back to article Mac Trojan uses Windows backdoor code

Miscreants have adapted a Windows Trojan in an attempt to create malware that established a backdoor on Macs, as part of an apparent bid to drum up commercial interest for their dastardly wares. MusMinim (dubbed BlackHole RAT by its nefarious author) is a variant of a strain of Windows Trojan called darkComet. Net security …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Grenade

    hahahaha

    it's almost like Macs are now proper computers

    1. Lionel Baden
      Pint

      BWAAAAAAA

      I still cant stop laughing !!!!!

      Oh thank you ..........

      We need a WIN icon

      *have a beer on me

      1. mrweekender
        FAIL

        @Lionel

        How can it be a win? Surely a system breach of any kind that allows scumbags to access private data is a fail for all decent people, regardless of operating system? Have you heard of the phrase "have a day off you bell end"?

        1. Lionel Baden
          FAIL

          errr

          Win icon for the comment.

          *fail for obvious reasons !! :P ;)

        2. Anonymous Coward
          Thumb Up

          Did it hurt

          when your sense of humour was surgically removed? I assume that's what happened, can't think of any other reasonable explanation for such a complete and obvious lack...

        3. Ammaross Danan
          Coat

          @mrweekender

          "How can it be a win? Surely a system breach of any kind that allows scumbags to access private data is a fail for all decent people, regardless of operating system? Have you heard of the phrase "have a day off you bell end"?"

          It's a win because it points out the need for security software for ALL operating systems, not "just Windows." Mac users have spouted (somewhat correctly) for many years that "Macs don't have viruses" and that "Antivirus software is useless" for them. Now we're approaching an era where Mac users will have to make the paradigm shift into knowing they need security products to prevent crap like this from getting on their system. The only trouble now will be re-brainwashing the fruit-bearing mass(es) into being security conscious, and then have Apple be able to explain to them why their system now runs slow and occasionally doesn't work right....

  2. Blofeld's Cat
    Troll

    EULA

    "I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. "

    Sounds like Apple's standard terms and conditions to me.

  3. James O'Shea Silver badge
    Jobs Halo

    and it's _another_ Trojan

    Once again, the limitations of malware on Macs are exposed. Almost all of the existing malware examples are Trojans. you have to actively hunt 'em down. There are Trojans which pretend to be installers for, among other things, MS Office, Adobe CS, and Apple iLife. And, oh, yes, there's the Trojan which pretends to install 'codecs' so that the twit targeted can watch particularly nasty porn. If you're not a freetard or a pornhound you're nearly 100% safe, 'cause the only way you'd get nailed by one of the existing Trojans would be if somehow it got uploaded to a legitimate site.

    Wake me up when there's a real threat.

    1. The Fuzzy Wotnot
      Stop

      Nice complacent attittude

      I moved from Windows to Mac about 3 years ago and I tell you this my fine self-assured friend, the Windows security attitude never leaves you and keeps you on your toes 'cos every bastard on the planet wants your bank account/Amazon login details.

      I am not paranoid, I know they're out to get me, so I err on the side of caution to be safe!

      1. James O'Shea Silver badge

        it's just the facts

        I was using Macs when there _was_ a real malware threat, when you _had_ to have applications like Disinfectant and Virex. It's a simple fact: there is, at this time, no significant threat. It's that simple: THERE IS, AT THIS TIME, NO SIGNIFICANT THREAT. If you don't try to liberate software in violation of the license or you don't want to view certain types of porn (which are, in any case, illegal to have in the UK...) you have very little to worry about. Some people may not like this. Tough. Facts are facts.

        Now, it might be that _sometime in the future_ there may be a malware environment similar to that currently 'enjoyed' by Windows users, but _right now_ this is not the case... and this Trojan will do very little to change it, 'cause it's a _Trojan_! You must seek it out, download it, and run it, and each step requires that you take active steps to enable it! As I don't chase extreme porn and I don't do torrents or warez, the odds of my getting a Trojan are extremely low... and my sympathy for those who do get caught by 'em is even lower.

        1. Ammaross Danan
          FAIL

          @the "It's a _TROJAN_" 'tards

          Yes, it's a Trojan. However, you don't need to download warez or p0rn to get infected. There's plenty of sites out there that attempt to infect Windows users by landing them on a fake My Computer antivirus scan page. When you try to click on anything, or close the browser, etc, you get an auto-downloaded .exe asking if you want to run it. Unfortunately, most computer Sheeple click "yes" and then MS tries to hold their hand and ask AGAIN if they're sure they know who sent them the .exe and that they shouldn't run it otherwise, and they hit "yes" again. Boom. Infected. They now have a Trojan. Yep, a trojan. It's even classified as a trojan. Why? It poses as something it's not (AV software in this case). Not warez or p0rn; security software.

          Now, apply this scenario to Apple users who get a page that, instead of blindly throwing them onto a Windows landing page, actually uses the User-Agent meta data of their GET request and lands them on a Safari-targeting page and pops up with the Mac equiv? Perhaps even a warning: "OSX has been the target of many new virus threats that the general public has been largely unware of. Clean your computer now! Click here to remove these viruses"

          Apple users are Sheeple too.

          1. Anonymous Coward
            Anonymous Coward

            Eh?

            So your point is that all systems are vulnerable to stupid users. Yes, we know this. Some systems are vulnerable to a hell of a lot more than that. Can you wrap your mind round that?

            I can be trained to be very suspicious of web pages that ask me to install things, and therefore lead a more secure life. Or I can use Windows and be infected just by visiting a site. Ah, Windows, the OS that actively trains its users to click OK.

            Just because I'm gonna die sometime, doesn't mean I'm gonna ride your momma bareback.

            1. James O'Shea Silver badge
              Troll

              the hater's problem

              is that they think that everyone is as stupid as they are. Some of us have Macs, which we use for many tasks they are suited for... such as cruising on the Internet. Some of us also have Windows boxes, which we keep locked up tight with lots of AV 'cause we _know_ that there's bad buys out there, and which, when we use them on the Internet, we restrict our travels to a few limited sites and never, ever, do anything anywhere near our bank accounts or credit cards with 'em 'cause we _know_ that they're bloody sieves. Some of us even have a few machines with Linux on 'em (a very few machines) which we mostly use to play around with, 'cause, well, the only thing that penguins are good for is to feed leopard seals. <http://photography.nationalgeographic.com/photography/photo-of-the-day/leopard-seal-penguin.html>

          2. James O'Shea Silver badge
            Jobs Halo

            we know

            And we find it vastly amusing when we go to one of those sites and it pops up a _Windows_ dialogue box telling us that we may have been infected by up to 66 viruses, naming them, and several of said viruses have 'Win' in their names. And it's even more amusing when they try to download an EXE file onto the Mac... which can't run EXE files. And assuming that they figure out that it's a Mac and download a APP file instead... well, the first time it runs it _still_ has to get permission! And it can't bloody install without someone entering an _admin_ password, even if you're cruising around using an admin account! Only a complete idiot installs stuff he knows nothing about from a random site, so again I have very little sympathy for anyone who gets caught by that! It's _hard_ for malware to be installed on a Mac! You no like it? Tough.

            Still smug after all these years.

      2. Anonymous Coward
        Thumb Down

        That's because you used Windows

        for too long! I don't understand why you moved to Mac if not for increased security.

  4. Anonymous Coward
    Jobs Horns

    Nice try apple.

    "Make sure you buy everything from the app store otherwise you might get a trojan, like this one we made earlier."

  5. Anonymous Coward
    Grenade

    Shop Safely

    To quote the Author:

    "Sophos, which has added detection for the malware, said that once fully developed the malware may be disguised as pirate software or games downloads and distributed through wares portal or torrent downloads"

    Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs

    I don't forsesee this being a crises at all, shop safely for your sofware and applications and you'll probably be fine.

    Download from any Torrent and you'll be at risk, as Windows users have known for years..

    Of course the Apple Hate Club will be lining up to take a stab at Apple over this as it's probably the best news the Anti Apple Establishment have had since "Antennagate"

    No I am not a FanBoi, I am a realist...

    1. dr2chase

      You haven't met my kids, have you?

      Fortunately, still on G4 and G5-vintage boxes, but that won't last forever. We fanbois have been lucky so far, but our luck won't last forever.

      1. Anonymous Coward
        Anonymous Coward

        @dr2chase

        Erm... and you give your kids non-admin accounts don't you?

        In which case - no worries.

    2. Lionel Baden

      yes your right

      Im full of giggles on this one.

      you say "this is the best news for MS fanboi's since antennagate"

      you make that sound like it was a long time ago. It wasn't

    3. Ammaross Danan
      FAIL

      @AC "Shop Safely"

      "Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs"

      So, what you're saying is that "most Mac users [you've] come across" pay a huge market for cobbled hardware and do nothing more than use it as a $300 netbook?

    4. Anonymous Coward
      Thumb Down

      @AC "Shop Safely"

      I don't mean to be rude, but you've not been anywhere near a university in a sysadmin role from what you say. And I'm not just talking about students either - there are plenty of filthy little warezmonkeys using Fruitmachines as their favoured computing platform, and they will be the ones who get caught by stuff like this.

      (I'm pretty sure the software procurement team at the university I work for is aware of this, since they've made a point of ensuring we have a campus licence for Mac AV software...)

  6. Adrian Challinor
    WTF?

    odd message seems to be targeted at potential buyers of the malware

    What, people BUY malware?

    1. The Fuzzy Wotnot
      Happy

      Speculate to accumulate!

      $15k up front for a package and next thing you have access to a few hundred bank accounts. You get a lot more in return than your initial small investment, of course there's the threat of serious jail time, but hey-ho you can't make an omelette with breaking eggs!

      1. TakeTheSkyRoad

        Title

        Don't forget the "antivirus" malware that pushes duff virus protection on you for a fee which is usually a more serious trojan than the initial infection.... you not only pay for the malware but download and install it yourself !

        Also possible but unusual is the malare that blackmails you and presents you with the option of paying a free to gain acess to your comp/files again.

        How the reg has educated me :)

    2. Dave Cradle

      Yes, they do.

      It's a very profitable business. You buy your template malware, customise it to your needs (sending credentials, card details, etc, to your own server) and then release it.

      This business model allows criminally minded people with only limited technical know-how to prey on the general public.

  7. CDPlant

    Damn

    Has this started to be distributed around? I'm fairly sure that I put in my password for something that didn't usually need one the other day...... I'm probably just being paranoid

    1. Anonymous Coward
      Grenade

      Paranoid?

      Naw, you ARE SCREWED.

  8. Captain Scarlet
    Coffee/keyboard

    odd screenshots

    It clearly states in one of them "Do NOT use for illegal purpose"

    On http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-in-beta/ at the bottom

    1. Ef'd
      IT Angle

      Two things to consider

      1. If it's not complete, the author doesn't want to risk it being caught before it's even finished.

      2. The author may think a disclaimer like that will cover his ass.

  9. morphoyle

    No Surprises

    People in the security industry have known for a long time that Macs are actually LESS secure than Windows boxes. Apple has a serious issue regarding timely patches. Since OSX is basically unix, it is affected by many holes that also affect unix. The big difference is that Apple takes months and months to patch KNOWN vulnerabilities, where other OS vendors can get this done in a matter of days, especially if it is a major hole. Heck, the first machine cracked at the last pwn2own was a mac. The days of security through obscurity better come to an end for Apple, if they want to be taken seriously.

    1. Anonymous Coward
      Stop

      Are you joking?

      OS vendors patching in a matter of days ? Outside of regular monthly patching cycle ? That must not be Microsoft then but which other OS vendor might have that many serious vulnerabilities ?

    2. Eponymous Howard
      FAIL

      And yet, oddly...

      ...the absence of "timely" patches doesn't seem to be causing problems.

      Because it is a false metric used by those trying to drum up trade - with increasing desperation.

    3. Eponymous Howard
      Troll

      dear sweet Jeebus...

      ...I hadn't even noticed that you used pose2own as "evidence".

    4. Goat Jam

      pwn2own

      Ummm, not to burst your bubble or anything, but I'm pretty sure that both the machines that were breached were attacked through a vuln in Adobe Flash.

      But I could be wrong of course.

  10. Anonymous Coward
    Anonymous Coward

    Huh ?

    "S!ince OSX is basically unix, it is affected by many holes that also affect unix."

    Basically ? OS X is certified Unix (TM)

    Which holes are you talking about ?

    1. Anonymous Coward
      Troll

      "Which holes are you talking about ?"

      Well, if it's OS X he's probably talking about 'ass holes' that use it.

      1. Anonymous Coward
        Gates Horns

        What?

        Said the drone with the Redmond tee-shirt and his pirated copy of Windows 7 - or Mac OS 10.1, as us adults know it.

  11. Badwolf

    Abort / Retry / Fail

    Nice to see the Wintards out in such numbers today - Yawn

  12. blodwyn

    Trojans are not viruses

    There isn't an OS on the planet that is secure from Trojans. As long as you can trick a user into authorizing a piece of malware, then you're off to the races. UNIX and Linux systems will want a root password to run anything that infects system files, if you enter the password then you're gullible or stupid. Viruses will infect without user authorization. Unix and Linux systems have never really been troubled by viruses because of the need for root passwords to do any damage, and later versions of Windows are also trouble free providing they're kept patched. Trojans are a problem for everyone.

    1. Anonymous Coward
      FAIL

      Unix never troubled by malware?

      You've apparently never heard of the Morris worm, or privilege escalation bugs in the Linux kernel, among other avenues of attack that have been discovered over the (many, many) years.

  13. markusgarvey
    Big Brother

    hahahaha...

    all your app's are belong to us...

  14. Eponymous Howard
    Stop

    Ah...

    Sophos has issued it's quarterly "Oh Noes! The End of the WORLD is coming for Mac users" press release, I see.

  15. Anonymous Coward
    Jobs Horns

    Fucking brilliant!

    We should have realized! It doesn't matter how secure the OS is! All we have to do is trick the naive, trusting users into typing their admin pw... muahahaHAHAHA

  16. Sean Baggaley 1
    FAIL

    All hail ClamXAV 2.

    I have had the misfortune to use your "software". I have also had the misfortune to use that of some of your commercial rivals, both on Windows and—when checking out the options—on OS X.

    Your software, without exception, did more harm to my computer's performance and usability than any bloody Trojan could hope to do. And you guys want to get *paid* for it too?

    Frankly, I'd rather have the trojans.

    I then tried ClamXAV 2, which is free. (ClamAV is even bundled in OS X Server). It also takes a refreshing "just do your job and shut the f*ck up" approach to its design, and eschews the tiresome "OH NO! THE SKY IS GOING TO FALL ON YOUR HEADS IF YOU DON'T BUY OUR SECURITY SOFTWARE NOW!" spamvertorials such as that covered in this very article.

    (Of course, not being an ignorant computer user, I've never been hit by a virus or trojan on Windows, let alone my Mac. The last time I was hit by a virus was when "ST Format" magazine managed to slip one onto their cover disk!)

    Yours,

    Me.

  17. raving angry loony

    Virus? No. Malware? Yes.

    Yes, it's malware. Macs have never been free of malware. Hell, there have been trojans for the Mac since forever. It's why I run stuff like ClamX. Mainly on new downloads.

    Is it, however, a self-propagating virus? Nope, it's yet another trojan. Like all trojans, it requires user intervention to install.

    Call me when there's a self-propagating virus that doesn't require user intervention to install. THAT would be big news. So far, it's not news I've heard. Will we ever hear it? Oh, probably. But it will be very loud news. If nothing else, the jealous Microsoft shills will make sure everyone hears about it, since they're fighting what, tens of thousands of self-propagating viruses at the moment?

    Not including the trojans.

    Until then, El Reg, how about less American (or Australian) style fear mongering and yellow journalism and more staid, British stoicism, accurate reporting, and stiff upper lips. Thank you.

    1. ElReg!comments!Pierre
      FAIL

      Nice shill mate

      Never mind that I haven't seen a self-propagating virus on any of the machines that I administer in the past 10 years or so. Trojans and spyware, yes. Proper viruses, no. And that includes quite a few windows boxen.

      I'm tired of hearing fanbois raving about "not a virus so not a problem" all the time. Self-propagating, disk-destroying viruses are largely a thing of the past. Modern VXers are out to hoard bots, not to wipe your data, and they use trojans and social engineering. Yes, that require user interaction, even on windows (except if you can smuggle it through insecure channels like FireWire or Thunderbolt... hint hint).

      Not saying that the threat level is very high on MacOS just yet, but the "it's not a virus so not a problem" attitude is just plain ridiculous.

  18. Anonymous Coward
    Jobs Horns

    not surprising

    It's not surprising there's not many viruses for Macs.

    There aren't very many Macs, and even less software for them, so why should viruses be any different.

    People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!". Of course, people who actually have work to do that does not involve being called 'Jeremy', having a Hoxton fin and talking about 'getting a brand to re-engage with its core demographic' choose something based on cold hard facts. If Macs were so great, how come the majority of Fortune 500 companies seem not to have come to the conclusion that they're worth basing their business on and continue to use Windows?

    Securing any platform is all about setting it up correctly, administering it correctly and training users not to be idiots.

    Steve Jobs with horns because there is not a picture of a fanboi with the horn looking at Steve Jobs.

  19. Alexis Vallance
    FAIL

    @ cap'n

    "People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!"

    The thing is though, it seems I am considerably richer than you.

    As for Fortune 500 companies, nobody is going to sign off $100,000 of kit when you can get cheap PCs for nowt. You'd also need new staff who are trained in how to use OS X. Where are you going to find them?

    By your logic, you'd have to say Rolls Royces were crap because DHL don't use them for deliveries.

  20. Adam Trickett
    Linux

    All software has bugs...

    Repeat after me: ALL SOFTWARE HAS BUGS!

    Apple and Linux has less of a problem because it is easier to pick on Windows but that does not mean that Apple, Linux, VAX, Android or any other non Windows OS is invulnerable.

    Repeat after me: MANY USERS HAVE NO IDEA!

    If you don't know what you are doing - and many people clearly do not - then you can seriously get yourself into a mess.

    Repeat after me: FOLLOW THE MONEY!

    There is a lot of money to be made from stealing bank details, so it's hardly surprising that someone would have a go at Macs.

  21. Giles Jones Gold badge

    Anything is possible as 'root'.

    Nobody has said such things aren't possible on a Mac. But any dialog designed to popup and ask for user credentials is going to fool some people.

    The fact that they have had to resort to this sort of trick shows that they require privilege escalation to do bad things on the OS.

    OSX and Windows do the escalation thing differently. On OSX it asks for a password, on Vista, 2008 and 7 it is a simple Yes or No answer.

    Both methods have merits and weaknesses. I'm sure you can simulate both, but on Windows you wouldn't gain any information like a password. But on the other hand, the security model on OSX can't be deactivated like it can on Windows (UAC can be disabled).

    Most Linux desktops also ask for a password, but some are using sudo instead of su.

    1. Patorian
      Stop

      Re: Anything is possible as 'root'.

      > OSX and Windows do the escalation thing differently.

      > On OSX it asks for a password, on Vista, 2008 and 7 it is a simple Yes or No answer.

      If you are running using an administrator account on Windows this is true. But if you run a standard user account, you have to give an administrator account name and password ..... I looks to me that the systems are very much alike ....

  22. rciafardone
    Grenade

    Just go Ubuntu Linux!

    Then you will be able to whatever you want, cause virus on Linux ARE HARD TO MAKE! how hard? Check this: http://en.wikipedia.org/wiki/Linux_malware

    Even you you can make it it will not live long, cause open source is a bitch for holes :P

This topic is closed for new posts.

Other stories you might like