back to article Malware hidden in vid app is so nasty, victims should wipe their Macs

It's going to be an unpleasant weekend for some Mac users who are facing a complete system wipe and reinstall – after hackers stashed malware in legitimate applications. Eltima Software, which makes the popular Elmedia Player and download manager Folx, today confessed the latest versions of those two apps came with an …

Page:

  1. scrubber
    Mushroom

    Nuke from orbit

    Or wait for lil Kim to do it for you.

    1. Elmer Phud

      Re: Nuke from orbit

      Or that other chappie?

      1. charlieboywoof

        Re: Nuke from orbit

        Mostly they come at night, mostly

        1. sloshnmosh

          Re: Nuke from orbit

          Oh how I love a good Alien(s2) reference!

  2. Charles 9 Silver badge

    Still waiting for that nuke-proof malware where even re-installation doesn't remove it...

    1. bazza Silver badge

      Erm, aren't they called firmware viruses?

      I seem to recall Lenovo put something into some of their device driver firmware that would reinstall bloatware. Or something like that. Ok so that's not a Mac, but then Macs and PCs aren't so very different.

      1. Haku

        Re: Macs and PCs aren't so very different

        Yes they are, one has an army of fanatics that will defend their choice of platform against their rival to the bitter end, and the other has a larger army of fanatics that will defend their choice of platform against their rival to the bitter end.

        1. Not also known as SC

          Re: Macs and PCs aren't so very different

          @Haku,

          A perfect explanation.

        2. Anonymous Coward
          Anonymous Coward

          Re: Macs and PCs aren't so very different

          So what are the people running MacOS on a PC VM?

          and while you're at it....what's the iair-speed velocity of an unladen swallow?

          1. Anonymous Coward
            Anonymous Coward

            Re: Macs and PCs aren't so very different

            Running macOS on a PC is strictly prohibited by the licence, so of course nobody does it.

            Nobody at all. Honest guv.

            1. HieronymusBloggs

              Re: Macs and PCs aren't so very different

              "Running macOS on a PC is strictly prohibited by the licence"

              So users of Intel Macs are breaking the licence terms?

          2. Elmer Phud

            Re: Macs and PCs aren't so very different

            African or European?

            1. PNGuinn
              Trollface

              Re: Macs and PCs aren't so very different

              "African or European?"

              Simple to check. It'd be the swallow with the rounded corners, natch.

              It's a pleasure - I'm here all week.

          3. chivo243 Silver badge
            Windows

            Re: Macs and PCs aren't so very different

            African or European?

            1. J. R. Hartley

              Re: Macs and PCs aren't so very different

              I don't know that.

              1. hplasm
                Happy

                Re: Macs and PCs aren't so very different

                "I don't know that!"

                AAAAAaaaaaaaa!

          4. Irongut Silver badge

            Re: Macs and PCs aren't so very different

            "and while you're at it....what's the iair-speed velocity of an unladen swallow?"

            Sorry can't calculate iair-speed, I'm on a PC.

          5. Anonymous Coward
            Anonymous Coward

            Re: Macs and PCs aren't so very different

            Same as the drag coefficient of the tassels on a flying carpet.

        3. macjules Silver badge

          Re: Macs and PCs aren't so very different

          And not forgetting that one side was founded by a charismatic, obsessive compulsive with psychological issues, while the other side was founded by a charismatic, obsessive compulsive with psychological issues ..

          1. Snorlax

            Re: Macs and PCs aren't so very different

            @macjules:"And not forgetting that one side was founded by a charismatic, obsessive compulsive with psychological issues, while the other side was founded by a charismatic, obsessive compulsive with psychological issues .."

            ...while Linus is an obsessive compulsive with psychological issues and no charisma.

        4. J. R. Hartley

          Re: Macs and PCs aren't so very different

          As a famous Commodore engineer once said: There's nothing nasty about Bill Gates, and there's nothing nice about Steve Jobs.

          1. Anonymous Coward
            Anonymous Coward

            Re: Macs and PCs aren't so very different

            "As a famous Commodore engineer once said: There's nothing nasty about Bill Gates, and there's nothing nice about Steve Jobs.

            ... and oh boy was he wrong.

            Bill-boy was at least as nasty as Steve, but on different level because market position. So much nasty they stalled DoJ in monopoly abuse case so long that the president they'd bought got elected and dismissed whole case as a pay-back for "campaign money".

            There aren't many companies who can reach that level of evilness, not even IBM could.

            The pensioneer-Bill is totally different animal, has barely any connection at all to former Bill. But he's not losing money: A charity you own is still personally yours. Except you don't pay taxes.

            Also inheriting a charity is not taxable. Think about that a while ... all of those billions and $0 inheritance tax. And you get to claim in public that "heirs aren't inheriting any money".

            Which is true, they just inherit the sole ownership of a foundation. Which owns tens of billions.

            I repeat: Bill is not losing money with this 'charity' thing: 5% of the capital to charity purposes (choose whatever you want), the rest is yours. 5% yearly profit without taxes should be trivial to any company. Even without stock gains.

            Totally legal of course, that's the whole idea: Tax loopholes for the ultra rich.

            1. Flatpackhamster

              Re: Macs and PCs aren't so very different

              You've got to REALLY hate Bill Gates to lay in to him over spending $2billion dollars on developing a malaria vaccine.

      2. TheVogon

        "Erm, aren't they called firmware viruses?"

        See https://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/

    2. AlbertH
      Boffin

      Nothing new!

      There was persistent malware as far back as the Amiga! There was battery-backed RAM into which it was possible to install a little nasty that would get written to every floppy inserted into the machine and would write itself to any uninfected Amiga that the floppy was put into.... It didn't do anything malicious, just spread itself to almost every Amiga I ever saw!

      1. macjules Silver badge

        Re: Nothing new!

        Personally I would have said that persistent malware first raised its ugly face when people started harvesting user data under the grotesque misnomer commonly called 'social media'.

      2. Nick Ryan Silver badge

        Re: Nothing new!

        Nearly. Amiga RAM was not battery backed, what this used was a persistent RAM drive called a RAD drive. Anything stored in this type of RAM drive would survive a soft reset of the system (the normal RAM drive was wiped by a soft reset). Powering the system off would clear the RAD drive.

        If you had oodles of RAM (for the time) you could copy the OS to the RAD drive and configure the system to boot off it which made for a ludicrously fast booting system.

    3. Dodgy Geezer Silver badge

      ..buy a new computer?

      Malware sponsored by Microsoft and HP...

  3. Anonymous Coward
    Anonymous Coward

    Are crooks hacking private build systems, or cloud ones?

    Because the number of infected legitimate software is increasing... what's the reason?

    1. Anonymous Coward
      Anonymous Coward

      Re: Are crooks hacking private build systems, or cloud ones?

      I think your title was right, there have been several instances of software company's build systems getting hacked. This sounds like more of the same.

      The reason is probably because this is the easiest way to infect a lot of people. Compile your infection into software that either automatically updates itself or is updated regularly by users, and you get a lot more people than if you did it the old fashioned way and needed to find a remote root exploit or trick them into downloading something they shouldn't.

      Not much you can do as an end user about this except hope that as that keeps happening software companies will pay more attention to the security of their build environment and maybe consider taking it offline (I know, why would they do that when it is less convenient...)

      1. Citizen99

        Re: Are crooks hacking private build systems, or cloud ones?

        Upvoted - yes, air-gap FFS

    2. Anonymous Coward
      Anonymous Coward

      Re: Are crooks hacking private build systems, or cloud ones?

      Yes, there seems way way too much going on these days.

    3. Anonymous Coward
      Anonymous Coward

      Re: Are crooks hacking private build systems, or cloud ones?

      Fashion?

      This has been a problem for some time. In the early 00's there was even the "typo" (== vs =) in a single Linux kernel line able to give the planter root access on demand.

    4. Wayland Bronze badge

      Re: Are crooks hacking private build systems, or cloud ones?

      Like car jacking increased when it became harder to steal one without the key.

      I suspect now they have made them easier to steal that car jacking will decline.

  4. Pirate Dave
    Pirate

    A complete wipe?

    So the advice for a Unix-based system with a virus is to completely wipe it and re-install from scratch? That sounds so Windows-like. There aren't any scripts that can clean all the crap out and get the system back to normal? That does not sound like the Unix-way to me.

    1. Electron Shepherd

      Re: A complete wipe?

      Once the system has been compromised, what script are you going to run that guarantees to restore the system state correctly? How can you trust anything that the OS tells you, once you've been infected?

      It's not a Windows vs [U|Li]nux thing at all, it's just common sense, regardless of the operating system.

      1. Haku

        Re: A complete wipe?

        "Once the system has been compromised, what script are you going to run that guarantees to restore the system state correctly? How can you trust anything that the OS tells you, once you've been infected?"

        If we were to treat the US government as an operating system, would I be right in diagnosing it's been rooted with a nasty malware infection?

        1. amanfromMars 1 Silver badge

          If you don't correctly diagnose the problem, spreading cancers remain untreated

          If we were to treat the US government as an operating system, would I be right in diagnosing it's been rooted with a nasty malware infection? ... Haku

          Haku, Howdy,

          For Bigger Picture and Greater IntelAIgent Games Plays, if we were to diagnose the US government as a nasty malware infection, what operating systems would require major life-threatening surgery as the only effective life-saving treatment?

        2. Destroy All Monsters Silver badge

          Re: A complete wipe?

          If we were to treat the US government as an operating system, would I be right in diagnosing it's been rooted with a nasty malware infection?

          Yeah, but how do you propose to go back in time and kill Teddy Roosevelt?

          1. Ropewash

            Re: A complete wipe?

            No need.

            The solution is the same no matter what generation of .gov software your country has installed.

            Erase the partition WashingtonDC then create a new partition and format with whatever .gov system you feel you require.

            If I might offer some advice; make the partition much smaller this time.

            1. Charles 9 Silver badge

              Re: A complete wipe?

              Two problems.

              One, you could end up with more of the same, or even something worse than before.

              Two, how do you deal with natural accretion which seems to be able to get past any law known to man?

            2. Tim Seventh
              Linux

              Re: A complete wipe?

              "The solution is the same no matter what generation of .gov software your country has installed.

              Erase the partition WashingtonDC then create a new partition and format with whatever .gov .people system you feel you require."

              FTFY

          2. allthecoolshortnamesweretaken

            Re: A complete wipe?

            "Yeah, but how do you propose to go back in time and kill Teddy Roosevelt?"

            Just out of idle curiosity, why Teddy? (Not my first go-to by a bit of a stretch.)

        3. Captain Badmouth
          Happy

          Re: A complete wipe?

          "If we were to treat the US government as an operating system, would I be right in diagnosing it's been rooted with a nasty malware infection?"

          There's certainly something present that needs a good wipe...

    2. Anonymous Coward
      Anonymous Coward

      Re: A complete wipe?

      Once it has root there's no telling what it has done.

      You really should wipe and reinstall for any malware that gains root/Administrator levels privs. I don't see how you could possibly trust your system without taking that step.

      1. Remy Redert

        Re: A complete wipe?

        I agree that you can't trust the OS itself afterwards, but with Linux at least it would be possible to boot off a live DVD/USB and run a scan from a known good OS to clean out any infection of the system.

        The only way to get around that would be to have a firmware persistent malware at which point you'd have to wipe and reinstall the firmware for everything as well, probably over USB.

        1. James O'Shea

          Re: A complete wipe?

          "I agree that you can't trust the OS itself afterwards, but with Linux at least it would be possible to boot off a live DVD/USB and run a scan from a known good OS to clean out any infection of the system.

          The only way to get around that would be to have a firmware persistent malware at which point you'd have to wipe and reinstall the firmware for everything as well, probably over USB."

          You can do that with Macs, too. It's perfectly feasible to create USB boot flash drives. It's even more feasible to create bootable external hard drives, and somewhat more difficult but still possible to create bootable DVDs. It would be trivial to boot off one and clean the drive.... _if you already had created such an item_. I, personally, have bootable flash drives with 10.11, 10.12, and 10.13 installed, and have full bootable backups (plural) of my working drives. It would be trivial for me to fix this. The easiest way would, actually, be to put the bad system into target disk mode and clone back one of the backups. However, I have backups and boot flash drives. The vast majority of John Public does not have either and look at you as if you just flew in from Mars when you suggest that maybe, just maybe, having a backup might be good, and that maybe, just maybe, it might be a good idea to have a bootable installer.

          How much am I bet that the majority of those affected have no backups whatsoever?

          1. This post has been deleted by its author

          2. My Coat

            Re: A complete wipe?

            Rather than create a bootable USB drive etc, probably easier to boot from the recovery partition, no?

            1. Doctor Syntax Silver badge

              Re: A complete wipe?

              "Rather than create a bootable USB drive etc, probably easier to boot from the recovery partition, no?"

              That assumes the recovery partition hasn't been affected.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020