phishing attempt  (Source: Sophos Labs)

The trojan even delivers humorous messages to users in current form.  (Source: Sophos Labs)

  (Source: Chris Moncus)
Malicious program still appears to be in "beta" form, unlike its Windows counterpart

Security researchers at Sophos Labs have discovered a naughty new trojan that's in the process of beta testing attack capabilities against the growing population of Mac users.

The trojan exploits open back doors in OS X to gain a good deal of access to the system.  It can be transmitted through a variety of vectors, including torrent files or seemingly legitimate download programs.  It could also be, in the future, delivered via the exploitation of browser flaws to perform "drive by downloads".

Once inside, the Trojan gets down to business, allowing the attacker to have their way with their Apple victim.  The attacker can plant text files on the desktop, force URLs to open, run shell commands, and pop up fake password windows in a phishing attempt.

They can also force the users machine shutdown or reboot. When a reboot is forced an amusing message pops up, informing:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The virus is a port of darkComent, a remote access trojan for Windows.  The new OS X versions has been dubbed "OSX/MusMinim-A", or "MusMinim" for short, by Sophos.  Its creators, however, call it BlackHoleRat.

Sophos believes its creators will likely expand its functionality now that the concept has been proven.  It will likely be loaded with far nastier tricks in the future.

Despite its obscurity, Apple's poor security track record virtually ensures that Apple OS X users back doors will be open in years to come.  And increasingly they may find malicious individuals looking to poke and prod their way inside.

Still Apple has been quite quiet in its direction to users to get an anti-virus program.  To this day it still tries to portray Windows as "virus-laden" and OS X as virus-free.  As a result of this ostrich-in-the-sand attitude, some users may fall victim of unwanted backdoor intrusion.

Apple has yet to comment on its users' latest infection or hint at how widespread it might be.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Awaken the Blissfully Ignorant
By Argon18 on 2/28/2011 11:41:37 PM , Rating: -1
See, that's where you're confused. A trojan is not a virus. A trojan is social engineering- convincing the user that something malicious is infact legitimate. There is no amount of anti-virus software that will protect against a new trojan. None. And every operating system on earth is susceptible. If I write a Windows batch file that says "Press enter to safeguard Microsoft Windows!" but when you press enter, it actually runs "format c:" well there you go, that is a trojan, and no, your precious anti-virus software will NOT detect it! A true virus propagates on its own, with no user intervention required. Windows is highly susceptible to viruses while UNIX type OS's are not. There are ZERO viruses in the wild for OSX, Linux, AIX, HP-UX or any UNIX-like OS for that matter. ZERO! Furthermore, the vast majority of security flaws in OSX, Linux, etc. relate to local user privilege escalation- i.e. you cannot take advantage of them unless you are already a valid user logged in! Windows on the other hand, suffers from many thousands of much more serious flaws- what microsoft describes as "an unauthenticated remote attacker can take control of the system". That is very serious! That means you don't even need a user account, you can be anonymous and remote and take complete control of the system. OSX and Linux do not suffer from this kind of flaw.


RE: Awaken the Blissfully Ignorant
By bplewis24 on 3/1/2011 12:04:25 PM , Rating: 2
*facepalm*


RE: Awaken the Blissfully Ignorant
By KoolAidMan1 on 3/1/11, Rating: 0
By Alexstarfire on 3/1/2011 7:55:40 PM , Rating: 2
He certainly is correct, but I'm failing to see how this is less harmful to users. Any type of malware is bad, period. A virus and trojan are usually used for two separate purposes. They are both quite harmful in the end. Actually, a trojan could be far worse since usually all a virus can/is meant to do is make your computer useless and spread itself. A trojan could very well get your login and password to any account you use on that computer. That seems far worse to me.


By testerguy on 3/3/2011 4:11:03 AM , Rating: 2
Firstly - a Trojan CAN be a virus. It is possible to engineer a legitimate appearing malicious file which is also able to propagate (replicate and distribute) itself, thus satisfying both requirements.

Secondly - anti virus programs CAN and DO detect Trojan horses as well.

Thirdly - a Windows batch file is NOT a Trojan because it's clearly an executable, whereas a Trojan horse would masquerade as something else less dangerous.

Finally, a virus by definition does NOT have to be able to reproduce with no user intervention. For example, a user can intervene by removing a USB from one PC to another, thereby allowing the Virus to replicate. User intervention, and still a virus.

All of the above being said, and despite thinking that what you're arguing is a distinction without a difference in the real world (since whether it's a virus or a Trojan doesn't really matter much once your computer dies), what you write is largely correct.


"Death Is Very Likely The Single Best Invention Of Life" -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki