×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MacControl Trojan Being Used In Targeted Attacks Against OS X Users

Soulskill posted about 2 years ago | from the thanks-for-waiting-so-patiently dept.

Security 187

Trailrunner7 writes "Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers have now taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in the Windows world. Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

187 comments

Microsoft (: (5, Interesting)

Anonymous Coward | about 2 years ago | (#39501987)

Now how cool is that. A new threat is found for the Mac platform and it's in a Microsoft product of course.
It's an improvement on the previous round, though. Last time it was about malware that required you to actually install it :D

Re:Microsoft (: (-1)

Anonymous Coward | about 2 years ago | (#39502361)

it's in a Microsoft product of course.

For the good of humanity, the US DoJ needs to split Microsoft up, strip them of their patents and force them to abandon their proprietary formats and APIs. The world needs interoperability, not lock-in,

Re:Microsoft (: (4, Interesting)

Grishnakh (216268) | about 2 years ago | (#39502433)

Since when was the US Government in the business of doing things for the good of humanity?

Re:Microsoft (: (1)

segfault7375 (135849) | about 2 years ago | (#39503815)

Whistler: I want peace on earth and goodwill toward men.
Bernard Abbott: We are the United States Government! We don't do that sort of thing.
Martin Bishop: You're just gonna have to try.
Bernard Abbott: All right, I'll see what I can do.
Whistler: Thank you very much. That's all I ask.

Re:Microsoft (: (5, Insightful)

recoiledsnake (879048) | about 2 years ago | (#39502703)

Now how cool is that. A new threat is found for the Mac platform and it's in a Microsoft product of course.
It's an improvement on the previous round, though. Last time it was about malware that required you to actually install it :D

However, it's an interesting counter-point to the commenters who regularly comment(and get modded up to 11) "How about MS fix security in Windows instead of taking down botnets/shipping antivirus etc.). There is no way to secure an OS from application exploits short of iOS style lockdown, which these very commenters would slag as "TAKING AWAY MY FREEEDOMZZZ". Sorry, but blaming Windows holes has become passe, especially after malware for OS X and Android(run on a Linux kernel which we are told is secure compared to Windows) has come out.

Re:Microsoft (: (4, Insightful)

Nerdfest (867930) | about 2 years ago | (#39503063)

An iOS style lock-down wouldn't help. It could just as easily been another piece of software, they tend to pick those that are widely deployed.

Re:Microsoft (: (0)

Anonymous Coward | about 2 years ago | (#39504175)

The new "gatekeeper" feature would be able to lock down MS Word and the worst that could happen is your documents folder is wiped. But since MS Word would never appear on the Mac App Store users would have installed it with unsigned access. Which would only affect their home directory unless they run as Admin.

Re:Microsoft (: (1)

mspohr (589790) | about 2 years ago | (#39503513)

However, it's an interesting counter-point to the commenters who regularly comment(and get modded up to 11) "How about MS fix security in Windows instead of taking down botnets/shipping antivirus etc.).

We can now say "How about MS fix security in Windows AND OFFICE" in our rants.

Re:Microsoft (: (4, Insightful)

mjwx (966435) | about 2 years ago | (#39503671)

There is no way to secure an OS from application exploits including of iOS style lockdown, which these very commenters would slag as "TAKING AWAY MY FREEEDOMZZZ". Sorry, but blaming Windows holes has become passe, especially after malware for OS X and Android(run on a Linux kernel which we are told is secure compared to Windows) has come out.

Fixed that for you.

Remember that IOS gets exploited regularly, including remote exploits like JailbreakMe.com.

LoL (2)

Architect_sasyr (938685) | about 2 years ago | (#39502003)

Apple exploit found in the wild... targets Microsoft product running on Apple OS.

I like the persistence bit though - use the standard plist files to maintain persistence just like any normal piece of code (like maintaining persistence by running a Windows Service).

Re:LoL (-1, Troll)

cpu6502 (1960974) | about 2 years ago | (#39502327)

You don't really believe OS X is impervious to viruses do you? If they can hack Android linux and Apple iOS to install malware, then they can do the same to their big brothers on the desktop.

I guess I could mimic the Apple fans and proclaim, "My Commodore Amiga's OS 4 is awesome. It has no viruses!" Of course that's only because nobody wants to target such a small userbase. Ditto linux. Ditto OS X.

Re:LoL (4, Interesting)

Architect_sasyr (938685) | about 2 years ago | (#39502435)

I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.

Re:LoL (5, Funny)

sg_oneill (159032) | about 2 years ago | (#39503049)

I spend my days working as a mac tech, so no, I really do not. I am, however, still highly amused that it happens this way. In much the same fashion as I am amused when wine is used to exploit a linux box.

You may laugh, but its truer than you think. Many many moons ago I was admining a small network of linux desktops for students at the local university. Management , non technnical of course, demanded that internet explorer be installed on them. After protesting loudly and losing the argument, I ended up deploying ie6 across the network via wine. It took aproximately 3 days before they became infested.

In a strange way, I took that as a surprising confirmation of wine's compatibility.

In the end I replaced the Mozilla browsers icons with E icons and the office twonks where happy. God I hate tech support

Re:LoL (1)

Grishnakh (216268) | about 2 years ago | (#39502457)

Apparently, you're wrong about OS X: someone does want to target it, as seen in the article. And they picked the lowest-hanging fruit, which of course is Microsoft applications running on that platform.

I'm sure there's plenty of other exploits in OS X, but why bother finding those when you can just take advantage of yet another security hole in MS products?

Re:LoL (0)

Anonymous Coward | about 2 years ago | (#39504223)

Shouldn't OS X prevent security holes in applications from causing exploits?

Re:LoL (1)

Grishnakh (216268) | about 2 years ago | (#39504271)

I don't think there's any desktop OS that does such a thing. As long as processes have access to the data owned by that user, there's nothing preventing them from at least mucking with your data. If the user is running as root, then the process can modify system data and break in that way, getting full access to everything on the system. I don't believe Mac OSX has a root/user divide the way most Linux distros do, nor does Windows on the desktop (it frequently does in corporate environments though).

Re:LoL (1)

Bert64 (520050) | about 2 years ago | (#39502583)

AmigaOS is a single user os with virtually none of the security features present in modern systems, if anyone put the effort in to target it i doubt it would stand up very well.

Linux doesn't have a small userbase by any means, it just has a small userbase on the desktop. In other markets, linux is actually huge.
Similarly while OSX may have a relatively small marketshare, it comes bundled with software which is very widely used such as Apache.

Re:LoL (-1, Offtopic)

cpu6502 (1960974) | about 2 years ago | (#39502965)

"-1 Troll"

Oh noes! Whatever will I do? (yawn). You guys remind me of Iranian muslims. Are you going to declare a "fatwa" like the muslims did against cartoonists who drew a satire about Mohammed? "Stone the baastard who said something bad about Apple! Cut off his head!" Ooo. I'm scared.

Re:LoL (0)

Anonymous Coward | about 2 years ago | (#39504333)

If you don't care what anyone thinks of your opinion then why are you posting?

Re:LoL (1)

otuz (85014) | about 2 years ago | (#39503765)

Amiga actually had a lot of viruses. It was the #1 virus platform before Windows 95 (and its successors). Almost all of them were boot block viruses, which spread via bootable copied game floppies from one machine to the next, not the remote-installed stuff.

Re:LoL (4, Informative)

lightknight (213164) | about 2 years ago | (#39502513)

That's quite alright. We find things that target Safari on Windows all the time, so I guess it's more of the same.

Re:LoL (1)

exomondo (1725132) | about 2 years ago | (#39504215)

Apple exploit found in the wild... targets Microsoft product running on Apple OS.

From TFA:
An attacker who successfully exploits this vulnerability could take complete control of an affected system.
http://labs.alienvault.com/labs/index.php/2012/ms-office-exploit-that-targets-macos-x-seen-in-the-wild-delivers-mac-control-rat/ [alienvault.com]

Is that an exaggerated statement or does it indicate some kind of privilege escalation bug in OSX?

Sounds like a vulnerability in a Microsoft product (1)

Anonymous Coward | about 2 years ago | (#39502009)

Another reason to use Open Office.

Re:Sounds like a vulnerability in a Microsoft prod (1)

Anonymous Coward | about 2 years ago | (#39502095)

another reason not to use office software outside a virtual machine...

Re:Sounds like a vulnerability in a Microsoft prod (1)

some1001 (2489796) | about 2 years ago | (#39502233)

Really? Aren't we just getting a little paranoid? Why not take it one step further and suggest to sandbox every application inside the VM OS?

Re:Sounds like a vulnerability in a Microsoft prod (2)

jenic (1231704) | about 2 years ago | (#39502329)

Really? Aren't we just getting a little paranoid? Why not take it one step further and suggest to sandbox every application inside the VM OS?

Great idea! Is someone working on that?

Re:Sounds like a vulnerability in a Microsoft prod (3, Interesting)

otuz (85014) | about 2 years ago | (#39503787)

Apple is actually sandboxing all apps by default in 10.8 "Mountain Lion"

Re:Sounds like a vulnerability in a Microsoft prod (0)

Anonymous Coward | about 2 years ago | (#39502407)

You know if you don't update openoffice for 3 years you are probably just a vulnerable.

Re:Sounds like a vulnerability in a Microsoft prod (1)

Grishnakh (216268) | about 2 years ago | (#39502489)

Not likely; OO.o has a much smaller number of known users than MS Office, so there probably aren't many malware writers bothering with it.

However, MS always seems to have a bad habit of totally ignoring security with their architectural decisions, such as their macro language use in MSO. Someone more knowledgeable than me could comment on how OO.o's (and LO's) macro language compares with MSO's in regard to security.

Re:Sounds like a vulnerability in a Microsoft prod (2, Informative)

Anonymous Coward | about 2 years ago | (#39502611)

Microsoft patched this in 2009

however this from OO-2 is still unpatched
http://secunia.com/advisories/38567/

Re:Sounds like a vulnerability in a Microsoft prod (2)

goodgod43 (1993368) | about 2 years ago | (#39503287)

Solution
Update to version 3.2.

Seriously? That's what you are going to use to scare people away from OO? It took one click to find the solution to your petty quibble.

Office for Mac? (0)

Anonymous Coward | about 2 years ago | (#39502015)

So that's an error in a Microsoft product that allows for Mac to get owned?

I guess that's what you get for using Microsoft (3, Insightful)

Grishnakh (216268) | about 2 years ago | (#39502029)

Interesting that this Mac exploit only applies to Mac users who use Microsoft Word. Not saying that Macs are ultra-secure, but maybe the malware authors are just going after the low-hanging fruit, which is Microsoft software, regardless of what platform it's installed on.

Maybe this is how MS will finally put to rest the notion that Linux is more secure than Windows: they'll release MS Office For Linux, which will then open Linux users up to the same level of insecurity Windows users have had forever.

Re:I guess that's what you get for using Microsoft (4, Insightful)

bmo (77928) | about 2 years ago | (#39502113)

Interesting that this Mac exploit only applies to Mac users who use Microsoft Word

When you include a scripting language in your document spec, expect people to use it.

Good people and bad people.

--
BMO

Re:I guess that's what you get for using Microsoft (4, Insightful)

v1 (525388) | about 2 years ago | (#39502373)

Writing a macro language for your anything that has the ability to silently add/edit the macros in other unrelated documents is just nine kinds of stupid.

Re:I guess that's what you get for using Microsoft (1)

vux984 (928602) | about 2 years ago | (#39502543)

Writing a macro language for your anything that has the ability to silently add/edit the macros in other unrelated documents is just nine kinds of stupid.

What makes you sure something equivalent couldn't be done with iWork and Applescript? I mean other than iWork's marketshare, of course.

Re:I guess that's what you get for using Microsoft (1)

Grishnakh (216268) | about 2 years ago | (#39503531)

No one said Apple's stuff was any less stupidly-designed than MS's.

Re:I guess that's what you get for using Microsoft (1)

MiG82au (2594721) | about 2 years ago | (#39502565)

Stupid? Did you misspell useful? No, of course not, but there's a silver lining in every cloud; my company makes heavy use of probably every dangerous VBA feature for our internal automation.

Re:I guess that's what you get for using Microsoft (1)

tmosley (996283) | about 2 years ago | (#39502809)

I love it when something that is inherently vulnerable is enabled by default when 0.0001% of users actually use it.

There is NO excuse for that.

Re:I guess that's what you get for using Microsoft (0)

Anonymous Coward | about 2 years ago | (#39503091)

You complained, they listened. MS Office macros have been disabled by default for many years now.

(At least in the Windows version, can't say for Mac.)

Re:I guess that's what you get for using Microsoft (2)

v1 (525388) | about 2 years ago | (#39503211)

And in a recent version of office I saw someone receive a word document with macros in it. "DO NOT allow macros to run". She did anyway. Why? Because in their infinite wisdom, it won't ALLOW you to open the document with macros disabled - they give you two options, (1) open it with macros enabled, or (2) don't open it. Brilliant.

I have YET to run into a user that will listen to me when I tell them to never open those, call me and I will clean them. "But I HAD to have that document right now!" and they open it anyway. And then I have a mess to clean up. Thank you so much MS, create a problem, then implement a solution in a way that the average user will be unwilling to use.

Making mistakes due to lack of foresight, ok I can kinda get that. But then compounding the problem with just plain bad decisions is much harder to forgive.

Re:I guess that's what you get for using Microsoft (1)

Grishnakh (216268) | about 2 years ago | (#39503547)

If there's no consequences for her behavior, then she has no reason not to behave that way, since you're apparently on the hook for cleaning up her mess.

Can't you make cleaning her mess low-priority and get to it after a week or so, leaving her unable to do her job in that time? And make sure all the blame is squarely on her shoulders?

Re:I guess that's what you get for using Microsoft (1)

v1 (525388) | about 2 years ago | (#39503763)

Can't you make cleaning her mess low-priority and get to it after a week or so, leaving her unable to do her job in that time?

Besides being a good way to get chewed out/disciplined/fired, BofH-style IT isn't very ethical.

And if you still want to take the selfish approach, think about it... an office secretary with a macro virus loose on her machine, imagine how fast that would propagate around the office? turn one headache into many?

Re:I guess that's what you get for using Microsoft (1)

Grishnakh (216268) | about 2 years ago | (#39503915)

I'm not saying don't fix her machine, but it shouldn't be top priority. Are you really so underworked that you have time to drop everything and fix her machine when she screws up yet again (or someone like her)? If so, then fine; the company has seen the need to have spare people around just to deal with this kind of problem. But most places seem to have more important stuff for their IT people to do than fix dumb problems their users create.

And no, you shouldn't allow her to have a virus loose on her machine; it should be shut off, taken away, and quarantined until fixed. Until then, she can stare at her cubicle walls, and when she isn't getting her work done, she can explain that she screwed up and isn't able to use her computer until IT fixes it, and her performance review can suffer as a result. If the company has a problem with that, they can hire additional IT personnel to sit around playing games until a problem like this comes up.

Re:I guess that's what you get for using Microsoft (1)

foniksonik (573572) | about 2 years ago | (#39504281)

Doesn't work like that. The best you could do would be to giver her a loaner, preferably a P4 with 256MB RAM. If she's got pull she might be able to get that swapped out for a brand new laptop though, which might also be okay - then you give her a few days to get used to a good system, then yank it away and give her back her old one. She'll be miserable either way.

Re:I guess that's what you get for using Microsoft (1)

BitZtream (692029) | about 2 years ago | (#39504335)

Besides being a good way to get chewed out/disciplined/fired, BofH-style IT isn't very ethical.

Treating people who intentionally behave badly the same as those users on your network that comply with usage rules and ITs guidelines is unethical and unfair to all the people who do what you ask them to do.

You shouldn't let that person sit if you have no other tasks, but they damn sure go to the bottom of the list of things to do. Its not fair to punish good employees and make them wait while you deal with a repeat offender who continually does the same stupid shit to cause the same stupid problem.

Re:I guess that's what you get for using Microsoft (1)

MiG82au (2594721) | about 2 years ago | (#39504193)

In office 2010 I can edit and save documents without enabling the macros. I do it all the time.

Re:I guess that's what you get for using Microsoft (1)

Bert64 (520050) | about 2 years ago | (#39502605)

The scripting language is one of the least concerns...
The biggest problem is the complexity and age of the file formats. There is plenty of complexity, and lots of crufty old code waiting to be exploited, while on the other hand the format is poorly documented which makes it hard to validate files against a known good spec.

Re:I guess that's what you get for using Microsoft (1)

sribe (304414) | about 2 years ago | (#39502375)

Damn. I have mod points, but there is no "insightful AND funny" +1.

Re:I guess that's what you get for using Microsoft (0)

Anonymous Coward | about 2 years ago | (#39502667)

>> which will then open Linux users up to the same level of insecurity Windows users have had forever
Doubtful. Over the past few years I can't remember when I've encountered a Linux desktop that was running with root privileges by default. On the other hand, by a very large percentage most consumer (note NOT corporate/small business environment) boxes I've worked on used administrator privilege accounts as general purpose login accounts. Running a day-to-day, typical user account with restricted privileges is the proper and safer way to use any consumer computer. A little more hassle to do things like general maintenance and application/system updates but it's a small sacrifice compared to the time lost fixing or reinstalling/restoring a compromised Windows system. Great way to rack up billable hours in some situations, a horrible wasted of time for others.

Re:I guess that's what you get for using Microsoft (1)

Billly Gates (198444) | about 2 years ago | (#39502983)

Please stop this anti MS and how Windows and anything MS is sooo insecure crap. Its getting old.

Windows has been fairly secure for awhile now. Vista/Windows 7 has DEP, ASLR, sandboxing, process and privilege separation, and a very active security team. I do not see these things in other operating systems except maybe VMS.

If you keep seeing infections then please update your 10 year old XP kernel and stop using old versions of java and flash and install an anti virus package. That is how the vast majority of exploits get installed.

So there is an exploit. They are everywhere in this day and age.

Re:I guess that's what you get for using Microsoft (1)

BitZtream (692029) | about 2 years ago | (#39504401)

Windows has been fairly secure for awhile now. Vista/Windows 7 has DEP, ASLR, sandboxing, process and privilege separation, and a very active security team. I do not see these things in other operating systems except maybe VMS.

Yea, and don't forget the fact that OSX does it better, as does Linux and FreeBSD and probably solaris and the other unix left out there.

Yes, Microsoft is getting better, but they are still the very last ones in the race by a long fucking way. Hell, unix had DEP before windows fucking existed. x86 is just now catching up to what the rest of the CPU world has been doing for 20 plus years, and thats just in my experience, I'm sure it really goes back further than that. Different variants of ASLR were actually just the way things worked on some OSes, not for security but because thats just the way it worked. Non-randomized addressing via the hardware mmu was a freaking wanted improvement to make it easier on programmers. OSX, FreeBSD, Linux, and Solaris have supported various forms of sandboxing for 15 years.

You're really trying to claim MS invented privilege separation on the desktop? Wait, I see the problem, you're unaware of the fact that their are other OSes in existence other than Windows, thats got to be it, how else could you be so silly?

Re:I guess that's what you get for using Microsoft (1)

foniksonik (573572) | about 2 years ago | (#39504243)

Office is installed on all corporate machines, PC and Mac. Corporate espionage is the likely agenda.

Re:I guess that's what you get for using Microsoft (1)

exomondo (1725132) | about 2 years ago | (#39504409)

Interesting that this Mac exploit only applies to Mac users who use Microsoft Word.

The bug they reference in TFA appears to have been patched years ago, so would appear it's only on old systems that haven't been updated in years.

Microsoft! (-1)

Anonymous Coward | about 2 years ago | (#39502047)

If you're using Microsoft software on your Mac you deserve to be hacked.

Re:Microsoft! (2)

viperidaenz (2515578) | about 2 years ago | (#39502281)

Didn't Apple force Microsoft to continute developing Office for Mac with some legal bollocks?

Re:Microsoft! (0)

Anonymous Coward | about 2 years ago | (#39503253)

Yeah, actually they did!
I guess that means Apple themselves deserve to be hacked too then.

Re:Microsoft! (0)

Anonymous Coward | about 2 years ago | (#39504307)

Yes it was an agreement when MS realized that they were about to lose at least 1/2 billion in the Quicktime case so they settled. Part of the settlement was MS continues to make it's office suite for the next 8 years (time has passed and they are still releasing it). Various Windows and Mac technologies would be shared between both corporations. That also ended at the time Vista was released but gave Mac OS X full access to the Win32 API hence they could run a wine level emulator on OS X. This was in the works for Leopard (Run Windows without dual-boot) but was removed from the 200+ features when an agreement was struck with Parallels and VMware not make OS X client VM'able. This has expired as well. Wine developers found proof when OS X set the Finder as the file handler for .exe files.

Android is better! (1)

Anonymous Coward | about 2 years ago | (#39502091)

Oh wait, this isn't an iPhone thread.

Damnit Slashdot, you got me again!

Updates? (1)

Random Data (538955) | about 2 years ago | (#39502103)

Interestingly Office for Mac (at least, the version I have access to) doesn't seem to have automatic updates enabled by default, if it has them at all. It's not my computer, so I'm not going to dig that much - correct me if I'm wrong.

I've used Libreoffice, Neooffice or OO on my mac, and all of those prompt me to update reasonably regularly - certainly more often than every 3 years! While it can be annoying, it's probably better than a compromised computer.

( Insert Microsoft bashing for karma-whore points here)

Re:Updates? (2)

IKnwThePiecesFt (693955) | about 2 years ago | (#39502171)

Office 2008 on my Mac opens the Microsoft Software Updater to check for updates once a month (as long as I open a Microsoft product, including the Office suite or RDP).

Re:Updates? (1)

Random Data (538955) | about 2 years ago | (#39502275)

OK, so I've been playing with 2004 from memory (possibly even earlier), and that's been changed. This means the exploit shouldn't actually affect too many people - if you blindly click "OK" then you'll already be patched. Thanks for confirming.

10,000 hipsters abandon the Mac (5, Funny)

hessian (467078) | about 2 years ago | (#39502107)

It's gone mainstream. Now that it has viruses, it's like the Miley Cyrus of computing.

Time to find something more obscure. OpenVMS on an Atom system with a retro GEOS interface. That's the ticket.

I used to like Apple before it was mainstream, but now I've moved on. Just like with White Ring and fixies.

Re:10,000 hipsters abandon the Mac (2)

Random Data (538955) | about 2 years ago | (#39502199)

Wait, fixies are passé now? Awesome, I can ride mine without people demanding I wear tight jeans and a sour expression!

Re:10,000 hipsters abandon the Mac (1)

BitZtream (692029) | about 2 years ago | (#39504425)

Fixies aren't trendy if the reason you have one is because you're too poor to fix your broken ass derailer. If you do it intentionally on a perfectly functional bike or you go to some bike shop and buy one made that way, then you're a trendy fuck.

Hipsters run Office? (2)

SuperKendall (25149) | about 2 years ago | (#39502283)

Pretty sure Hipsters are still safe.

Nerds who mock hipsters however, remain ever in peril from a universe who loves to inflict identical troubles on those who mock.

Don't blame Microsoft... (3, Insightful)

t4ng* (1092951) | about 2 years ago | (#39502141)

Any OS that can be pwned by an exploit in *any* software running in user mode is insecure. Sorry, but those are the facts.

The reason for using an exploit in MS-Office is because is one of the most commonly used software products on Macs since its very beginning. So developing an exploit that uses a commonly used software means a better chance of spreading it.

Re:Don't blame Microsoft... (0)

Anonymous Coward | about 2 years ago | (#39502241)

It requires the user to be running as admin to take over the machine.

Re:Don't blame Microsoft... (-1)

Anonymous Coward | about 2 years ago | (#39502261)

FUCK YOU, SHILL MOTHERFUCKTARD! Patch yo' shit, microshaft. You motherfuckers get your shill fucks like the drone I'm replying to spew this "woe is MS" bullshit all over the fucking web. Fuckers, this is a three year old bug. FUCKING FIX IT. Oh, and fuck you t4ng* you sorry shill astroturfing piece of scum.

Re:Don't blame Microsoft... (1)

Anonymous Coward | about 2 years ago | (#39502295)

RTFA It's been patched for three years, the vulnerable machines are not running updates.

Re:Don't blame Microsoft... (0)

Anonymous Coward | about 2 years ago | (#39502501)

Oh, he's mad... :D

Re:Don't blame Microsoft... (0)

Anonymous Coward | about 2 years ago | (#39503873)

Any OS that can be pwned by an exploit in *any* software running in user mode is insecure. Sorry, but those are the facts.

The reason for using an exploit in MS-Office is because is one of the most commonly used software products on Macs since its very beginning. So developing an exploit that uses a commonly used software means a better chance of spreading it.

What do you mean "OS that can be pwned by an exploit in *any* software"??

I PROMISE you, if I gain control of your personal account on any desktop operating system, including any Linux based one, that system and any networked systems attached to it are compromised as far as your account has privileges to do so - before we even get into privilege escalation vulnerabilities for which no system has a perfect track record.

You don't need full system level access to completely screw a desktop, and a Mac running MS Office is very much a desktop system. An exploit targeting any business desktop software WILL effectively PWN the system running it, because there is a 99.999% chance that all the system DOES is serve one user.

Even on servers it doesn't matter much, the users of your fancy multi user Unix OS are usually in two groups, ADMINS, and USERS. Everybody in the USERS category has the same sudo access controls and "own" the process that server was commissioned for. I know this is a grand generalization, but face it, that is how nearly all *nix systems deployed today are operated.

Any OS with privilege escalation vulerability is very hurtfully insecure, maybe that is what you meant, but this article is not about THAT.

patched three years ago (5, Informative)

MushMouth (5650) | about 2 years ago | (#39502151)

Actually this is what you get when you shut/put off updates.

mandatory "updates" - [expletive deleted] (1)

Anonymous Coward | about 2 years ago | (#39503235)

From Walking on thin ice By Peter de Jager, an international speaker on the subject of change and technology. He recently testified before Congress on the Year 2000 problem, he used to have a www site devoted to the issue. ...
Here's a good example of a well-known Mac application that can't handle a very simple Year 2000 entry. ...
When I purchased * (in 19XX, version 1.5), I didn't intend to use it for a limited time only. I bought it to perform a particular task for as long as I had reason to perform that task. "Ah ha!" I can hear you cry, "he's not on the most recent version! That's why he's having a problem!" Sorry, but you're missing the point and making a very interesting assumption about the computer software industry. * version 1.5 does everything I want an accounting product to do, so why should I shell out more money for features I don't need, can't afford, or choose not to acquire? ...
I don't know if the concept of mandatory upgrades has been communicated to corporate America. And I don't believe the concept is ethical.
One could argue that the Year 2000 problem in * is a bug, and we all know unexpected bugs are beyond our control. We accept that it's impossible to eradicate all bugs. We live in the real world.
Fair enough. But this expiration date is not unexpected. The programmers of * knew it exists -- after all, they created a specific error message to inform users who violate the allowable range of dates. Hardly what you would describe as an "unexpected" bug.

Re:mandatory "updates" - [expletive deleted] (0)

Anonymous Coward | about 2 years ago | (#39503581)

wish I had some mod points for you.

Meh? (4, Informative)

Anubis IV (1279820) | about 2 years ago | (#39502189)

Macs had a flurry of trojans that hit them last year too. Apple put out the 10.6.8 update that allowed them to deliver daily anti-malware updates, and then used it to block every variant of the trojan within a matter of hours after it first appeared. Since 10.6 or above has been the default on all new Macs for the last 2.5 years, and Software Update is enabled by default to regularly check for updates, you can bet that the vast majority of Mac users will be receiving an automatic anti-malware update sometime later this week or next to deal with the trojan.

secure by design (-1, Troll)

Spiked_Three (626260) | about 2 years ago | (#39502315)

but but but it's not windows? how could this be? for years i've been hearing about more secure by design, didn't have exploits, etc etc,

You mean that was all bullshit?

Re:secure by design (1)

Anonymous Coward | about 2 years ago | (#39502443)

I agree...somehow when there's a post on an MS app being exploited on an MS OS, the attitude is that the OS is so insecure that it allows an apps insecurity to compromise the system--but for some reason if you get an MS app being exploited on a 3rd party OS, it's all about how it's only the apps fault, and has nothing to do with the OS in any way shape or form.

Re:secure by design (0)

Anonymous Coward | about 2 years ago | (#39502463)

Vulnerability is in Microsoft Office, path of infection is opening a loaded Word document.

Re:secure by design (2)

jo_ham (604554) | about 2 years ago | (#39503403)

Being secure by design does not mean it's immune to trojans and software exploits. The two things are not mutually exclusive. You can design a system with an eye on security (for example, not running as root by default, have the default state of network-facing services be "off", that sort of thing) but it does not mean that the software will be immune. There will always be bugs and holes - and on the Mac, there are plenty. There are relatively frequent security updates for OS X (more in the early days, but they have not dried up completely) as potential exploits are discovered and patched.

This isn't even the first trojan for OS X. The hole was patched three years ago though, so only non-updated machines are at risk*.

*note, machines still vulnerable to other OS X security threats, of which there are a few, mainly trojans. Don't download a piece of software from a torrent site claiming to be Microsoft Office.dmg, but is only a few 10's of MB - it's probably a trojan.

Satan (-1)

Anonymous Coward | about 2 years ago | (#39502365)

Satan is at war with God. Who's gonna win, you think?

God says...
severity happen farther fulfilled knocketh create discern
crimes universal Windus chapter rashness walk eateth despair
INCIDENTAL languishing consciousness daughters deformed
United detached successively recent statement fruitfully
cloyedness dissentings ascend redistributing copied weighed
owing

Re:Satan (0)

Anonymous Coward | about 2 years ago | (#39503447)

Is this a game? Am I supposed to put your words into an order that makes sense?
Please tell me this was posted by a bot and not an actual person.

Re:Satan (0)

Anonymous Coward | about 2 years ago | (#39504331)

Cool! Where do I enlist?

Still waiting for a real Linux virus (0)

mark-t (151149) | about 2 years ago | (#39502405)

While I know that some Linux viruses have been done as proof of concept, I don't think anybody has ever successfully made a linux virus that has actually gone "into the wild", as it were.

Re:Still waiting for a real Linux virus (1)

fbartho (840012) | about 2 years ago | (#39502697)

Do you count PHP Worms? Linux runs many webservers that spread various kinds of php worms and spam machines.

The exploits were in poorly configured PHP instances, and poorly written PHP applications, but even if those worms didn't care what OS their server was running, the worms still technically ran on linux (at least some of the time).

Re:Still waiting for a real Linux virus (1)

willaien (2494962) | about 2 years ago | (#39502953)

Considering the sheer stupidly large amount of hits I get from compromised machines trying to SSH into my server, I'd say that there are linux viruses out there.

Re:Still waiting for a real Linux virus (1)

mark-t (151149) | about 2 years ago | (#39504111)

What suggests to you that the compromised machines trying to ssh into your server are running Linux... or any unix variant, for that matter?

Re:Still waiting for a real Linux virus (2)

Billly Gates (198444) | about 2 years ago | (#39503041)

I do not know what world you live on but where do you think the term "root"kit came from?

If you guess the account root and its associated Unix then you are correct.

Linux servers are heavily targeted. I met someone who worked at a bank and all their Suse servers were rootkitted with a virus for the sole purpose of hosting a phishing scheme and stolen credit card database. Sure more viruses target windows to steal the information but where do you think they store the stolen information Linux servers.

There are plenty of viruses for Unix operating systems

Re:Still waiting for a real Linux virus (1)

mark-t (151149) | about 2 years ago | (#39504073)

Root kits are not viruses. They are security exploits, but they must be manually installed by somebody who already has at least user privilege on the machine. I would be willing to bet money that the issue at the bank was not a virus, but a rootkit... possibly a trojan.

My point still stands. I would like somebody to please identify *ANY* linux virus that has ever been caught "in the wild" and has compromised even a modest percentage of actual Linux machines in existence.

Bear in mind that by virus, I mean something that can propagate itself to other computers without any explicit user intervention and can proceed to infect any other computers it reaches that have not been patched to prevent the intrusion.

Re:Still waiting for a real Linux virus (0)

Anonymous Coward | about 2 years ago | (#39503969)

Because hardly anyone except a few FOSS hippies actually run Linux.

Re:Still waiting for a real Linux virus (1)

mark-t (151149) | about 2 years ago | (#39504091)

For definitions of "few" that run in the tens of millions, yes.

Try using noexec in fstab (0)

Anonymous Coward | about 2 years ago | (#39502499)

From TFA:
The second stage then executes and some files are copied to the /tmp/ folder and then executes a script

The problem is NOT the Word document, or even M$, but that some nong has a world-writable temporary file from which programs or scripts can be executed. "noexec" in fstab should put an end to it.

There are no threats. (-1, Flamebait)

Zaelath (2588189) | about 2 years ago | (#39502581)

I've been told for years Macs are impervious to virii because you have to put in your password manually to install anything. Clearly this so-called news is a fake.

/me puts on CarbonX boxers... (0)

Anonymous Coward | about 2 years ago | (#39502875)

"the attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files"

Sooooo.. It's really a targeted attack on MS Office (Mac) users.... Not Mac users.. So Mac users that use, NeoOffice, libreoffice, writeroom, or iWork can resume normal programming...

Or, am I missing something?

Mac exploit via MS Office? Errr, right ... (0)

Anonymous Coward | about 2 years ago | (#39502909)

Microsoft get all the credit for os vulns. Even on other platforms other than Windows.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...