
Trojan horse malware
Where is this 'trojan horse malware' available and how do I download it and do I need admin rights to execute it?
Miscreants have created a new strain of Trojan horse malware that establishes a backdoor on compromised Macs. HellRTS-D (AKA Pinhead-B) disguises itself as the iPhoto photo application. The Trojan is a new variant of a strain of malware first reported in 2004, reports Mac security specialist firm Intego. The Trojan, developed …
Hahahahahahahahahahahahahahahahahahahahahaha
You're all doomed. So what do you have to say now then all your Macsters? Oh, you don't get malware right?
Hahahahahahahahahahahahahahahahahahahahahahaha
Doomed, doomed, you're all doooomed it's MSBlast all over again for the Apple, take a bite of that you fruit poopers.
Oh - you need to be stoopid enough to download some iThing to get infected i see. What, no worm functionality? God dammit, you Mactards cannot even write a decent bloody infectious trojan wormy thing. Useless boogers.
You're right, though I suspect that it would be the same smug grin amongst *nix users that happens whenever someone (not necessarily you, but someone) cries "A-ha! See!? Macs Get infected too!", ...then points to a convoluted trojan which requires an inordinate amount of user stupidity to actually work.
(Mind you, I'm typing this from a Win7 box, with half a dozen PuTTY SSH sessions open to various Linux and FreeBSD servers, and not a single Mac in sight...)
Personally, I'd wait to call it parity until we start seeing drive-by attacks happen on OSX, Linux, or etc.
I guess you missed the Safari driveby download scare...
And as for a "convoluted trojan which requires an inordinate amount of user stupidity to actually work," I have seen many of these types infect Wintards. Click on a link provided by a Google search, it ends up being a webpage mimicing an AV scanning your My Computer explorer window saying it has found XXX number of virii, has a "popup" on which you click the "X", which pops up saying "download this. Run?", Click "Run" and windows pops up again, "Are you sure you want to run this? It isn't from a trusted source...blah blah". I'd say that falls on the "inordinate amount of user stupidity" side of the line. Probably more so than a link to install a supposed plugin.
that it would be the usual free porn vector :)
you know, the 'install this software on your completely safe mac, and you shall see boobsicles, need to enter password to allow install though.. what are you waiting for? boobsicles man, boobsicles!!!' method.
I hear it's surprisingly effective ;)
News for you - I tried running outta admin on XP and it's like pulling teeth. About 10-20% of the software behaves randomly when you are not logged in as admin. Obviously that is after you have installed it as admin in the first place.
So... nice idea, no sarcasm intended. Not so nice in practice with much of the stuff that's out there. The stuff just wasn't written for it. And, no, sometimes you just don't have a real choice in what you are using - this was my significant other's accounting software for work.
Ironic, Mac tore Windows Vista and UAC apart for asking people to enter their password to confirm they're sure they want to do something they've just told a PC to do, and now an idential issue pops up on the mac and the Mac defence is to say there's no possible infection vector.
Please, this kind of stuff helps issues, but in the end stupid people do stupid things and they'll just type the password in to open iPhoto as far as they're concerned.
2000's - decade of Windows problems
2010's - decade Apple begin to realise the problems they've created by telling people they can't get malware....
No it was Windows users who bristled at UAC... Mac OS X has needed an admin password to write to certain parts of the systems since version 1.0 (and yes, as a spectacular oxymoron Apple did have a Mac OS X Server version 1.0 ... the first non Server version was 10.0, but there was a Mac OS X version 1.0).
Nobody at Apple ever said Mac OS X couldn't get malware - ever. This is something dreamed up by PC users. Apple's advice has always been the same: Keep up to date with the patches, think about why you're being asked for your admin password, and don't install software you don't trust (which is pretty good advice no matter what platform you're using).
This doesn't use any kind of short coming in Mac OS X - it's pure social engineering.
Where do you think Microsoft got the idea for UAC from?
I'm also not about to claim that Apple have nothing to learn from Microsoft about security (Windows makes a better job of address randomisation for example) but Mac OS X is Unix, and Unix has a good track record for security.
'Nobody at Apple ever said Mac OS X couldn't get malware - ever. This is something dreamed up by PC users.'
Nope, this is something punted about by fanbois, Mactards and the less knowledgeable media.
'Apple's advice has always been the same: Keep up to date with the patches,'
Umm, this would be the same Apple that had a bunch of widely known security holes in their OS and browser that weren't patched for months. Sure, patch it, ooops there isn't a patch for that hole.
'think about why you're being asked for your admin password, and don't install software you don't trust '
Yeah, 'cause those boobies will still be there when you've decided you trust the software.
Simple fact is, most average users are idiots, Mac users moreso in respect of security because they've had it pounded into them that their shiny sparkly piece of bling computer can't get viruses. You wouldn't believe the crap I've had to put up with from Mac users because 'Macs never crash' or 'Macs just work, it must be your network' etc... etc...
"Simple fact is, most average users are idiots, Mac users moreso in respect of security because they've had it pounded into them that their shiny sparkly piece of bling computer can't get viruses."
"Mac users moreso"? Have you ever met a Windows user. When asked why they have Windows it's usually "i only use it for gaming and use linux the rest of the time" or "we have it at work".
The ones in the first bracket aren't really idiots and they're about 2% of the Winblows user base. The remaining 98% think they're safe because "we are at work" - yeah where external downloads are prohibited and all mails with .exes are deleted...
Oh yeah, I deal with them very day. Idiots they may be but the majority of Windows users I meet are aware that their machines can get infected, that they need to run some sort of malware protection and that stuff comes in via email, off the web or via dodgy downloads.
Sure there are some who are completely oblivious to all that and would click a link even if it told them it was going to kill a cute fluffy kitten (although they could just be psychotic) but there's a much larger percentage of Mac users I meet who think they really don't need to bother, because Macs don't get infected or so they think...
Your average Linux user is somewhat less likely to be an idiot but there are still some raving morons out there using Linux.
"ronic, Mac tore Windows Vista and UAC apart for asking people to enter their password to confirm they're sure they want to do something they've just told a PC to do, and now an idential issue pops up on the mac and the Mac defence is to say there's no possible infection vector."
Urm, no. EVERYONE tore into Vista (and other Winblows OSs) when they DIDN'T ask for a password...
..does this constitute an "in the open" Apple virus/trojan? I can't tell from the article.
Can we now - at last - dump this "no OS X malware in the wild" bollox, and stop with the f*ing denial?
Also, can we at least have an OS X anti-malware that isn't a complete hog, and actually works? What I mean is, can OS X be used to write a better anti-malware than can be found on a PC?
i.e. Can OS X become the more secure platform because it can be (through design and proper protection), not just because Steve Jobs says it is?
My domestic setup is all apple, just in case the fanbois plan on having a dig.
>Mostly malware that requires admin priviledges to actually delete a system file.
If you say so. Good job there's no way of priv escalation under OSX and Apple has such a good record on patching vulnerabilities, if any were ever to come-up - which is of course unthinkable. I'm sure Miller's 20 or so current zero days are entirely made up - its not like he's ever been able to reliably prove any of his claims in pwn2own face offs. Thankfully he keeps all his techniques secret,never speaks at conferences and even if he wrote a book or two, on say fuzzing or mac hacking, I'm sure no-one would buy them.
So, if you download 'iPhoto' using a torrent, don't stop to wonder why it's only a couple of megs rather than the usual several hundred, and then go ahead and install it... you deserve all you get.
Writing Trojans in RealBasic? Since when did cyber-crims start offering internships?
That's 'cos anyone who believes that tripe deserves all they get! Those Apple ads are an utter pile of puppy-poop. Every computer, EVERY COMPUTER, has some point of entry that the scumbags can get in. If you believe what Lord Jobs and his acolytes say and take it as gospel, you are a fool!
If you buy a diesel car you make sure you always go for the black or yellow pumps, you stick "green" pump in it and it's going to go a bit funny! Same with PCs, you buy it and expect it to look after itself as Lord Jobs says it will, you will be in a world of pain in no time!
Oh and I own four Macs by the way, it's still the best O/S I have used in 25 years of IT, I have just been burned too many times by IT equipment to take PR bullshit as written!
Technically I guess it isn't a virus, but then again, I can't remember the last time that I actually saw a real live Wintel virus (these internet days you'd be surprised how few miscreants try to do naughty things to my bootsector :)
Doesn't appear particularly dangerous either... I guess the mactards should start being worried when it isn't news anymore whenever a random useless Mactel trojan pops up.
"And by the way, this is a trojan. not a virus. Show me an actual OS X virus... I thank you."
and
"hey don't. This is a trojan. Maybe you should learn the difference, and actually read the article next time."
That's the best you can come up with? Arguing about semantics? Ye-gods. You must be big time fanboys...
You've got all you need to build it yourself. It is EASY to create a program that does something the user wouldn't want it to if you can trick the user into (a) Downloading and installing the thing (b) Dutifully typing their admin password when prompted.
This isn't even worthy of the term "hack". The sad fact is, this is simple - the fact is that Mac users don't do "b" half as readily as PC users believe. Just because someone is using a Mac don't think they are stupid, or that they only bought it "because it was shiny". Maybe they know a little more about computers than you think - maybe, just maybe they know more than you do.
Macs still don't get self installing viruses or any other kind of nastiness that is so common on Windows.
The only way to get malware of any kind on a Mac is to manually install it, and enter your Admin password.
I have no sympathy for idiot users, but Macs are still inherently secure.
"I have no sympathy for idiot users, but Macs are still inherently secure."
Then you're saying you have no sympathy for *yourself*, because macs are not secure--they're simply not attacked as much.
Look at Pwn to Own. Macs have fallen 3 years in a row, usually first.
Of course, to be fair, perhaps you aren't using the dictionary defintion of secure: "free from danger or risk". Well, I suppose in that sense a baby in a rich man's house is more secure than a baby in a war zone--unless the baby in the war zone is in a Bolo of course...
But if you mean "impregnable: immune to attack; incapable of being tampered with" then you are living in a dream world, as Pwn to Own clearly demonstrated.
So which meaning of secure are you using? Think carefully now...
Obviously, no system is inpregnible to attack.
Windows certainly isn't.
Even ATMs are NOT inpregnible to attack. A colleague of mine once had a job in a team trying to hack them (on behalf of the manufacturers).
Using a robotic arm, a gun, an xray scanner, a machine that could freeze things to about 20 degrees above absolute zero and a few other pieces of high tech equipment, they managed to crack the encryption. They needed to see the motherboard schematics first though.
OSX may not be quite that secure but ask yourself this: why is the %age of viruses, trojans and malware on Windows so much higher than their market share would predict?
He means as in over a 5% total share of computers in use Fnaar....
(random arbitary figure not reseacrhced in the slightest and really dont give a mokeys wether i am ~10% out, live with it its a message not a statement)
Just because there are alot of fanbois shouting and making much noise, does not mean they are the majority.
The "Windows has [INSERT VAST PERCENTAGE HERE] of the global PC market" is misleading. Apple don't give a shit about selling to corporates, so the vast majority of those Windows boxes are sitting unused in office buildings for the majority of each 24-hour day (and they get even less use over weekends). It also fails to take into account *notebooks*, which are often not included in these statistics.
Apple sell to the mid-range and high-end CONSUMER sectors. In that sector, Apple's market share is a bloody sight higher than you seem to think it is. Ask any developer who targets both platforms what the revenue split is between OS X and Windows sales. It's usually around 60:40 in favour of Windows, but a 50:50 split isn't unheard-of.
So no, Apple computers aren't a majority in the *overall* market, but then, FIAT has a tiny percentage of the *overall* road vehicle market too. Doesn't mean nobody owns a FIAT though.
If I'm a virus/trojan writer and I want to hit the most boxes I can, will I waste my time by writing a virus/trojan that will hit 5/6% of the market or will I go for the big MS shaped target? Until Macs reach a higher market share (and their market share is ever increasing) they will continue to be neglected by the vast majority of malware writers. Once Apple gobble up a bit more of the market you might just find that Macs aren't the "secure" boxes the fanbois keep telling themselves they are.
Oh and I think you'll probably find that those Windoze boxes just sitting in offices doing nothing for the majority of the 24 hour day will be doing a hell of a lot more in the 7-9 hours they are active than your average home PC will once the punter gets home from work.
Btw, I'm a Mac user, I just don't like this, "Macs are secure," bullshit. No computer system is secure, Macs are just targeted less.
for close to 10 years now, but I can remember virii on OS 8 and 9 :)
A mac is hackable, probably more than a Win7 box with all the doors locked, but outside of hacking contests I've never encountered any hacks on a mac. Why? I don't know, it could send as much spam as any windows box, or take part in a denial of service attack and so on. Either black hats are stupid or lazy :)
but I'm also a reasonably bright aware human being (cue comments about my debatable brightness if using a mac etc etc blah blah)
but I've been running AV on all macs in my household for quite some time.
It picks up loads of crapware too - mostly sent by my windows using friends
"It picks up loads of crapware too - mostly sent by my windows using friends"
Of course they would come from your windows using friends as probability alone dictates that with windows market share the majority of your friends will use windows.
Buying a Mac will not increase there IT literacy or IQ, as & when Macs get to 50% market share of the domestic market I guess 50% of your email with the usual unfunny and bandwidth wasting dross will come from a machine built by an Appleonian.
yet another example of sensationalsim over real world "truth"
As other posters have said, this isn't the first virus/trojan for MacOSX, but since the infection vector is virtually nil, and unless the fake program keeps itself up to date, the app will get overwritten the next time an iWork update is released.
Most of the people I know run Little Snitch, something like this won't get past it either.
Pretty shoddy, should have really gone for a much less obvious app like AdobeUpdater :p
@AC #5 it's not a virus, fw
There is a problem with the fanboi response that "you have to do something to install this, so it isn't a problem". The problem is that users are users the world over. It matters not what OS they use most users are dumb and install stuff that they shouldn't.
Are you sure you want to do this? Yes.
Are you really sure? Yes.
Please enter your password to continue. P455w0rd (and that's being generous, most lusers go for a much simpler password).
BANG!
I saw a users get one of the "reported attack site" messages on their browser the other day. "God, I hate that!" They said and then clicked through it. The majority of users just think this stuff is there to annoy them, they simply don't understand that it's there to protect them from the nasties of the net.
Equally I had an EU ask for access to a site that was being blocked by the web filter. I checked the website and pointed out that it was a phishing site. They replied that they still wanted it opening because they were following a link in an email from their bank. What can be done with these people?
..that kiddies don't really write like this now. It was bad enough when they stopped using full stops and capital letters, but this...please, just shoot me.
Yes, I know it's a joke - I just despair that I'll not be able to communicate with my daughter by a certain age (hers and mine) because she writes in some l33t/txt hybrid language...
Pah, humbug.
trojan ≠ virus
cant infect me unless i actually allow it by installing it with my password.
i wonder, are Mac users really just more intelligent than windows users and know that clicking 14 confirmation boxes in a row without reading them is just dumb.
Maybe that the new argument in future. OsX, Linux, Windows are all equally secure, just the users of windows are thicker. i'd buy that. !!!! ;-)
and cue the hounds...
Odd you say that, mine and my old man's did come with it, but when I installed 10.6 from scratch, iPhoto had magically vanished. So it only seems to come as a freebie when with the supplied O/S, the upgrade O/S disk, even though it can be installed from scratch, doesn't have some of the apps, you have buy i(have no)Life to get it again I think, or do a full path upgrade from your supplied disks.
Hence why some muppets may be downloading this crud, they had their new O/S installed, iphoto is missing and they have decided to downloaded it, or what they think is iPhoto.
"Odd you say that, mine and my old man's did come with it, but when I installed 10.6 from scratch, iPhoto had magically vanished."
iPhoto is not on the OSX install disc, it comes on the second DVD that you should have received with your Mac.
When a major new version is released you don't automatically get it for free. Sometimes you have to pay a crippling £60-70 for it and everything else that comes with iLife. So yes, some people may in fact be ignorant enough to download and install it.
But a virus this does not make...
Although I own a Mac I will repeatedly say I am no fanboy. My reasons are legit :P
As far as I know there is no virus for the Mac. There are trojans but they are different.
Virus - Self replicating/spreading no user input needed. e.g. "conficker"
Trojan - You need to be stupid
I will comfortably say myself that Macs don't get viruses or trojans. Although you can install a trojan yourself. The person STUPID enough to ever get this so called trojan on their Unix computer damn well deserves it for being STUPID enough to enter their password to install it. They also should think about never touching any piece of technology ever again until attending something called common sense for fear that it won't bend to their will. (read: break the damn thing)
And if only people RTFM sometimes
Authors: I know you have come to love the word fanboi, as a reference to Mac users, but really...does it have to appear in 80% of the Apple related articles?
Here's the thing: the word brings no technical or descriptive value to your writing. It has only one connotation, and that's a negative one, implying that somehow people are less intelligent or less capable of rational thought because they happen to like Apple products.
I don't necessarily believe that's your position as a technical news organization, but that's the impression you get when you lead off with a descriptor whose only purpose is to trivialize the opinion of an entire group of people - people who bear nothing in common except their choice of computer. Does that sound like good logic - or good reporting?
Interesting set of responses, mostly predictable.
The main theme is that you have to be an idiot to let this compromise your system with the implication that trojans / virii etc on Windows will attack you anyway. I beg to differ. All malware has an element of user error (loathe to call it stupidity when a teenager trades a bit of security for boobies...) and no operating system in general use is "inherently secure." (we can debate what that even means for hour after hour...)
I have had a windows based PC (obv different flavours) for the last 15 years and never to this date has one been infected with any malware other than a tracking cookie (that I know of, obviously).
I have had a *nix based PC for the same length of time (again many, many distros) and this has never been infected with malware.
I have never owned a Mac but I assume this would be the same.
This is not because one OS is more secure than the other, but as a sensible user I take precautions. I dont automatically assume my [mac/wintel/linux] computer is secure and I dont trust things I cant verify. Look at the recent black hat challenge - no one attempts the basic OSs when patched because its not worth the effort. Attack the applications.
I see that there are two other strands of defence Mac users have here: "Mac users are clever enough to not click on boxes" cough*bullshit*cough and "Trojan isnt a virus so nyeer, nyer."
Well if you seriously think either are valid, you've already failed.
'I see that there are two other strands of defence Mac users have here: "Mac users are clever enough to not click on boxes" cough*bullshit*cough and "Trojan isnt a virus so nyeer, nyer."'
I was going to go for the third strand of defence.
No known OSX virii in the wild - one trojan and it makes big news. This happens EVERY DAY on Windows and hardly raises an eyebrow...
Is that because trojans and malware are just a fact of life on Windows...?
Considering one can essentially disprove security through obscurity by comparing Mac, Linux, & Windows marketshare and malware statistics, it amuses me how often this argument is used. There is simply no proportional link between marketshare and malware direct or exponential.
That said have no protection is stupid. So is getting software from non trusted sources. So is thinking ANY OS or anti-malware software can prevent a virus from infecting an idiot. Most Mac and PC power users run at least some sort of rudimentary protection. In this case, it's also a pirated fake piece of software which poses as a low cost piece of software that comes with new systems.
In my case I've have few malware infections on my Windows computers and if you count Norton, one on my Mac.
"Considering one can essentially disprove security through obscurity"
[pedantic] Security through obscurity is a term that applies to closed source environments (e.g. Windows). I think you mean security through minority, where the market share isn't worth targetting with malware.
http://en.wikipedia.org/wiki/Security_through_obscurity [/pedantic]
"While Intego has not found any instances of Macs being infected by this in the wild, the fact that this malware is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs. "
So. IF somebody can find a way to get Mac OS-X to install this without user interaction, we might have problem.
Okay. Thanks for letting me know.
That explains why there's so many cases of this infection in the wild then.
Oh no, wait, that's not right is it...
Granted, user interaction is a sizeable attack vector, but usually that comes in an executable file disguised as something else. On OS-X nobody has yet been able to disguise an installer as anything other than an installer so far, so you'd have to be CATASTROPHICALLY stupid to install this file.
This exploit is nothing more than proof of concept as yet: it doesn't have an attack vector yet, sp it is NOT a virus, or even a trojan!
Without questin some the absolute stupidest dipshits I have had to deal with own macs far to many "macs don't break, they just work, it can be my computer its a MAC!!!!" etc.
Granted more dim windows users, but the mac fuckwits tend to be really fucking stupid.
Mac fuckwits!=not all mac users...
So this will happen to users who download an illegal copy of software which is already installed on every mac. And yes is included on your discs when you reinstall. And even if you can't find that disc apple will send you a replacement for a nominal fee. I'd like to think that the majority of people run normal legal software.
Then the small group that doesn't, well if you do run illegal software you really should know what you are doing. And having little snitch installed for
that group is absolutely essential to stop apps phoning home. So yes I do think it is a valid point that you have to be stupid to keep running this after you installed it. And for incoming connections there is the built in firewall which is switched on by default.
But what's makes me most skeptical is that iirc intego was part of a macheist even which included a one year subscription. That subscription is running out next month. A scare might get quite a few customers convert to becomming a paid customer for another year ;-) cynical moi no!
Needing an antivirus app to detect and remove? Come on just drag it to the trash.
I run AVG Free and Spy Bot Search and Destroy Free that update every week and run a scan every week. I haven't picked up a virus in 5 years and the only time I do get warnings is if I download some dodgy key gen or game crack and then the programs wont allow me to install it without going past a "THIS IS A VIRUS" screen. Now this is with both XP and Windows 7 so my question is how many people here have been compromised by a real virus and not just a trojan in the last 5 years? Seems to me like virus threats are just something apple uses to scare people into buying their expensive rubbish.