back to article Macs seized by porn Trojan

Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X. The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Jobs Horns

    You know....

    Balmer is probably behind this...

  2. Abdul Omar
    Thumb Up

    Relax

    Fortunately for Mac owners there is a very simple way around this vicious and devastating attack.

    Simply install a program called Boot Cap.

    Boot Cap is very clever because it literally Boots out the security plagued OSX operating system and places a Cap over it -- Windows!

    From then on you can enjoy stable, secure, efficient, beautiful, innovative, cool, fast, compatible and cost effective Vista like the rest of the grown ups in the world of computing.

    Peace

  3. Thom White
    Thumb Down

    Social engineering, or cyber-Darwinism?

    Well, I always make a point of entering my admin password at the request of a porn site pop-up.

    OS X, Linux or Windows - If you are daft enough to fall for this, you deserve everything you get.

  4. Steven Knox
    IT Angle

    Just In Time

    Our business just got a request from marketing for a Mac, the first we'll try out. It's comforting to know that malware is out there for them as well. Thanks!

    So where's the completely unwarranted crowing from Windows fans and the equally invalid "it doesn't really count because (fill in specious reasoning here)" replies from the Mac cult?

  5. Anonymous Coward
    Flame

    Cue flame war in ...3...2..1

    Suggesting that Mac users are as dumb as Windows users just makes me visualize the I'm a Mac/PC guys telling yo mama jokes.

  6. Jamie Davis
    Jobs Horns

    What's that I hear?

    Is that the galloping hooves of irony? (yes, anthropomorphised, irony is a horse)

    Having Mac fanbois crow about not having a full user-base despite soooo safe. They now have a larger base, and look what's happened.

    It shows yet again that all platforms have *some* kind of hole and that the scum out there who write this are just playing the numbers. Except now, your OS doesn't have the history and pedigree of AV programs that Windows does.

    Congratulations. You became a statistic. I'm going to go horse riding.

  7. Allan Rutland
    Alien

    The weakest point...

    of any system is the user sadly. Those pathetic meat bags are a real security hazard, surprised Symantec not tried marketting a straight jacket as a universal firewall againt possible human judgement attacks. Although installing anything by Norton falls in that same category.

    As the others have said though, odd we haven't had the usual fanboi comments yet...or are they all busy downloading some new codec for Quicktime to see the latest Jobsy porn :P

    Bring on our lizard over lords to protect the world from those terrible meat bags infecting the world!

  8. James Findley
    Happy

    Bad news for Gates and his bank manager...

    Mac popularity is gaining enough that moreand more people are bothering to code malware for it.

    However, its when there are peices of malware specifially targetting Ubuntu too that Gates will really have to admit he's lost the monopoly and needs to start being nice to his customers again.

  9. Anonymous Coward
    Anonymous Coward

    Oh my...

    wow, some of you folks in the mac camp are really worked up over this... And some are actually seem disappointed that the M$ purists aren't making a bigger stink over a trojan exclusively written for Mac's that prey on peoples most basic weaknesses: the never ending quest for something for nothing combined with unwarranted trust.

    I'm also surprised that the *nix folks aren't in here poking fun at the other two sides just for the lack of something else better to do.

    As for me, I have taken the philosophy that any technologically advanced society is only as strong as it's laziest programmer, hardware manufacturer or service provider. To translate, if builders built buildings the way the computer industry is cranking out hardware, software and services, the next woodpecker that comes along is going to destroy civilization as we know it.

    I really wish I could take credit for that line but sadly I read it somewhere but can't remember who the source is...

  10. J
    Flame

    Re: Relax

    What a Windiot... (TM)

  11. Chronos
    Flame

    crontab...

    ...the damned word is "crontab" as in cron(8) tables. I know it's probably a typo (yes, I have Cumberland sausage fingers too), but I really think that it's worth pointing out so that anyone on a Mac box can launch the console and type man crontab to find out what the hell we're all talking about and maybe even learn how to get things out of the crontabs for themselves.

    Now, even if Microsoft Windows' days as the dominant OS are numbered, which I sincerely doubt at this point, it looks like it's business as usual for VXers. Of course, that also means SNAFU for us.

    I hope Apple have learned a valuable lesson from this: Make something too simple (such as auto-installing software via the browser) and you get smegups like this creeping in because you're actively discouraging thought on the part of the user. EXACTLY the same mistake MS made and continues to be punished for, for example by people disabling UAC on Vista because they don't (and, at this late stage in the game, don't want to) understand why or how, they want it to Just Work [TM] because Microsoft have them trained not to think.

    It's PEBKAC, pure and simple, although the blame doesn't solely rest upon the luser in between.

  12. Anonymous Coward
    Anonymous Coward

    The only news there is

    ...that it's in the wild.

    This is however not a security vulnerability. Should OSX prevent any changes to TCP/IP settings outside it's own network preferences GUI?

    It already prompts up a security prompt asking for the admin level password - (with a handy note of who is requesting what priviledge) - I'm curious, what more should OSX do?

  13. J
    Coat

    Re: What's that I hear?

    "(yes, anthropomorphised, irony is a horse)"

    But then it would be "equomorphised", surely...

    Re: the article, I am not part of that user base you refer to, but... It seems like you didn't read the article. Not even the title? I mean, a Trojan (title says it is one, and article confirms) is a program that needs user intervention to act, tricking you into thinking the program does something you want but etc., kinda like the Greek story. Therefore, no hole here (I'm sure there must be holes elsewhere). Just stupid people running something they shouldn't -- can happen anywhere, as already pointed out. It's not like this is a Windows worm that gets automatically installed in your machine within minutes of you getting online unless you spend hours armoring it... I suspect we are still waiting for that type of treat for Macs. (or is it here already too?)

  14. t3h

    Malware will always exist, no matter what platform.

    The thing is, the user is the weakness. Any platform capable of running custom software will be capable of having at least some form of malware for it, no matter what the OS developer does. Whether a laptop, a desktop, a PDA or a mobile phone.

    Even if they lock the user out of the system files to prevent damage, by far the most important thing on the computer is the user's files. Those can by definition be accessed by the user, and damaged by anything running as the user. So a program doesn't necessarily need root/system access to do harm.

    #!/bin/bash

    echo "The system needs your password for important maintenance"

    sudo rm -rf /

  15. davebarnes

    Link to Porn site please

    I would like to verify this for myself.

    And, look a naked women.

    can we have a link to one or more of these porn sites please?

    thanks

  16. Webster Phreaky
    Jobs Horns

    Bwah ha ha ha ha Macs + Porn ... FIGURES! Bwah ha ha ha ha ...

    We all know that MacDroids spend all day on the porn sites with their "safe macs" ...

    This is TOO FUNNY!!!

  17. Magilla
    Flame

    Abdul Omar (Relax)

    You probably think you're very funny and clever, but you aren't.

    1) It's called Boot CAMP, not Boot Cap

    2) Vista is far less secure than OSX is.

    If you want to know how secure Windows is, DO NOT ask Microsoft. Do you REALLY think they'd say "Vista is a piece of crap", even if it really is? Of course not.

    Incidentally, Vista IS a piece of crap...

  18. Andy

    @Abdul:

    That'd be Boot Camp, mate, not Boot Cap (whatever one of those is). Your last paragraph is hilarious.

    So, let me get this straight: the idea is to trick users into installing malicious software? Wow, that's genius. People have been doing that for years, to Mac and PC users alike. This is news when it can be done without my knowledge.

  19. Anonymous Coward
    Jobs Halo

    Re: Just In Time

    > "it doesn't really count because (fill in specious reasoning here)"

    Well it doesn't really count because if someone goes to a pr0n site, is presented with a dialog to install some software and proceeds to install, then that person is a little "funny in the head" as the saying goes..

  20. Chris Gibson

    Er...

    I'm fairly sure that the "Boot Cap" comment was a joke...?

    it does seem to me that asking users to install some software that knackers their machine -- even going so far as to trigger the Operating System's built-in "Woah, this could be dangerous, best ask for the Admin password to make sure this user knows what they're doing"-mechanism -- is pretty feeble. What happened to Boot Sector viruses on copied floppy disks? Now, they were clever, and genuinely difficult to avoid.

    It's depressing, though, to see the Comments section even on a grown-up site like The Register descend so rapidly into the usual foaming rants about "fanbois" and virtriol towards other users/platforms. Maybe we've not moved on that far from the Amiga/Atari days after all.

  21. Anonymous Coward
    Thumb Down

    Where's the story?

    The only news here, is that the story highlights the stupidity of PC users who don't seem to know what Trojan is, or even grasp the concept of administrative rights and how they should be kept safe.

    Of course most Mac users probably have girlfriends or successful lives anyway which lessens their need for porn site visits in the first place.

  22. 4.1.3_U1
    Coat

    @Boot Cap

    Maybe you could use the spare 'r' out of crontrab then it'd become Boot Crap.

  23. Anonymous Coward
    Jobs Horns

    Social engineering indeed...

    Well, as everyone knows, Mac users are MASSIVE wankers. So it's not surprising that the trojan writers would target them with pr0n.

  24. Ted Treen
    Jobs Halo

    @Abdul encore une fois..

    Abdul, old chum:- Youve missed a letter out: it's not BOOT CAP , it is BOOT CRAP since it allows you to boot a lovely Mac into what is basically festering donkey droppings.

    Cheers, old boy,

    Ted

  25. Tom

    RSPlug ?

    Arseplug? What kind of website was this anyway. a gay one?

    Can we therefore surmise that MACs tend to attract more gays than Winboxes?

  26. Ze Stuart
    Pirate

    @Abdul

    Fan boi.

    Going to have to start using Lynx for porn!

  27. Sceptical Bastard

    Happy to oblige...

    Quote: "I'm also surprised that the *nix folks aren't in here poking fun at the other two sides just for the lack of something else better to do"

    Sorry, must be slipping!

    Windoze is a pile of virus-ridden shite for the moronic masses. Macs are over-priced and fit only for sad fanboy lusers who seek eye-candy and imagined cachet.

    BSD/Linux is for real men with chiselled good looks and lots of real-life girlfriends. 'Nix is the flawless operating system Jesus or Alexander The Great or Winston Churchill would've chosen. The entire internet is run exclusively on Linux. Every single supercomputer and academic system runs Unix (... continue in similar vein ad infinitum)...

  28. Feargal Reilly
    Coat

    Does this mean?

    I guess this means that OSX has Windows users now.

    Where's the flamebait icon?

  29. Ned Fowden

    ROFL @ Magilla

    hahahhahahahaa

    Vista is pretty darn good in all actuality

    i'm no fan of M$ but having been forcefed Vista with my new laptop, i am incredibly impressed with it's stability & security.

    but then as already pointed out here, the user is the weakness in any system.

    i have my tried & trusted applications keeping me safe & secure in whatever i choose to do.

    Vista is great, it's that simple

  30. Kevin Thomas
    Coat

    Errr...

    Did I miss the bit about the fact that the user has to click through to install the bogus software? Most users mac and pc would know when a dodgy alert pops up and steer clear. I think this story is a little bit of anti-mac scaremongering. Let's face it, Macs are not subjected to the same virus and malware as PCs...fact.

    Anyhoo...the word is CRONTAB not CRONTRAB.

  31. jai
    Heart

    he's back!!

    webster!! it's been a long time. we've missed you!! no really!

  32. Joel

    This is not a letter bomb....

    In the post one day, you receive a parcel. You open the parcel. Inside is a gun, with a piece of paper reading:

    This'll blow your mind!!!

    1) Take gun out of box

    2) Place gun to head

    3) Pull trigger

    This is not the same as a letter bomb. But if you are stupid enough to follow the instructions, you will end up just as dead.

  33. Mad Mike

    Security quality

    Any security breach that relies on the user being an idiot (i.e. entering an administrator password or similar) is not really that clever and says little about the operating system. No operating system, no matter how good or how secure can prevent this. When we see Macs being infected through buffer overflow viruses etc.we'll be able to seperate the men from the boys. As the malware doesn't attempt to do anything like that, I suspect they can't!! Looks at malware that exploits flaws and exploits in the operating system before taking any notice of it.

    At the moment, this sort of malware only really exists on Windows. Whether that is because people can't be bothered to write it for other platforms due to uptake, or the other systems are more secure is another matter.

    P.S.

    I don't have a Mac, but do have Windows and Linux.

  34. Nick Pettefar

    Warning, this is a Mac virus

    As you are running Mac OS X, you are on the honour system. Please enter your root admin password and then close your eyes for a while. Please ignore any system messages. Please do not do or think anything intelligent. (We have our fingers crossed...)

  35. Anonymous Coward
    Joke

    Surely the real point is...

    ...that Mac users are thought to be more likely to visit porn sites - the Dirty Mac brigade, indeed... :)

    I trust the sites concerned have a Paris Hilton angle?

  36. Abdul Omar
    Thumb Up

    What difference does it make?

    Boot Cap, Boot Crap whatever... the point is that yet again Microsoft is able to provide an effective solution that addresses Apple's myriad failings.

    Macs are all very well for adding that effete look in latte lounges but when you want the heavy lifting done then it's the boys from Redmond to the rescue.

    Again and again.

    As for Vista, one question for you... Have you actually tried it?

    No I thought not.

    I for one upgraded from OSX to Vista and the only regret I have is that I waited so long.

    Try it and you'll soon change your itune.

  37. Anonymous Coward
    Anonymous Coward

    I think the Boot Cap guy was 'avin a larf...

    ...but this does demonstrate that requiring an admin password to install stuff is only of limited use - here the user *knows* they are trying to install something so they will go right ahead and type that password.

    This is minor news because I can't remember the last time something like this was in the headlines. I don't exactly think the sky is falling in on Mac users just yet though.

  38. Anonymous Coward
    Anonymous Coward

    re: What's that I hear?

    Umm, you do realise this isn't the first OS X Trojan, don't you?

    Oh, that's right, you didn't - or maybe you're commenting on the first one and it's taken you 18 months to come up with that post.

    Too little, too late....

  39. Rob
    Jobs Horns

    C'mon!!

    People we've had 18 posts (at time of writing) and it's all still a bit polite, someone's already counted us in for a flame war where is it?

    By now I was expecting to be making anologies about Mac users being americans and windows users brits and war on terror, we've been suffering from terror for ages, yada, yada, yada.

    Blow the lot of you then, 'suppose I'll have to do some work instead :(

  40. Steve Ives
    Unhappy

    A peice of really nasty malware for the Mac...

    It's called 'Superduper'. I downloaded it and entered my admin password when it asked for it and when I ran it, it came up with a loads of promts so I just hit 'OK'.

    Before I knew, it it had wiped my external hard drive!

    Stay clear guys!

  41. Anonymous Coward
    Anonymous Coward

    @J

    > > (yes, anthropomorphised, irony is a horse)

    > But then it would be "equomorphised", surely...

    Think you're confusing your Latin and Greek there - would it not be hippomorphised?

  42. Léon
    Thumb Up

    @Abdul Omar

    Nice! How many 'oh-my-god-how-could-he-have-said-that'-replies did you expect? I especially liked the Vista promotion :)

  43. Anonymous Coward
    Coat

    Just goes to prove what we've known all along

    Apple fanboys & fashion victims are nothing but a bunch of w*nkers

  44. Anonymous Coward
    Anonymous Coward

    @Magilla

    Why is Vista a piece of crap? And where is the evidence (at all) that Vista is far less secure than OSX?

    @t3h

    Singularity is quite a decent solution to a secure OS (even if it is just a research project)

    I think the real problem here is that Apple have quite happily flaunted the statistics on viruses/trojans for PCs and Macs, and used them to suggest that there is almost no danger of infecting your Mac. Yes, I'm a Windows man, but at the same time I'm not going to needlessly bash Macs. I do feel though, that the belief that Macs are unbelievably secure will mean users won't think twice about throwing their admin password into a box that pops up, just as most users don't read what UAC throws up. Remember that a lot of Mac users are people that haven't used Windows, or haven't used it a lot, and went straight to Mac. A lot of these people won't understand why they shouldn't type in a password if they're asked for it. This is the same reason I dislike AV solutions, they trick people into a false sense of security. We should be working on ways to educate people about using their PCs SAFELY, not telling them that they will be ultra secure on one or the other system. It's like saying that our software has been tested and so has no bugs.

  45. Anonymous Coward
    Alert

    @cronos

    "Make something too simple (such as auto-installing software via the browser) and you get smegups like this"

    To state the bleedin' obvious to anyone who's actually read the article, the software does not AUTO-Install via the browser, QuickTime redirects to a site with an alledged codec and "The Trojan requires victims to enter the administrative password for their machine".

    Bit of a difference between that, and visiting a site that can auto-install software without you even knowing about it.... Apple haven't made that mistake, as far as I can read from this article, it's the users who should be learning a valuable lesson from this.

    And @bws.. "wow, some of you folks in the mac camp are really worked up over this... " ... Erm... where? They don't seem to be in this thread? Maybe they realise that any exploit that requires them to type in their admin password really isn't much of an exploit?

  46. Justin
    Thumb Up

    Brilliant!

    I don't think it's so much a larger user base that has been the incentive for the malware creators here. It's far more likely that someone finally cracked at the ever increasing nausiating piety & smugness that seems to gush out of most Mac users.

    Hopefully this news will stop so many fanboys getting so hot & wet over their 'computers (i use the term cautiously)' and subsequently curb the need they feel to talk about it 20 times a day.

    A bit of humble pie could do the Apple camp a huge favour; who knows, maybe they'll go back to creating websites for their pussy cats, making "cool" photo albums of themselves or whatever you're supposed to do on a Mac, instead of pissing everyone else off at every oppertunity.

  47. system

    Social engineering

    "We see no evidence that Mac users are any more resilient to social-engineering attacks."

    However, there's plenty of evidence they may be more susceptible. They did after all buy into apple :p

  48. Anonymous Coward
    Anonymous Coward

    @Magilla

    1) Wow! Fanboi alert!

    2) Typeing in CAPS in NOT BIG or CLEVER, and DOSE NOT MAKE YOU RIGHT. Please people. Stop it. It just makes you an ideot.

  49. Anonymous Coward
    Flame

    Re: What's a Windiot... (TM)

    its the MS version of a iDiot (TM) came out a short while after if I remember correctly.

    @Magilla & Andy... ever heard of SARCASM I'm sure your browsers still connect to the internet try using it.

    The real problem is those who believe they are immune, for they shall fall first. At least pc users know they are targetted.

  50. Charlie Clark Silver badge
    Coat

    Decline and fall of the English language

    @J I think you'll find the word would be hippopomorphised but I'm not sure that the initial poster was correct in claiming anthropomorphism. Surely it's a simple metaphor? Maybe Equinification (Latin root this time) but still only an extended simile as opposed to treating malware as if it were a horse which would be something like: "the malware stood 8 hands tall, its sleek coat glinting in the sunlight" :-D

  51. Jon
    Stop

    Aaaarrrggghhhh nooooooooo....

    I've just managed to pull myself out of a Blog site that was taken over by Mac/PC bitching... Do we have to do this all over again??

    Please El Reg.. Pull this story before I pull my hair out.. There's never a winner when you set Mac and PC users against each other.. Just endless, pointless droning on and on and on and on.....

    Aaaaaaaaaghggggghhhhhhh!!!!!!!

  52. Martin Hargreaves
    Thumb Up

    @Steven Knox

    "So where's the completely unwarranted crowing from Windows fans and the equally invalid "it doesn't really count because (fill in specious reasoning here)" replies from the Mac cult?"

    There it is...

    Jamie "Having Mac fanbois crow..." Davis

    Allan "usual fanboi comments... ...jobsy porn" Rutland

    Obvisouly "Webster "We all know..." Phreaky

    and on the other hand

    J "Windiot"

    Magilla "Vista IS a piece of crap"

    Actually it seems relatively sensible for a story mentioning Apple, by El Reg commenter standards.

  53. Anonymous Coward
    Anonymous Coward

    Webster

    Where's the iPhone comment??? You're letting yourself down!

  54. GrahamT
    Coat

    Mac owners visiting porn sites?

    Must be the Dirty Mac Brigade

  55. Anonymous Coward
    Anonymous Coward

    I don't need no frickin' comment

    WTF is 'a root crontrab'???

  56. Simon Neill

    Are you sure?

    You can put as many messages saying "this application wants to run" "this application wants to format" "this application wants to take over your PC" as you want, but you will never manage to make users read them. In fact, the more of them you make the less likely people are to read them.

    As for the whole mac vs windows vs linux... I'd love a mac at home, I'd hate to do my job on a mac or linux network.

    Saying one is better than the other is like saying a spanner is better than a hammer.

  57. Anonymous Coward
    Boffin

    Not an OS vulnerability

    "The Trojan installs a root crontrab that makes minute-by-minute queries to check that the doctored DNS server is still active"

    It can only do this if you are logged in as root while surfing p0rn - which you aren't unless you're a complete knob - in which case you deserve to have your system 0wn3d.

  58. Jon Double Nice

    I thought 'boot cap' was meant to be ironic...

    As in like 'run something good on top of Mac OS'.

    But wasn't the point made the other day by someone, that if you run a virtualised known good/uninfected copy of an OS (say XP using Parallels or something), you can lose all the malware once you close the virtual app thingy.

  59. Jamie Davis

    @J

    The user IS a hole. In more ways than one on a mac. But I digress, probably not the best word.

    The point I was trying to make is that a large part of smugness that comes from the Mac crowd is indirectly derived from being a low profile group. Their profile is raised, a head comes above a parapet and now it gets shot at.

    I read the article I assure you, a poorly chosen word on the part of "hole" (and "anthropomorphised")

  60. This post has been deleted by its author

  61. Nick
    Flame

    I'm bored of this one ...

    ... can we resurrect the "vi vs emacs" holy war ;)

  62. Nick

    Yeay!

    Well, looks like the 'security by obscurity' argument is looking weaker and weaker from the MacFanBois. Welcome to the world of constant av/anti-spyware/patch updating that us Windows users are now well practiced at.

  63. Jon
    Paris Hilton

    Here we go again...

    I warned you..

    Didn't I warn them? I did didn't I? I sure I did..

    Everyone duck.. The Windows and Mac crowd are throwing rocks at each other again!!

    As for the "Only a vulnerability if you log on as root"... These attacks are aimed at (ab)users at home, not many people are brave/foolhardy enough to look at porn at work.. I would say from experience that 90% or more of home users log onto their machines with root privs.. Or admin privs if your a Windows user, which is why these vulnerabilities work.. I wonder how many of you reading this now are logged on without Root/Admin privs if you're at home??

    Where's the Paris Hilton angle on this?

  64. SpitefulGOD
    Gates Halo

    Title

    What a piece of ArsePlug OSX is, its shitty safe heaven is now starting to be raped thanks to Jobs and his buddies wanting a bigger house and a faster car. All the old beardy weirdoes that were there from day one are thinking "Jobs has betrayed us". That's right, he took your geeky elitist friendship and he's starting to wipe his ass on it in the name of profit. MS has had years of experience when it comes to security on a totally massive user base and they still haven't got it all sown up, Apple has absolutely no chance. Bunch of wankers, this fluffy feminine OS has seen its day. I think it’s time it bowed out and relegated itself to the set-top box industry, saying that though Linux would whoop its ass there as well.

    Apple users are moronic, who else would pay 3 times the going rate for a piece of hardware and a shit OS. durrrr duurrrrrr DUUURRRRRRRRRR

    Dicks

  65. Dr. Mouse
    IT Angle

    RE: Not an OS vulnerability

    "It can only do this if you are logged in as root while surfing p0rn"

    Erm... No. OSX, like most desktop linuxes etc that I've seen, have a GUI version of (or frontend to) su/sudo. What the article says is that it asks for your root password, which means the installer runs with root priviedges.

    The only way to get round this is a system-level security system, like SELinux et al, which says "even as root, that program is not allowed to do that!", but this complicates things alot, and Mac users wouldnt be able to understand ( just had to get a quick jab in). Notice that windows doesnt have owt like this either, but thats because Microsoft collectively has even less brains than the average Mac user.

    To misquote a famouse Australian: "Can you guess which OS I use yet?"

    PS: Wheres the IT angle? This is about Macs, not Computers :P

  66. Anonymous Coward
    Black Helicopters

    Baka

    Type your admin password in at the request of a website and you get what you deserve.

    Now I wouldnt be running my win2000 box with a user account with admin rights would I that would just be asking for trouble ;)

  67. Anonymous Coward
    Jobs Horns

    @mad mike

    'When we see Macs being infected through buffer overflow viruses etc.we'll be able to seperate the men from the boys'

    http://www.heise-security.co.uk/news/98156

    As this report shows, Leopard is far from secure. I have mailed this link to el reg, but so far they have failed to put an article up about it. Expect lots of security vulnerabilities to surface very soon and then maybe you won't be so smug.

    This time I think Apple have been too smug for their own good. 'Why do you need a firewall, you're on a mac - you're invulnerable hahahahahah'

  68. Peter Gathercole Silver badge
    Flame

    @Anonymous Coward (Own3d)

    Strip this post of the "technical" icon. He obviously does not understand what cron does, and probably does not even understand what a "Multi-User" and "Multi-Tasking" operating system really is! Probably even believes that you need more than one processor in a system to do more than one thing apparantly at once, like the PC World and Intel ad. people.

    Cron will run a job when specified, as the specified user, regardless of who (or even whether anybody at all) is logged on. Root's crontab is an obvious place to put such an exploit, but an equally obvious place to look to find it! It indicates that the writer was not really that clever.

    Apple's security system of using sudo-like protection for sensitive commands mean that it is actually quite difficult (but not impossible, this is a ) to surf as root on a Mac. But people are now very used to just do what they are asked to do by the system, without thinking (think most personal firewalls and the Vista over-the-top UAC). But modern systems are complex, and most home computer users make poor System Administrators, and know no better.

    Tell you what. Get Microsoft (or their partners) and Apple to offer outsourcing of the admin. of home systems. Introduce change control systems, requests forms, helpdesks etc. to have software loaded or system changes made. It'll make using computers at home just like work!!

    Then you would be 0wn3d!

  69. Dennis
    Happy

    change resolv.conf

    Maybe we should <chmod 777 /etc/resolv.conf> to make it easier for the malware writers, so that we can get rid of that pesky admin login OS X (and any reputable *nix OS) requires before changing something important?

  70. Cyberspice

    @Abdul Omar

    "Macs are all very well for adding that effete look in latte lounges but when you want the heavy lifting done then it's the boys from Redmond to the rescue."

    And what's wrong with the effete look? Hell, when I'm in latte lounges with my Mac I look positively girly. Possibly that's because I am one. And I'm usually waiting for a transatlantic plane working on some kind of low level software issue as part of my consultancy business. I don't need no stinkin' boys whether they be in Seattle or Scunthorpe to help me...

  71. Bill Gates
    Gates Halo

    you cant prove anything

    my boys had nothing to do with this Trojan

  72. Anonymous Coward
    IT Angle

    fanbois

    I do not think anyone of you m$ fanbois have a clue how your systems work, let alone a mac. Here is your mac fan chiming in. the reason a mac is secure has nothing to do with obscurity but the fact that osx is a bonafide nix and at such time there is no virii for unix. social engineering is just that. mac/pc people can all be coerced into doing something not all that safe. but here is one for ya, since the mac users have had to bear witness to the tribulation of windows, most of us know what to expect from the net. besides, most pc lusers are just pfy's that couldn't get laid in a womens prison with a handfull of pardons. why do you think all the pron sites affect pc's? auto install to pc's? have av software created for pc's... etc...

    ad nauseum.

  73. Greg Witt

    </smug>

    OK Mac kiddies - here endeth your smugness regarding viruses.

  74. Kevin Turnquist
    Happy

    @ Allan Rutland

    "Those pathetic meatbags ..."

    Either you've played KotOR, or you've magically channeled HK-47 to a tee ^.^ Well done.

  75. Anonymous Coward
    Dead Vulture

    re fanbois

    If your eloquent response is a good indicator of the intelligence levels of a mac user, no wonder you need the Lord God Jobs to dictate everything to you. Can spell, use punctuation or put together a coherent sentence. Then you degenerate into worthless insults. Adding latin at the end does not make you look any smarter and one wonders if you actually know what it means.

    Just to enlighten you, ad nauseum means something that has been continuing 'to the point of nausea' which is exactly how most real computer users feel about the pile of shit that spews from the mouths of mac fanboys about how great and impervious macs are.

    Most viruses, trojans etc target pc users because of the large majority market share - not for any other reason.

    As for most windows users not knowing how their system works - probably true but if you compare percentages instead of numbers the same can be said for mac users. Most mac users do not have a clue what goes on behind the nice shiny gui as Apple have taken anything to do with the system out of their hands.

    As for there being no virii for unix, I think you will find there are so try looking facts up before mouthing off.

  76. Anonymous Coward
    Stop

    OSX & Windows both crap for Pr0n

    Methinks you're all missing the point.

    Windows, Mac and to some extent Linux are all crap for viewing pr0n.They all keep too many tell tale history logs and cookies for it to be safe.

    No, the best way to view pr0n is via some form of live CD OS (pronounced live seedy Oh Yessss!) then save it to an easy to hide usb device.

    I use Umbongo live for this as I ike my pr0n with a bit of exotic feel.

    Share and enjoy

  77. Duncan
    Coat

    Targeted

    I guess those pesky VX'res did some reasearch when they found this one.

    ok guys we've found a hole in osx, right best place to exploint this for the average Mac user? ok we're all agreed then porn sites it is!! lol

    new meaning to perverts in macs, I'll get me coat now...

  78. This post has been deleted by its author

  79. Bart Wempe
    Coat

    ROFL

    "This may mean that the OS is beginning to gain enough users to be attractive to attackers."

    So endeth the Myth about the Invulnerability of the Macintosh...

    It's simply that there's so few of you that you're not interesting as a target, boys and girls, even your own security software specialists say it...

    besides the hilarious fact that seemingly even for Mac users "the Internet is for Porn"... ;)

  80. Ivan Headache

    @ Greg Witt

    What are you talking about? You fit exactly into the box described in the post above yours.

    Virus, Trojan, Virus,Trojan.

    Spelled differently, work differently.

    Just read the piece before posting tosh.

    smug mac user (support) - 15 years and not one virus

    We've had trojans before - they're nothing new, but I've never met a macuser who'se had one on their machine. Most macusers appear to have a brain.

  81. Chronos
    Stop

    Re: @cronos

    "To state the bleedin' obvious to anyone who's actually read the article, the software does not AUTO-Install via the browser, QuickTime redirects to a site with an alledged codec and "The Trojan requires victims to enter the administrative password for their machine"."

    One word: COBBLERS. The browser (not bloody Quicktime, it's a bogus message the browser is fooled into displaying), even when redirecting to another site and asking for root privs, is not telling the user exactly what he or she is installing. It is, in effect, saying "you need this bit of binary blob to view your smut and I approve wholeheartedly of the use of it" which is somewhat different to your scenario of the user saying "whoa, a root password prompt! WTF?" They're probably so used to MacOS asking for root privs at this point that it hardly registers any more. Yes, Ubuntu et al also do the same thing. It's still wrong no matter who does it and it is my opinion that MS have inherited this idea of UAC *from* the OSS world. In fact, MS's implementation is a little better; at least it warns the user of the possible consequences of supplying the administrative credentials. irrespective of the fact that most Vista boxen have null Administrator passwords.

    OK, so the trojan poses as a Quicktime codec. The user should simply think "WTF? Quicktime's already installed" and suspect the worst? Nope, because they're trained by a lax security model to be guided by the machine making assumptions instead of the correct method of ensuring their machine does as it is told and no more. And that, my friend, is the whole point: They've got it wrong. Again.

    This is endemic in the software world. Firefox, the OSS posterchild of security, does a similar thing on multiple platforms with its plugin finder, although this uses a central point of known values, as opposed to the site "requiring" the binary, to locate the appropriate software. A bit better, but only by a small margin. To quote the infamous spam solution reply form: "why should we trust you or your servers?" Konqueror, from which webkit evolved, doesn't do any of this at all. Most amusing.

    Another little heads-up for the Mac users affected by this: Open a console and type "man resolv.conf" to learn how to remove the bogus DNS entries manually. It doesn't matter that the DNS textboxes are greyed out on the advanced networking applet. If you remove the bogus servers from /var/run/resolv.conf (yes, /etc/resolv.conf is a symlink) after blitzing the DNS check from crontab (removing whatever executable is referenced by that entry with "rm" would also be a good idea), you'll be cured and you'll also understand the underlying system a little better.

    That's not to say I don't expect the vast majority to just dig out their installation DVD and start holding down C, another thing Microsoft has given us which will haunt us for decades to come. Be thankful this is a simple trojan and not a rootkit. For the same effect and much more fun removing the infection, just think of the hilarity that would ensue if the malicious site replaced dhclient with a modified version that rewrites resolv.conf with these bogus servers every time the lease renews. "chflags schg /sbin/dhclient" (assuming a UFS filesystem, I have no idea whether this works on HFS+) is a 99% sure prevention of this attack vector, but what are the chances of people listening? Even then, adding "prepend domain-name-servers ns.example.invalid ns2.example.invalid;" to dhclient.conf will achieve the same results but be a little easier to get rid of. This is all off the top of my head, of course. There are 101 ways to attack the securest of boxen; it just takes fooling the operator to effect 100 of them. Vendors supplying more and more ways to fool said operator is just plain short-sighted so, although I seem to have digressed, this whole rant brings us back to the point I tried to make earlier: The OS vendors are actively contributing to the ease of socially engineering root credentials from their users.

    Oh, and it's Chronos. With an "h" and a capital "C". Not that you didn't already know, of course. The quality of trolling in these comments seems to be at an all-time low, amanfrommars excepted of course.

  82. yeah, right.

    Call me

    Call me when something is found that can compromise root on the Mac without user intervention. Then the Gates towelboys will start to have a valid point.

    I'd hardly consider social engineering to be a platform issue, more of a clueless user issue. Unfortunately, those types of users exist on every computing platform that has ever existed. Simple fix: I've disabled root/admin access to users on machines I administer. Easy to do on Unix/Linux/MacOSX. Much harder on MS Windows.

    So my users have received several trojans, but it has no effect because Unix/Linux/MacOSX systems have adequate (but not great) security. The very few remaining MS Windows users have, unfortunately, managed to corrupt their systems even with all the extra software and hardware that has been deployed to protect users from their own idiocy. Frankly, they're more work than it's worth, and I've given them notice that their support for MS Windows terminates at the end of the year.

    In summary, in Unix/Linux/Mac you can avoid a lot of user problems by not giving the user root access. In Windows... you can't, because at its core it's still a single-user system and applications constantly require root access to operate successfully. So applications have to all run in root mode, with horrible consequences.

    All commercial operating systems made to date have serious flaws, mainly due to flawed design processes that are driven more by marketing than by science. MS Windows, unfortunately, has more flaws than most. No amount of marketing can change that fact. Just because it's popular doesn't mean it's any good.

  83. Futaihikage
    Unhappy

    Ahhh yes

    Positive proof that a computer can only be as secure as the dumbest user. This isn't a flaw of security. This is the same for Linux and Windows. Lately, it seems less about security flaws and more not wanking off on the computer.

  84. webdude

    you need a girlfriend

    If you are willing to do that, to your computer; you don't need a computer, you need a girlfriend.

    Operating system, software and hardware mean nothing, an idiot is an idiot. And you can't fix stupid.

    You just can't.

  85. J
    Coat

    Re: Decline and fall of the English language

    That's OK, I borrowed the language anyway, it's not mine. I'll return it as soon as I'm done here in the US and go elsewhere -- but it might take a while, mind you. Have been using it for almost 6 years now, and even getting to like it a tad by now.

    But, anyway, I feel that "hippopomorphised" has got one too many "pos" there (no German jokes now, please).

    "Think you're confusing your Latin and Greek there - would it not be hippomorphised?"

    Sure, but since I'm of mixed Latin stock I guess I'll make up words in mixed etymology to keep things interesting. Just in case.

    Too bad we haven't got an icon for "grammar/spelling/language" related stuff here... Maybe one big tongue would do it.

  86. Anonymous Coward
    Paris Hilton

    Want porn...

    ...then get a jazz mag. I haven't yet come across one that asks you for your administrator password.

    Even better, get a girlfriend - though the trojan horse problem may well also rear its ugly head here, as whilst you might be letting in a beautiful lady through the gates you'll likely also be letting in all kinds of trouble too. Maybe McAfee could come up with an Anti-Strife suite to deal with this...

  87. Neil
    Boffin

    Jamie Davies....

    ...anthropomorphised, To ascribe human characteristics to things not human. It appears the Davies family must have hooves.

    This is installed when a user is stupid enough to enter his root password for a supposed codec to watch a porn film. Some idiot is always going to fall for it. The only way this can be avoided is for OS's to only allow applications signed by a trusted authority to run.

    This is what Orange have done to my SPV and I sent it back to them the next day. I hope this isn't the way we are heading.

  88. Joey

    Macs seized by porn Trojan

    Macs seized by porn Trojan.

    Is that the Macs at The Register?

    None of mine have been 'seized by porn Trojan' and I would challenge you to point a single Mac that has.

    Now I know hat happens to Daily Star journos that find themselves out of a job!

  89. Gilbert Wham

    Pot kettle black

    "Just to enlighten you, ad nauseum means something that has been continuing 'to the point of nausea'" Er, it's 'ad nauseam'...

  90. Jordan
    Thumb Down

    @Joey

    >None of mine have been 'seized by porn Trojan' and I would challenge you to point a single Mac that has.

    And not one of my Windows boxes (Actually, I mostly run Linux now) has ever been infected with a virus. Therefore, I need proof that they exist.

    Grow a brain.

  91. Adam
    Happy

    Mac advertising

    "anyone on a Mac box can launch the console and type man crontab to find out what the hell we're all talking about and maybe even learn how to get things out of the crontabs for themselves."

    Mac. It just works. Sort of. Until you try to use the internet or you run Quicktime. Or buy an iPhone.

  92. A J Stiles

    virii?

    I keep seeing this word, "virii".

    So what, then, is a virius?

  93. Law
    Flame

    lmao

    These comments are soooooo making it to this weeks comments section! :)

    Incidently, I've decided to create a Nintendo camp instead of joining windows, apple or *nix. So my reasoning (something the macs cant claim anymore) is, if you really wanna be safe online, use your opera broswer on the wii... there are absolutely no malware or viruses in the wild that attack my (obviously much more secure) platform.

  94. tim chubb
    Jobs Horns

    there mac users

    "We see no evidence that Mac users are any more resilient to social-engineering attacks."

    umm i think the fact they are mac users just highlights the fact they are very very suscepatble to soicial engineering......

  95. Igor Mozolevsky
    Jobs Horns

    Patch for human stupidity

    How do Apple dare not install that in their latest OS!!! Atrocious!!!

  96. jonathan keith
    Coat

    At last!

    The dirty mac brigade get their deserved comeuppances!

  97. RK
    Gates Horns

    @abdul omar

    "Fortunately for Mac owners there is a very simple way around this vicious and devastating attack.

    Simply install a program called Boot Cap.

    Boot Cap is very clever because it literally Boots out the security plagued OSX operating system and places a Cap over it -- Windows!

    From then on you can enjoy stable, secure, efficient, beautiful, innovative, cool, fast, compatible and cost effective Vista like the rest of the grown ups in the world of computing."

    let's see...use OS/X which costs $129 and is susceptible to one (1) (count em...>1<) virus if the user is dumb enough to play along far enough to actually get it installed...

    OR

    install M$ Vista, which costs a MINIMUM of $199 for the crap low-end version, and become susceptible to 73,743 (that's >seventy-three THOUSAND<) viruses, according to the "Daily Updates" section of http://www.symantec.com/business/security_response/index.jsp, many of which will install *themselves* if i just leave the firewall off.

    idk, maybe i'm a "fanboi" but honestly, it just amazes me that any Micro$uck supporter would have the nerve to claim that XP or Vista is a better value than OS X. try moving forward in time from 1995 to the present era.

  98. Morely Dotes

    @ Abdul Omar

    "Boot Cap, Boot Crap whatever... the point is that yet again Microsoft is able to provide an effective solution that addresses Apple's myriad failings."

    Whatever you're smoking, mate, it's some serious ganga. Give some to Osama, and he could recruit Virginians to be suicide bombers for Al Queda.

    I'll stay with Ubuntu for my personal systems, thanks. Can't seem to find a current virus *or* Trojan that attacks it.

  99. Anonymous Coward
    Anonymous Coward

    Quit calling the victims "stupid"

    I'm alarmed and reviled by respondents to articles of this sort that claim victims, "had it coming to them" because they are not as computer-literate as themselves. If these technogeeks were screwed by an auto mechanic because their knowledge of internal combustion engines is limited, I doubt you'd hear them saying "I had it coming to me." No, they'd be whining that they were ripped off. So why hold people to a different standard because they have professions that don't allow them to eat, drink and sleep computers? Wake up! Many computer users are elderly, or have full-time jobs not at all within the electronic spectrum: hair dressers, assembly line workers, checkout clerks. For them, computers are tools of communication and they don't know a codec from a [insert clever jargon that sounds like 'codec' here], and don't want to know.

    I know technogeeks often sacrifice girlfriends, interpersonal skills or even decent personal hygiene for a wealth of computer knowledge, but claiming that a victim of computer tampering of any sort "had it coming to them" is tantamount to siding with the crooks. Shame on anyone who takes that stance.

This topic is closed for new posts.

Other stories you might like