Oh how the mighty have fallen, could this be the first blow in a new range of mac viruses?
even though this has happend i still bet the mac users say that there systems are untouchable
Fresh research has shed new light on the world's first Mac OS X botnet, which causes infected machines to mount denial of service attacks. Symantec researchers Mario Ballano Barcena and Alfredo Pesoli said the infections are the same ones described in this blog post from January. In it, the blogger - a self-described designer …
The more technologically illiterate grandmas, grandpas, moms and dads, and whomever you convince to switch away from Windows, be it to Mac or Linux, the more the balance of power will shift.
Not like there are no remotely exploitable security holes in Mac or *nux. There are plenty, and the number of them, alone or in relation to Windows, is irrelevant. The real issue is the user and the number of users. The former to install the crudware from websites, software, or emails, and the later to produce a broader, or narrower, attack surface.
Can not say I am surprised, but will take a lot to get through to most Macites that their beloved Jobsian world has been infiltrated in a serious way. Expect to see thousands of similar fun loving excitement in the next year or two chaps!!
I am glad in a way, they now might begin to understand that popularity is the weakness, and the OS hiding behind the mouse pointer is mostly irrelevant.
This is as much a security breach as the Irish email virus. Come on, you have to deliberately download it *from a warez site*, install it and (because it's running as root) probably put in your admin password as well.
I would have expected a higher level of knowledge than some of the replies above. Oh well, perhaps not.
Note that this has nothing to do with the security or otherwise of OSX. (Which I don't happen to use.) The software was deliberately installed by the owner of the system and did what it was designed to do. If he has a problem with that he should sue the supplier...good luck with that.
So it is not the first of a series of Mac viruses, since it is not a Virus. it is a Trojan. Any system can run a trojan, if it can run anything at all. The only way the OS could prevent this happening is by preventing the owner from installing software. I am sure that would go down well.
Meanwhile...I presume the MAC owner will now go out and by legit copies of all his stuff???
Since I can find, kill and remove an unkown piece of software that is hogging the processor(s) on my mac I don't see this as that much of an issue. kill -9 , rm -rf /offending_binary. But then I never had problems like this when I used a PC as I never downloaded and installed crap. Legitimate software suppliers provide checksums BTW.
The new here is that for the first time a criminals are actually actively targeted MACs in a real world attack.
There are vulnerabilities there to be found, there are people who can have found some in the past with little effort, but up until now one was actually targeted MACs.
This Trojan exploited a vulnerablity found between the keyboard and the chair ... MAC users have historically assumed that they need not worry even when downloading from the least reputable sources.
Now they have to worry.
There are a group of people, which probably includes most non-computerate end users, who need a new type of machine. It must come with the OS and other software in ROM, and have every app they need installed already.
This way they cannot install something which could do damage. But equally, they would not be able to install the latest flash, Silverlight or any other flavour-of-the month add-on.
Can't stomach such a thing? No, I didn't think so. Nor will most users, although UMC's like the eeePC(s) nearly made it.
My coat is the one with the Amstrad Emailer box underneath it.
.. are more like the ones trojans exploit to get where they shouldn't be (i.e. priviledge escalation, isntalling as service or driver etc), they do mention a few remote ones and rather than actualyl debunk them, the comments here seem to be the classic mac, no there isn't :P
"he found a foreign PHP script with root privileges was flooding an undisclosed website with data packets."
So that means that HE was logged in as root when HE ran the script that launched the PHP code. That's not a security hole that's being an idiot.
I'm wondering if Microsoft have bunged someone some cash to spread scare stories as this is the second one in two days which really is a non story.
Its akin to saying that the deadlocks and engine immobiliser on my Saab are defective because I gave the keys to someone who then stole my car.
Complacency is the issue here. Yes, the malware is a trojan in this instance, and not an OS vulnerability or virus as such, but Apple users who believe that their computers are invulnerable to viruses are likely not to appreciate the distinction at the point that it matters, when installing software from questionable sources. Windows users are conditioned to understand that this is risky, and often use anti-malware programs as well as simple caution. They know they are vulnerable. Apple users, relying on Apple's own advertising, may well think they can indulge in risky behaviour without consequences. Certainly few bother to run any sort anti-malware program on a regular basis, if at all.
Social engineering targets people, not operating systems. Most are vulnerable. Those who think they are invulnerable are most vulnerable. Getting people to install a trojan is a social engineering exploit, not an OS exploit, though the trojan will be OS specific. It might be better for their users if Apple refrained from the invulnerability claims.
The trojan relies on exteremely stupid users.
You've got to be dafter than the average by quite a long way.
It's only going to install if you are foolish enough to download dodgy software and then give it your administrator password... that's not a problem with OSX, that's a problem with users.
The point of this is not that the malware was installed through the use of warez, the point is that the Macs in question had nothing to protect themselves from this infection.
The majority of infections on the PC are caused by the installation of something by the user, mostly from websites. Antivirus and Spyware protection are the components by which users are protected from their own stupidity.
As Macs are targeted more, Mac users are going to have to consider investing in some extra software. And good luck finding an expert who can clean your Mac. I'm pretty good at bringing a PC back from the brink, but I wouldn't know where to start on the Mac.
Methinks the Mac Geniusi are going to need a whole new level of genius pretty soon now.
<i>"The Symantec research comes amid reports of a series of unpatched, actively-exploited holes in OS X"</i>
Just guessing here but all you macbois above preaching that "no no no this was a trojan so it doesn't count" convieniently bypassed that bit?
So your original argument that Macs couldn't be hacked "cos they is l33t" turns out to be wrong
Now trojans don't count - call me crazy but I bet they count on a PC or a Linux box right?
So because this malware writer *chose* to write a trojan instead of exploiting a vulnerability you are still OK?
Thats genius level problem ignoring skills you've got going on there - you bois would still manage to shove your heads in the sand in the middle of a frikking ocean
B..b..b..but it's a mac so it doesn't count right?
I can see the adverts now...
"I'm a mac and until now there weren't enough of us for anyone to give a shit about hacking us"
"I'm a mac and I just found out it hurts in general population"
flame on kids...flame on ;0)
This is not evidence of a vulnerability within OSX, it is evidence of the stupidity of those who downloaded warez software and supplied it with their user credentials. As far as OSX is concerned, this would have been an authorised software install, manually authenticated by the user - no technical exploits.
...that some of the commentards here don't read and, more importantly, UNDERSTAND what happened here.
It wasn't a VIRUS it was a TROJAN.
Essential difference? A Trojan requires the user to actually install (usually with admin rights) the software. And that software came from where exactly? Oh, a dodgy warez site populated by n'er do wells and miscreants.
So all those who think the end of the Mac world is nigh - epic fail!
.. to all this is that
a) yes it is a trojan
b) yes the problem is that of a poorly working Mk. 1 Human Brain
c) yes it accompany warez
.. so what does this tell you about the average elitist^H^H^H^H Mac user?
And that is why the flamethrowers are out and working. For how many years have we seen and heard from the Mac fanbois that they are different and better than us unwashed masses... that we cannot and will not "get it" unless we're become "different"? (like the arses over at www.x-plane.com/weapon.html)
Now we see that these many/most(?) of the Mac fanbois equal the dumbest of dumbtards in the PeeCee world. I mean.. come on.. getting burned by a trojan that installs with waez!!!??
"The point of this is not that the malware was installed through the use of warez, the point is that the Macs in question had nothing to protect themselves from this infection."
No Barry, it is you that is missing the point. I've installed warez on a VM before to check for malware. The VM concerned had up-to-date firewall and anti-virus software on it, the OS was XP. The warez concerned was loaded with malware and the AV and firewall did FUCK ALL about it.
The moral of the story is that you won't get software to protect against the idiot in front of the machine - that's the job of the power off button. If you're a moron and install bad software as root then nothing is going to protect you.
@ Alan W. Rateliff - "The more technologically illiterate grandmas, grandpas, moms and dads, and whomever you convince to switch away from Windows, be it to Mac or Linux, the more the balance of power will shift."
That must be the reason 'nix forums are so often littered with newbie-hating surly sarcastic meanies who give totally UNHELPFUL SNOTTY REPLIES to new Linux users' honest questions about problems they're having with their particular Linux distro - 'cause the oldtimers do NOT *actually* WANT the unwashed masses to use Linux (nevermind some Linux fans' seeming proselytizing; that's just a cover to help them feel superior).
How many times have you read the following snide unhelpful reply, when someone mentions a bug or a problem with some Linux app:
"Well, why don't you write a fix for it then, instead of just complaining about it."
Or, "well I don't know why it doesn't work for you, you must be doing something wrong, because it works fine for me [on totally *different* hardware!] therefore your complaint is not valid so I'm going to close and LOCK THE THREAD now."
How convenient that things that make Linux look less than the "mature" OS it's claimed to be now, get swept under the rug, threads closed so that no further discussion can occur. Ironic that they're cutting off their nose to spite their face, because if they'd WELCOME complaints, the OS might advance faster. But no, bury your head in the sand and think "everything's groovy, it's fine the way it is, complainers must be MS trolls". Yeah right. Sure, whatever dude, wouldn't want to pop your little fantasy bubble there.
The implications are clear - if (a) you're not willing to accept things as they are, OR (b) if you're not a hoity-toity well-endowed advanced programmer, you shouldn't be using Linux and you should just go back to playing with your preschooler Windows or idiot-proof Mac, and leave the Linux stuff to the *real* men (or women, as the case may be).
Just the elite clique, please. "Yeah Linux is wonderful (because it isn't Microsoft, of course, duh) but Linux is only for the chosen few and mere mortal ordinary people aren't welcome here."
And then of course they always end their snotty comments with smiley icons to make it look like they're all cheery and positive. Bunch of passive-aggressive phonies!
But it's all for the GREATER GOOD, yes, I can see it clearly now. For if all those newbie moron former-Windows users (grandpas, grandmas, warez-luvrs, file-sharers, etc) were to adopt Linux while retaining their moronic computer-use habits, surely Linux would quickly be up to its ears in malware, scams, viruses, botnets, rootkits, and all the rest of it.
Hey, it only takes a few days for a user to "get used to" just typing in the password when a window pops up in Ubuntu saying it needs the password to do such-and-such (like everytime I need to mount a different drive, or run the Update Manager, or change something in Firestarter), so it would be easy to trick certain types of, er, less-mentally-endowed users into allowing malware to run.
If there were 50 bazillion idiot clueless Linux users doing stupid things in Linux, it would be a much more ATTRACTIVE *target* for MALWARE authors.
But we can prevent all that by making things so UNPLEASANT for newbies that they give up in disgust and/or despair/confusion, thus keeping Linux safe for the already-existing users. So we can continue to be overconfident and smug about the security of our Sacred Chosen No-Malware OS.
I think it's time the Register had a DEVIL PENGUIN icon, a Penguin-With-Horns. You know, like how the Reg has for those other OS's.
I've always found it interesting to note that users of a particular OS (no names, there are a variety) often claim along the lines of "Well, a user had to install it, that doesn't count." User interaction doesn't have anything to do with it. A virus is code that self replicates. A Trojan does something other than what it says on the tin. That's all folks. They don't have to exploit vulnrabilities, they don't have to run without user intervention. By the description I've seen of this botnet, these are Trojans by definition.
Yes, users were fooled into running them, but then Love Letter, Anna Kornikova and a host of other Windows viruses relied on social engineering too, and they are *never* dismissed in such a way.
While computers still need users, there will be malware, regardless of the OS. As the average skill level of Mac (or Linux, for that matter) falls, so viruses and other malware will rise
Biting the hand that feeds IT © 1998–2020