hahahaha
it's almost like Macs are now proper computers
Miscreants have adapted a Windows Trojan in an attempt to create malware that established a backdoor on Macs, as part of an apparent bid to drum up commercial interest for their dastardly wares. MusMinim (dubbed BlackHole RAT by its nefarious author) is a variant of a strain of Windows Trojan called darkComet. Net security …
"How can it be a win? Surely a system breach of any kind that allows scumbags to access private data is a fail for all decent people, regardless of operating system? Have you heard of the phrase "have a day off you bell end"?"
It's a win because it points out the need for security software for ALL operating systems, not "just Windows." Mac users have spouted (somewhat correctly) for many years that "Macs don't have viruses" and that "Antivirus software is useless" for them. Now we're approaching an era where Mac users will have to make the paradigm shift into knowing they need security products to prevent crap like this from getting on their system. The only trouble now will be re-brainwashing the fruit-bearing mass(es) into being security conscious, and then have Apple be able to explain to them why their system now runs slow and occasionally doesn't work right....
Once again, the limitations of malware on Macs are exposed. Almost all of the existing malware examples are Trojans. you have to actively hunt 'em down. There are Trojans which pretend to be installers for, among other things, MS Office, Adobe CS, and Apple iLife. And, oh, yes, there's the Trojan which pretends to install 'codecs' so that the twit targeted can watch particularly nasty porn. If you're not a freetard or a pornhound you're nearly 100% safe, 'cause the only way you'd get nailed by one of the existing Trojans would be if somehow it got uploaded to a legitimate site.
Wake me up when there's a real threat.
I moved from Windows to Mac about 3 years ago and I tell you this my fine self-assured friend, the Windows security attitude never leaves you and keeps you on your toes 'cos every bastard on the planet wants your bank account/Amazon login details.
I am not paranoid, I know they're out to get me, so I err on the side of caution to be safe!
I was using Macs when there _was_ a real malware threat, when you _had_ to have applications like Disinfectant and Virex. It's a simple fact: there is, at this time, no significant threat. It's that simple: THERE IS, AT THIS TIME, NO SIGNIFICANT THREAT. If you don't try to liberate software in violation of the license or you don't want to view certain types of porn (which are, in any case, illegal to have in the UK...) you have very little to worry about. Some people may not like this. Tough. Facts are facts.
Now, it might be that _sometime in the future_ there may be a malware environment similar to that currently 'enjoyed' by Windows users, but _right now_ this is not the case... and this Trojan will do very little to change it, 'cause it's a _Trojan_! You must seek it out, download it, and run it, and each step requires that you take active steps to enable it! As I don't chase extreme porn and I don't do torrents or warez, the odds of my getting a Trojan are extremely low... and my sympathy for those who do get caught by 'em is even lower.
Yes, it's a Trojan. However, you don't need to download warez or p0rn to get infected. There's plenty of sites out there that attempt to infect Windows users by landing them on a fake My Computer antivirus scan page. When you try to click on anything, or close the browser, etc, you get an auto-downloaded .exe asking if you want to run it. Unfortunately, most computer Sheeple click "yes" and then MS tries to hold their hand and ask AGAIN if they're sure they know who sent them the .exe and that they shouldn't run it otherwise, and they hit "yes" again. Boom. Infected. They now have a Trojan. Yep, a trojan. It's even classified as a trojan. Why? It poses as something it's not (AV software in this case). Not warez or p0rn; security software.
Now, apply this scenario to Apple users who get a page that, instead of blindly throwing them onto a Windows landing page, actually uses the User-Agent meta data of their GET request and lands them on a Safari-targeting page and pops up with the Mac equiv? Perhaps even a warning: "OSX has been the target of many new virus threats that the general public has been largely unware of. Clean your computer now! Click here to remove these viruses"
Apple users are Sheeple too.
So your point is that all systems are vulnerable to stupid users. Yes, we know this. Some systems are vulnerable to a hell of a lot more than that. Can you wrap your mind round that?
I can be trained to be very suspicious of web pages that ask me to install things, and therefore lead a more secure life. Or I can use Windows and be infected just by visiting a site. Ah, Windows, the OS that actively trains its users to click OK.
Just because I'm gonna die sometime, doesn't mean I'm gonna ride your momma bareback.
is that they think that everyone is as stupid as they are. Some of us have Macs, which we use for many tasks they are suited for... such as cruising on the Internet. Some of us also have Windows boxes, which we keep locked up tight with lots of AV 'cause we _know_ that there's bad buys out there, and which, when we use them on the Internet, we restrict our travels to a few limited sites and never, ever, do anything anywhere near our bank accounts or credit cards with 'em 'cause we _know_ that they're bloody sieves. Some of us even have a few machines with Linux on 'em (a very few machines) which we mostly use to play around with, 'cause, well, the only thing that penguins are good for is to feed leopard seals. <http://photography.nationalgeographic.com/photography/photo-of-the-day/leopard-seal-penguin.html>
And we find it vastly amusing when we go to one of those sites and it pops up a _Windows_ dialogue box telling us that we may have been infected by up to 66 viruses, naming them, and several of said viruses have 'Win' in their names. And it's even more amusing when they try to download an EXE file onto the Mac... which can't run EXE files. And assuming that they figure out that it's a Mac and download a APP file instead... well, the first time it runs it _still_ has to get permission! And it can't bloody install without someone entering an _admin_ password, even if you're cruising around using an admin account! Only a complete idiot installs stuff he knows nothing about from a random site, so again I have very little sympathy for anyone who gets caught by that! It's _hard_ for malware to be installed on a Mac! You no like it? Tough.
Still smug after all these years.
To quote the Author:
"Sophos, which has added detection for the malware, said that once fully developed the malware may be disguised as pirate software or games downloads and distributed through wares portal or torrent downloads"
Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs
I don't forsesee this being a crises at all, shop safely for your sofware and applications and you'll probably be fine.
Download from any Torrent and you'll be at risk, as Windows users have known for years..
Of course the Apple Hate Club will be lining up to take a stab at Apple over this as it's probably the best news the Anti Apple Establishment have had since "Antennagate"
No I am not a FanBoi, I am a realist...
"Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs"
So, what you're saying is that "most Mac users [you've] come across" pay a huge market for cobbled hardware and do nothing more than use it as a $300 netbook?
I don't mean to be rude, but you've not been anywhere near a university in a sysadmin role from what you say. And I'm not just talking about students either - there are plenty of filthy little warezmonkeys using Fruitmachines as their favoured computing platform, and they will be the ones who get caught by stuff like this.
(I'm pretty sure the software procurement team at the university I work for is aware of this, since they've made a point of ensuring we have a campus licence for Mac AV software...)
Don't forget the "antivirus" malware that pushes duff virus protection on you for a fee which is usually a more serious trojan than the initial infection.... you not only pay for the malware but download and install it yourself !
Also possible but unusual is the malare that blackmails you and presents you with the option of paying a free to gain acess to your comp/files again.
How the reg has educated me :)
It's a very profitable business. You buy your template malware, customise it to your needs (sending credentials, card details, etc, to your own server) and then release it.
This business model allows criminally minded people with only limited technical know-how to prey on the general public.
People in the security industry have known for a long time that Macs are actually LESS secure than Windows boxes. Apple has a serious issue regarding timely patches. Since OSX is basically unix, it is affected by many holes that also affect unix. The big difference is that Apple takes months and months to patch KNOWN vulnerabilities, where other OS vendors can get this done in a matter of days, especially if it is a major hole. Heck, the first machine cracked at the last pwn2own was a mac. The days of security through obscurity better come to an end for Apple, if they want to be taken seriously.
There isn't an OS on the planet that is secure from Trojans. As long as you can trick a user into authorizing a piece of malware, then you're off to the races. UNIX and Linux systems will want a root password to run anything that infects system files, if you enter the password then you're gullible or stupid. Viruses will infect without user authorization. Unix and Linux systems have never really been troubled by viruses because of the need for root passwords to do any damage, and later versions of Windows are also trouble free providing they're kept patched. Trojans are a problem for everyone.
I have had the misfortune to use your "software". I have also had the misfortune to use that of some of your commercial rivals, both on Windows and—when checking out the options—on OS X.
Your software, without exception, did more harm to my computer's performance and usability than any bloody Trojan could hope to do. And you guys want to get *paid* for it too?
Frankly, I'd rather have the trojans.
I then tried ClamXAV 2, which is free. (ClamAV is even bundled in OS X Server). It also takes a refreshing "just do your job and shut the f*ck up" approach to its design, and eschews the tiresome "OH NO! THE SKY IS GOING TO FALL ON YOUR HEADS IF YOU DON'T BUY OUR SECURITY SOFTWARE NOW!" spamvertorials such as that covered in this very article.
(Of course, not being an ignorant computer user, I've never been hit by a virus or trojan on Windows, let alone my Mac. The last time I was hit by a virus was when "ST Format" magazine managed to slip one onto their cover disk!)
Yours,
Me.
Yes, it's malware. Macs have never been free of malware. Hell, there have been trojans for the Mac since forever. It's why I run stuff like ClamX. Mainly on new downloads.
Is it, however, a self-propagating virus? Nope, it's yet another trojan. Like all trojans, it requires user intervention to install.
Call me when there's a self-propagating virus that doesn't require user intervention to install. THAT would be big news. So far, it's not news I've heard. Will we ever hear it? Oh, probably. But it will be very loud news. If nothing else, the jealous Microsoft shills will make sure everyone hears about it, since they're fighting what, tens of thousands of self-propagating viruses at the moment?
Not including the trojans.
Until then, El Reg, how about less American (or Australian) style fear mongering and yellow journalism and more staid, British stoicism, accurate reporting, and stiff upper lips. Thank you.
Never mind that I haven't seen a self-propagating virus on any of the machines that I administer in the past 10 years or so. Trojans and spyware, yes. Proper viruses, no. And that includes quite a few windows boxen.
I'm tired of hearing fanbois raving about "not a virus so not a problem" all the time. Self-propagating, disk-destroying viruses are largely a thing of the past. Modern VXers are out to hoard bots, not to wipe your data, and they use trojans and social engineering. Yes, that require user interaction, even on windows (except if you can smuggle it through insecure channels like FireWire or Thunderbolt... hint hint).
Not saying that the threat level is very high on MacOS just yet, but the "it's not a virus so not a problem" attitude is just plain ridiculous.
It's not surprising there's not many viruses for Macs.
There aren't very many Macs, and even less software for them, so why should viruses be any different.
People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!". Of course, people who actually have work to do that does not involve being called 'Jeremy', having a Hoxton fin and talking about 'getting a brand to re-engage with its core demographic' choose something based on cold hard facts. If Macs were so great, how come the majority of Fortune 500 companies seem not to have come to the conclusion that they're worth basing their business on and continue to use Windows?
Securing any platform is all about setting it up correctly, administering it correctly and training users not to be idiots.
Steve Jobs with horns because there is not a picture of a fanboi with the horn looking at Steve Jobs.
"People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!"
The thing is though, it seems I am considerably richer than you.
As for Fortune 500 companies, nobody is going to sign off $100,000 of kit when you can get cheap PCs for nowt. You'd also need new staff who are trained in how to use OS X. Where are you going to find them?
By your logic, you'd have to say Rolls Royces were crap because DHL don't use them for deliveries.
Repeat after me: ALL SOFTWARE HAS BUGS!
Apple and Linux has less of a problem because it is easier to pick on Windows but that does not mean that Apple, Linux, VAX, Android or any other non Windows OS is invulnerable.
Repeat after me: MANY USERS HAVE NO IDEA!
If you don't know what you are doing - and many people clearly do not - then you can seriously get yourself into a mess.
Repeat after me: FOLLOW THE MONEY!
There is a lot of money to be made from stealing bank details, so it's hardly surprising that someone would have a go at Macs.
Nobody has said such things aren't possible on a Mac. But any dialog designed to popup and ask for user credentials is going to fool some people.
The fact that they have had to resort to this sort of trick shows that they require privilege escalation to do bad things on the OS.
OSX and Windows do the escalation thing differently. On OSX it asks for a password, on Vista, 2008 and 7 it is a simple Yes or No answer.
Both methods have merits and weaknesses. I'm sure you can simulate both, but on Windows you wouldn't gain any information like a password. But on the other hand, the security model on OSX can't be deactivated like it can on Windows (UAC can be disabled).
Most Linux desktops also ask for a password, but some are using sudo instead of su.
> OSX and Windows do the escalation thing differently.
> On OSX it asks for a password, on Vista, 2008 and 7 it is a simple Yes or No answer.
If you are running using an administrator account on Windows this is true. But if you run a standard user account, you have to give an administrator account name and password ..... I looks to me that the systems are very much alike ....