backtop


Print 45 comment(s) - last by matty123.. on Nov 7 at 8:49 PM

It just works -- except when you're infected

Apple, Inc. (AAPL) has long maligned the Windows PC as being virus laden, while promoting its own Mac computers as being immune to such evils.  But despite this "It just works" publicity campaign, recent OS X malware [1][2][3][4] has forced Apple onto the defensive, silently rolling out tools to remove malicious programs from users' computers.

I. Malware Enslaves Unwitting Mac Users' GPUs

Now another piece of malware has struck unsuspecting Mac owners.  The new multiplatform trojan, reported in the wild by security firms Sophos Security and Intego, is much more sophisticated than most of the past malware to hit the Mac platform.

The malicious program installs as part of infected torrent downloads from sites such as The Pirate Bay.  Thus far the malware has been primarily found to be piggybacking on pirated copies of the image editing app GraphicConverter version 7.4 (whose authors are not involved in the screen and do not approve of the pirating in the first place).  The onboard malware is officially known in security circles as OSX/Miner-D, and is nicknamed the "DevilRobber".

Mac torrent client
Mac torrenters may find themselves the victim of a clever new trojan -- as usual Apple remains silent on the issue. [Source: iQuid]

Once installed on the victim's machine, the malware opens a back-door to the OS X system, allow remote command-and-control.  It also monitors your computer, attempting to steal personal information like credit cards.  

OS X miner installed
The malware targets multiple platforms -- including the Mac. [Source: Intego]

To do this it takes screenshots.  It also periodically dumps confidential information from various applications -- such as truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history -- into the creatively named file dump.txt.  It also records your username and passwords via monitoring using a proxy server (on port 34522 in the most common variant, but likely to change).

But its biggest target is the crypto-currency "bitcoins".
 
malware code
The DevilRobber trojan uses screen captures to steal your password and private information. [Source: Sophos]

Bitcoins are a nation agnostic cyber-currency, beloved by hackers, internet aficionados, and libertarians (among others).  In order to seed the initial distribution of "wealth" on the market, people can use computing resources to "mine" Bitcoins, via clients.

The key part of DevilRobber is a Bitcoin mining Java program which the core trojan executes.  The trojan enslaves the target's GPU to harvest Bitcoins.  Due to the hard-to-trace nature of the cryptocurrency, the malware's authors can successfully obfuscate their identity and safeguard their profits.

The mining program is often how the infection is first noticed, as it makes the system respond sluggishly, given the load it places on the GPU.

As a secondary tactic, the core trojan also attempts to access any unencrypted Bitcoin wallets it can find.  It is unknown whether it contains code to access encrypted wallets, but it is reasonable to assume that future updates could deliver the ability to "crack" weakly encrypted wallet files.  Compromised wallets transfer their Bitcoin riches to the attacker.

Curiously, the trojan also deletes any files leading pthc.  This acronym is associated in internet forums with the phrase "pre-teen hardcore pornograph", aka child porn.  It almost appears that the trojan writers have attempted to do a bit of good amid all the evil they have created.

II. Lessons Learned

The new attack illustrates some of the issues surrounding both Apple computers and Bitcoins.

Bitcoin ButtonBitcoin badges
[Sources: Bitcoin Forum (left); Nerd Merit Badges (right)]

For Apple, it's yet another indication that company's public effort to feign ignorance on malware is harming customers.  While tech-savvy Mac users understand their platforms are just as susceptible to infections as PCs, in theory if not in practice, less tech-savvy users often believe their Mac is magically immune to infection.  This belief is perpetuated by Apple's advertisements and the company's technicians, which were revealed to be under orders to lie to customers -- feigning ignorance of infections.  This approach has led to at least some of Apple's customers being victimized by the hacking community. 

This situation is only likely to get worse, as Apple refuses to publicly acknowledge the danger, as Microsoft has, for risk of losing its "it just works" public image.  But currently in third place in computer sales by vendor, and with what some hackers say are weaker protections than Windows 7, interest in malicious Mac hacking is trending upwards.

As for Bitcoins, the cryptocurrency holds great promise, as it is formulated to prevent local government corruption, double spending, inflation, and ineffectual government monetary regulation.  However, the Bitcoin market has been dealt a series of setbacks, both via the entrance of cybercriminals as large-scale miners, and from account breaches.  

With Bitcoin's largest exchange recently hacked, the currency's proponents have raced to safeguard their brainchild.  More work clearly needs to be done to exclude cybercriminal miners, or Bitcoin risks being intimately associated with illegality.

Sources: Intego, Sophos Security



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

You've lost me, DailyTech
By Tafter on 11/2/2011 9:02:35 AM , Rating: -1
I've watched this site's slow descent into fanboyism and I've had enough. DailyTech is not content to just report the news. Even providing reasonable, balanced commentary isn't enough. Nope, nothing but bald faced bias will do.

Leading the way, of course, is intrepid "reporter" Jason Mick. I guess I at least have to give him points for consistency: he has certainly picked sides in just about every subject. From smartphones (android rulz!) to OS's (windows baby!) to global warming (don't trust the elitist eggheads!), Mick has it all figured out. And rather than give all reasonable arguments fair court, Mick goes out of his way to forward his truths. Take Apple, for instance: every piece of positive Apple news is met by a Mick "article" dripping with resentment and downplaying the news, each bit of bad news is met by a piece with barely contained glee and excitement trumpeting the news do that all may hear. It is sickening.

But Mick knows his audience. In the posts below his pieces, agreeable fanboys pile on with barely coherent attacks, absurd stereotypes and tasteless jabs (yeah, Jobs is dead!). Fresh meat is the only way to describe a new Mick piece.

This site has absolutely no credibility left and certainly no objectivity. I don't read obvious pro Apple sites because the bias makes them hard to read. Why should I read DT?

You are off of my site list on Google Reader. You've just gotten too bad to take. Jason Mick: you are an awful writer and lack critical thinking skills. Find a new line of work.




RE: You've lost me, DailyTech
By Tafter on 11/2/11, Rating: -1
RE: You've lost me, DailyTech
By matty123 on 11/2/2011 7:13:51 PM , Rating: 3
Wow dude hate much!!

Don't know where you are going to go for your ""unbaised news"" since almost every site is reporting the same thing

http://www.zdnet.co.uk/news/security-threats/2011/...
http://nakedsecurity.sophos.com/2011/10/29/devilro...
http://news.cnet.com/8301-1009_3-20128065-83/devil...

You really can't blame the journalist for reporting the news just because YOU don't like it, I reckon a lot of people will find this newsworthy.


RE: You've lost me, DailyTech
By Tafter on 11/7/2011 7:26:14 PM , Rating: 2
I really wish I closed the browser window this was in instead of refreshing.

The link you provided actually proves my point: that article is indeed a decent example of unbiased journalism. It states the facts, gives helpful advice and avoids sensational ledes and editorial. This isn't about what is reported, it is about how it is reported. If you read both stories and don't see severe stylistic differences, you aren't even trying to be fair.

This isn't hard, folks. Just try a little objectivity now and again, won't you? Not everything has to be us vs. them, my tool vs. your tool. Jason Mick is playing to the very worst, most base of human behavior and doing it for the worst possible reason: clicks (aka ad money). Please stop playing right into his hand.


RE: You've lost me, DailyTech
By matty123 on 11/7/2011 7:45:51 PM , Rating: 2
I do find {Note} stylistic differences granted but in other words all your saying is that you don't like the author's style, which seems almost absurd as everybody has a different style.

Note I am not condemming you and am relatively new to these forums but I havn't noted any bais in any of the author's posts except for apple fanbois who don't like article's that reflect negatively on any apple product in any way or form.

In fact after re-reading all three articels {links in older post} I find that they all have "severe stylistic differences" ecspecially between the ZdNet and CNET articles, note the CNET article doesn't note in it's header that's it's onlt macs that would suffer from this problem, but I don't see any of the articles as bad they all present the facts and give the same main points.


RE: You've lost me, DailyTech
By Tafter on 11/7/2011 8:19:44 PM , Rating: 2
Just open your mind up a little: you used the term "apple fanboi". Do you really think that fanbois for Windows, Android, or "insert your company or toy here" don't exist? Really?

Look at the comments on this thread. Look at how they mock apple, apple fans and Steve jobs death. Not convinced? Head over to MacRumors forums. Note how the contrarians there act like Tony Swash. Note how the arguments there play out almost in the exact opposite manner as they do here.

This isn't about specific technologies or their supposed superiority. We all pick favorites based on our personal preferences. It's when we take to the Internet and attack others for their choices that everything breaks down. It isn't about logic and reason, it's about taking down "the enemy."

Certain writers play to this natural tendency of humans. Jason Mick is one of those people. Go ahead: rationalize that apple sux, it's users are the worst fanbois and your choice is superior. But you are kidding yourself. Fanbois are fanbois. If you aren't willing to look at the fanbois on your side and see them in the same harsh light as your "enemies" you are part of the problem.


RE: You've lost me, DailyTech
By matty123 on 11/7/2011 8:49:34 PM , Rating: 2
While I do understand your point I use an iphone but I couldn't stand the absurd things some apple fans were throwing around so I did research and am now trying to correct people on where they go wrong.

Anyway I get what you are saying but I think you answer yourself in your post,

quote:
We all pick favorites based on our personal preferences.


Now I agree that some posters are as you would say "part of the problem" but I don't find that in the author's work, I find that most topics are good solid headlines that catch the eye and spark intresting debates about whatever the topic is.

Also I and I am sure many others larelgy read these forums for the comments and debates around the articels, now I won't lie nothing ruins it more than when a really crazy fanboi/phandroid comes along and spouts utter garbage and refuses to listen to any other points or faults in their logic {but this isn't the writer's fault} but the rest of it is good and at least I apperciate that it attracts intresting people to chat to.


"Death Is Very Likely The Single Best Invention Of Life" -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki