×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Mac Virus Discovered, Making the Rounds

Soulskill posted about 2 years ago | from the sharing-is-caring dept.

OS X 239

sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

239 comments

Misuse of the term "virus". (5, Insightful)

Kenja (541830) | about 2 years ago | (#40500203)

I know its overly popular these days to call any malware, trojan or other malicious bit of software a virus, but they really dont meet the definition. Frankly, I cant think of a real virus being released in quite some time. Which just seems lazy to me.

Re:Misuse of the term "virus". (5, Insightful)

nurb432 (527695) | about 2 years ago | (#40500219)

Misuse use of terms like this really pisses me off.

Like 'hacker', 'pirate', 'theft', and a host of others that have been twisted to the point of being ludicrous.

Re:Misuse of the term "virus". (4, Funny)

jhoegl (638955) | about 2 years ago | (#40500367)

I know right?
I mean, since when did a pirate never sail the seas drinking rum and killing people for their loot? I mean they actually worked for it!
But now a days, you got these kids sitting at home, browsing sites, looking for software that is outside their financial reach so they can learn it to get a good job.
What a bunch of ass grabbers!

Re:Misuse of the term "virus". (3, Informative)

k(wi)r(kipedia) (2648849) | about 2 years ago | (#40501425)

But now a days, you got these kids sitting at home, browsing sites, looking for software that is outside their financial reach so they can learn it to get a good job.

If you sit at home the only thing within reach would be the keyboard. Seriously, I thought the two M's (including some P) was the stuff most kids got off the Net. That's why you get all these BT lawsuits from the entertainment industry, but few from the BSA, which prefers to target people who don't just sit at home all day.

Re:Misuse of the term "virus". (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#40500457)

If a simple misuse of term "pisses you off," I'd hate to see what real world events actually make you angry... what with your low tolerance to pretty much, say, EVERYTHING that doesn't meet your obviously high standards. I'd also hate to see what you actually do about it, because if posting your obvious disdain on /. is just the start then I fear the for safety of any children around you.

Re:Misuse of the term "virus". (3, Insightful)

Alwin Henseler (640539) | about 2 years ago | (#40500523)

Or popular use of the word becoming a generalization for a class of items, as opposed to a specific item in that class. In other words: the average Joe might care to know what malware is (and use "virus" to describe it), but doesn't care enough to devote brain cells in keeping virus / trojan / backdoor etc apart.

We might expect better from /. editors, but then again... ;-)

Re:Misuse of the term "virus". (2)

philofaqs (668524) | about 2 years ago | (#40500609)

Yet the non terms Virii and boxen seem to be acceptable here - real people don't know or care about the technical definitions, all they know is it's buggering up their machine.

Re:Misuse of the term "virus". (0)

Anonymous Coward | about 2 years ago | (#40501281)

Virii is never acceptable and frequently when it is used here it results in a discussion of the proper classes of Latin plurals.

Re:Misuse of the term "virus". (-1)

Anonymous Coward | about 2 years ago | (#40500577)

What can we expect from windows Fanbois... they have to have a way of pointing at a mac and say "LOOK A VIRUS! SEEE!!! I TOLD YOU!"

Re:Misuse of the term "virus". (0)

Anonymous Coward | about 2 years ago | (#40501143)

Add singleton and mentalist to the list.

Re:Misuse of the term "virus". (3, Insightful)

toadlife (301863) | about 2 years ago | (#40500223)

"Virus" is the new "hacker". Get over it.

Re:Misuse of the term "virus". (2, Insightful)

Anonymous Coward | about 2 years ago | (#40500511)

We shouldn't constantly accept wrong terms just because they somehow crept into the language.

Re:Misuse of the term "virus". (0)

Anonymous Coward | about 2 years ago | (#40500537)

Has anyone ever been able to stop this once it has started? I know many who have tried, but I can't think of any that have succeeded offhand.

Re:Misuse of the term "virus". (1)

Anonymous Coward | about 2 years ago | (#40500651)

That use of "hacker" was never incorrect. (Eric Raymond is wrong all the time about everything.)

Re:Misuse of the term "virus". (1)

Darinbob (1142669) | about 2 years ago | (#40500583)

Yes this is getting pretty sad. Like saying a virus from Nigeria tricked me into thinking I'd share in a windfall if I mailed it some money orders first.

Re:Misuse of the term "virus". (2)

ubrgeek (679399) | about 2 years ago | (#40500611)

Not to mention "C+C" ... I'm sure the crappy band would object to being associated with malware*. I think the term is C2 - Command and Control [wikipedia.org].

*Although it would mean more popularity than they've had in years.

Re:Misuse of the term "virus". (0)

Anonymous Coward | about 2 years ago | (#40500773)

Yeah I was wondering what this had to do with Music Factories.

Re:Misuse of the term "virus". (3, Insightful)

nadaou (535365) | about 2 years ago | (#40500921)

the /. editor is not doing his job, which makes the site a worse place to visit.

Re:Misuse of the term "virus". (3, Insightful)

hairyfeet (841228) | about 2 years ago | (#40501081)

Oh please! You say trojan to the average user and the want to know why their PC needs a rubber, you say backdoor and they start looking for that rubber for their PC and you say rootkit you get a deer in the headlights look.

Frankly, and I'm sure i'll get hate for saying this but ask me if I care, truth is truth, is that most of those I've seen that really REALLY care about that is because they are "true believers" who want to use it to say "But it doesn't count!" like an 8 year old demanding a do over on the playground. I have sat here on this very forum literally gobsmacked by people that otherwise seem intelligent saying "Only if it installs without the user does it count!" like the world owes them a do over.

Honestly folks to the end user it doesn't matter if it gets in from the front, back, or from stage left if it fucks their shit up, puts their ID at risk, or turns them into a spammer? Then its a bug, simple as that. if you want to quibble over semantics that is YOUR business but to 99% of the population a bug is a bug is a bug.

Impossible! (-1, Flamebait)

Billly Gates (198444) | about 2 years ago | (#40500225)

According to slashdotters there is no mac
virusrs and never was as only Windows has virii. Malware doesnt count as it would jeopardize the purchasing decisions from these users.

Re:Impossible! (1)

nurb432 (527695) | about 2 years ago | (#40500257)

Well, since this is a trojan and not a virus, your statement is sort of silly and makes you look stupid.

Re:Impossible! (-1, Troll)

Anonymous Coward | about 2 years ago | (#40500377)

No most users feel malware is malware outside of slashdot and saying its not a virus as a way to build your ego is stupid.

Its like saying she is clean! Then you contract hepatitus. But she says she is virus free with a smile and goes on how clean she is.

Re:Impossible! (2)

Demolition (713476) | about 2 years ago | (#40500529)

No most users feel malware is malware outside of slashdot and saying its not a virus as a way to build your ego is stupid.

The GP pointed out that a trojan horse is not a virus. Trojans need user interaction while viruses are self-propagating. Saying that most users can't tell the difference between them (as you appear to be insinuating) is just plain silly.

Its like saying she is clean! Then you contract hepatitus. But she says she is virus free with a smile and goes on how clean she is.

You've said this twice now. None of the previous commenters has said that Macs are immune to viruses. Either your English comprehension is lacking or you're deliberately trying to stir things up.

Re:Impossible! (1)

Anonymous Coward | about 2 years ago | (#40500259)

There aren't. What is being called "viruses" are trojans and other malware that requires the user to install them.

Re:Impossible! (0)

Anonymous Coward | about 2 years ago | (#40501431)

MOD Billy Gates UP!

What is wrong with you people? (4, Insightful)

imagined.by (2589739) | about 2 years ago | (#40500247)

Malware, not virus. Virii aren't installed by the users themselves...

Thank you very much.

Re:What is wrong with you people? (0)

Anonymous Coward | about 2 years ago | (#40500311)

If I have sex with someone I know is infected with hepatitis, does that mean hepatitis is not really a virus?

Re:What is wrong with you people? (4, Insightful)

newcastlejon (1483695) | about 2 years ago | (#40500467)

No it doesn't, but hepatitis isn't a virus anyway. Hepatitis can be caused by a number of different pathogens and viruses are only one kind. Off the top of my head, Listeria can cause it and so can Cryptosporidium (bacteria and protozoa respectively). Of course this is all academic since your analogy was doomed from the start. You'd have had better luck if you compared it to kissing a person with a cold sore (Herpes) on their lips.

Re:What is wrong with you people? (1)

Farmer Tim (530755) | about 2 years ago | (#40500545)

Hepatitis means "infammation of the liver", and can be caused by bacteria, protozoa, fungi, parasites, toxins (including alcohol), pregnancy, auto immune conditions or metabolic deficiencies. Only viral hepatitis is caused by viruses (obviously)...so the answer is no, it's actually a symptom.

Re:What is wrong with you people? (3, Insightful)

ColdWetDog (752185) | about 2 years ago | (#40500615)

But it's an interesting term to use in this discussion because the lay definition is exactly that - hepatitis as a viral infection. Even if it's not the most common form of hepatitis (it would be alcoholic hepatitis in the US at least), it's the one that most people think of.

That isn't to excuse Slashdot editors or submitters for not making that distinction. Somebody needs to wave the pedantic flag now and again.

Re:What is wrong with you people? (4, Insightful)

Farmer Tim (530755) | about 2 years ago | (#40501223)

True enough, most people do think viral when hepatitis is mentioned, but you wouldn't get away with that kind of imprecision in a professional medical forum. I suppose how much a similar terminological distinction matters depends on how close you consider /. is to being a professional tech forum...

[lightbulb]

...OK, it's futile, I get it...

Re:What is wrong with you people? (3, Insightful)

517714 (762276) | about 2 years ago | (#40501087)

As you are a slashdotter, we can safely assume your having sex is purely hypothetical.

Re:What is wrong with you people? (0, Flamebait)

muon-catalyzed (2483394) | about 2 years ago | (#40500453)

> Virii aren't installed by the users themselves...

The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection? Does the OS X possess mechanisms to monitor or block outgoing traffic? Does this system even has a proper driver structure to allow insertion of your monitoring pass-through driver into the TCP or disk driver stack?

Re:What is wrong with you people? (1)

cpu6502 (1960974) | about 2 years ago | (#40500527)

Install AVG on your mac.
End of problems.

Re:What is wrong with you people? (3, Insightful)

BronsCon (927697) | about 2 years ago | (#40500621)

But, that's anti-virus software, and Macs don't have viruses!

This. Right here. Is why. It. Is. Dangerous. To claim. Your. Platform. Does. Not. Have. The same. Security needs. As. Any. Other. Platform.

Hopefully that was slow enough for everyone to follow.

Re:What is wrong with you people? (0, Flamebait)

tbird81 (946205) | about 2 years ago | (#40500699)

I bought my Mac because it had a glossy screen, you insensitive clod.

* No, I don't own a Mac.

Re:What is wrong with you people? (1)

poly_pusher (1004145) | about 2 years ago | (#40500757)

Actually that just changed this week. They aren't saying that Macs can get viruses but they are no longer claiming that Macs don't get PC viruses, which is a pretty weird statement to begin with. http://www.wired.com/wiredenterprise/2012/06/mac_viruses/ [wired.com]

Re:What is wrong with you people? (1)

BronsCon (927697) | about 2 years ago | (#40500807)

That they ever said it is a problem. Now it's in all the fanboi heads and will never go away. Now, I'm not calling every Mac user a fanboi, I'm a Mac user, myself (also Linux and Windows, I use the right tool for the job and none of them are good at everythint I do), so that would be ludircrous. It also pisses me off, as a Mac user, when I'm downmodded for simply voicing my dissent with some of the decisions Apple has made in the age of Lion; some people do truly think that Apple can do now wrong and that, by pointing out what they're doing wrong and why it's wrong, I'm just trolling or being anti-Apple, or what the hell ever. The fact is that I like Snow Leopard, it's accessible enough that I can make it do what I want most of the time, and it doesn't try to push me to consume, consume, consume. Meanwhile, Lion is a huge step in the consume-as-much-as-possible direction, which, for someone who prefers to create, is a bad thing, and Mountain Lion will only make that worse. I won't get into my issues with their current hardware lineup in this post, as I've covered it in several others, but I will say that my wife, a 13 year Mac user, is looking at PCs for her next upgrade right now. Me? I'm looking for an alternative editor, to replace Coda when support (e.g. security updates) for Snow Leopard comes to an end once Mountain Lion is released.

Re:What is wrong with you people? (1)

cpu6502 (1960974) | about 2 years ago | (#40501187)

>>>Lion is a huge step in the consume-as-much-as-possible direction, which, for someone who prefers to create, is a bad thing, and Mountain Lion will only make that worse

Are you saying that because the System Requirements say 2 GB of memory?
That doesn't seem so outrageous.

Re:What is wrong with you people? (1, Interesting)

BronsCon (927697) | about 2 years ago | (#40501395)

I was refering to the user, not the system. Lion's a consumer OS with a focus on consumption of media and apps, rather than a general purpose OS, like Snow Leopard. Mountain Lion is only a step further in this direction.

Re:What is wrong with you people? (2)

raque (457836) | about 2 years ago | (#40500595)

I use Little Snitch [obdev.at] to watch for such things. Unfortunately, with modern software bits and pieces are always calling home. I spend a few hours a week looking up stuff to find out who is doing what.

Re:What is wrong with you people? (0)

Anonymous Coward | about 2 years ago | (#40500619)

You mean that some Mac software calls home without permission? Do you have any examples?

Re:What is wrong with you people? (2)

theArtificial (613980) | about 2 years ago | (#40500811)

Pretty much any software with activation. Adobe Creative Suite, Maxon Cinema 4D are two that I can think of off the top of my head. Typically it's when they're first run, and when checking for updates. It's not some spontaneous dialing that happens randomly (that would require a service).

Re:What is wrong with you people? (5, Informative)

Rosyna (80334) | about 2 years ago | (#40500627)

The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?

Mac OS X has an automatic malware scanner. The malware definitions are checked for updates daily, automatically.

The last update to the definitions was on June 26th, 2012. I do not know if it contains the definitions for this malware yet.

Re:What is wrong with you people? (5, Informative)

beelsebob (529313) | about 2 years ago | (#40500655)

The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?

Yes, there's built in protection against selected malwares, come mountain lion, unsigned, or signed-with-revoked-certificates binaries will not run by default either.

Does the OS X possess mechanisms to monitor or block outgoing traffic?

Yes, and they're turned on by default.

Does this system even has a proper driver structure to allow insertion of your monitoring pass-through driver into the TCP or disk driver stack?

Yes, you can use dtrace to monitor this kind of thing if you want.

Re:What is wrong with you people? (3, Insightful)

thetoadwarrior (1268702) | about 2 years ago | (#40500683)

You're more than welcome to get virus scanners or anything that windows has and it has a firewall. But it already asks you to make sure you're certain you want to run something downloaded and if someone is willing to ignore that and still run a application that someone stranger sent to them then there isn't much hope for them. Idiots will disable anything if they want to run something.

Re:What is wrong with you people? (0)

Anonymous Coward | about 2 years ago | (#40501429)

The plural form of "virus" is "viruses". There is no such thing as "virii".

So what's so special about this one? (0)

Alwin Henseler (640539) | about 2 years ago | (#40500293)

Gonna cover every OS X exploit now ???

What's so special with this one? Is it bringing down the net? Infected millions of machines in a matter of days? Clogging some high-profile sites with junk traffic? Never-seen-before technique for gaining entry?

Yeah, there's malware on OS X too. Get over it.

Re:So what's so special about this one? (1)

toadlife (301863) | about 2 years ago | (#40500341)

The novelty hasn't worn off. We'll know the Mac has reached the big time as a platform when new pieces of malware are not covered.

Re:So what's so special about this one? (3, Insightful)

cpu6502 (1960974) | about 2 years ago | (#40500371)

Only reason it's a big deal is because Apple used to advertise OS X "doesn't get PC viruses." So when a Mac gets one, now everyone jumps on it with a /. article to show apple was wrong.

BTW Apple just removed their claim: http://www.huffingtonpost.com/2012/06/25/mac-virus-apple_n_1625110.html [huffingtonpost.com]

Re:So what's so special about this one? (2)

plate_o_shrimp (948271) | about 2 years ago | (#40500501)

Only reason it's a big deal is because Apple used to advertise OS X "doesn't get PC viruses." So when a Mac gets one, now everyone jumps on it with a /. article to show apple was wrong.

Well, it's still true that OS X doesn't get Windows viruses. Perhaps a tautology, but true nonetheless....

Re:So what's so special about this one? (1)

Osgeld (1900440) | about 2 years ago | (#40501323)

they dont claim windows viruses, they claim PC viruses, last time I checked Apple makes Personal Computers

Re:So what's so special about this one? (1)

plate_o_shrimp (948271) | about 2 years ago | (#40501453)

they dont claim windows viruses, they claim PC viruses, last time I checked Apple makes Personal Computers

But to most people, "PC" is synonymous with "Windows machine", so the analogy holds.

Re:So what's so special about this one? (2, Funny)

easyTree (1042254) | about 2 years ago | (#40500525)

Clearly this is propaganda perpetrated by Mac-Haters.

Re:So what's so special about this one? (1)

Anonymous Coward | about 2 years ago | (#40500809)

I'd like to point out that this popaganda has nothing to do with the McHaters. We're a proud clan, with neigh a hate-on for any OS. We're not mad either, like those McHatters. Please don't confuse us with them.

-Paddy McHater

Re:So what's so special about this one? (0)

Anonymous Coward | about 2 years ago | (#40501119)

Good to see that an appreciation of irony is alive and well within slashdot...

Re:So what's so special about this one? (3, Informative)

thetoadwarrior (1268702) | about 2 years ago | (#40500711)

This story isn't covering a virus either. It is a malicious application but one that relies on an idiot running an application from a stranger and ignoring the warning suggesting that maybe you shouldn't open it.

Re:So what's so special about this one? (-1)

Anonymous Coward | about 2 years ago | (#40501467)

Gonna cover every OS X exploit now ???

What's so special with this one? Is it bringing down the net? Infected millions of machines in a matter of days? Clogging some high-profile sites with junk traffic? Never-seen-before technique for gaining entry?

Yeah, there's malware on OS X too. Get over it.

Figures, I always expected this mentality. Hair splitting, it's not a virus, it's malware, blah, blah.

Yeah, there's malware, get over it.

Well, fuck no... asstwat... been shoving this flower hippie bullshit up our asses for so fucking long
how bout a lil payback.

-@|

Oh, damn (1)

Mr. Firewall (578517) | about 2 years ago | (#40500301)

Now I have to add Uyghur Activist Porn to my list of porn sites to avoid, for fear of getting a virus...

I sure hope I can remember not to click on any of that stuff.

Excuse me... (0)

Anonymous Coward | about 2 years ago | (#40500309)

I was told there would be no viruses.

Re:Excuse me... (0)

Anonymous Coward | about 2 years ago | (#40500337)

Well you're in luck. This is a trojan that requires you to install it yourself.

Re:Excuse me... (2)

wierd_w (1375923) | about 2 years ago | (#40500373)

Oh, so its like windows in bootcamp then?

Re:Excuse me... (1)

philofaqs (668524) | about 2 years ago | (#40500925)

Maybe I'm getting old but what was the last windows virus? That wasn't self inflicted and I mean virus by the current discussion, if apple define virus as something that only Windows can get then they are pretty safe in their claim.

Re:Excuse me... (0)

Anonymous Coward | about 2 years ago | (#40501025)

You mean like those trojans that came on floppy disks and required me to install them myself by simply inserting the disk into my computer?

point-and-grunt? (1)

Tynin (634655) | about 2 years ago | (#40500353)

Reading that I feel like an old man, disconnected from the modern day. Is some new tech online porn technology that I've missed out on? Please... I NEED... TO... KNOW... !!!

Point and grunt ? (4, Funny)

billcopc (196330) | about 2 years ago | (#40500355)

Pardon my crystallized forebrain, but what's "point-and-grunt" ? Is that one of those newfangled hipster Fail-on-Rails thingamabobs that goes into the weird rounded USB thing on my tee-vee ?

Re:Point and grunt ? (5, Funny)

drinkypoo (153816) | about 2 years ago | (#40500513)

Pardon my crystallized forebrain, but what's "point-and-grunt" ?

It's a Zune function. It's what you do before you squirt.

Re:Point and grunt ? (1)

jo_ham (604554) | about 2 years ago | (#40500575)

Pardon my crystallized forebrain, but what's "point-and-grunt" ? Is that one of those newfangled hipster Fail-on-Rails thingamabobs that goes into the weird rounded USB thing on my tee-vee ?

I think it's the summary writer having a dig at the intelligence of Mac users, or if we're being generous, the intelligence of someone who would fall for a trojan in a general sense.

Re:Point and grunt ? (3, Informative)

LordLucless (582312) | about 2 years ago | (#40500633)

I've heard the term before, but not for a while. When I used to hear it, it was a dig at the intelligence of GUI users, as opposed to people who used the CLI. Since the GUI's become so dominant, I haven't heard it nearly so much. Looks like the OP's a recessive.

Re:Point and grunt ? (5, Informative)

Tim99 (984437) | about 2 years ago | (#40501259)

Pardon my crystallized forebrain, but what's "point-and-grunt" ? Is that one of those newfangled hipster Fail-on-Rails thingamabobs that goes into the weird rounded USB thing on my tee-vee ?

OK, It's a way of describing GUI users (particularly of MS Windows). I first came across it in a 1995 paper by Eben Moglen http://moglen.law.columbia.edu/publications/aals95.ps [columbia.edu]

...the designers of operating systems want us to live in an infant’s world . They show you pretty pictues, and in order to communicate you point at the appropriate picture and grunt.

Why is this news? (4, Insightful)

Grayhand (2610049) | about 2 years ago | (#40500389)

It's hard to blame Mac when you open an infected file. People have been unwittingly installing Malware and other infecting programs onto Macs for years. This is very different from one that propagates without the help of the user. It's a non story.

Re:Why is this news? (4, Insightful)

93 Escort Wagon (326346) | about 2 years ago | (#40500559)

Well, except when this happens in the PC world at least some subset of folks do blame Microsoft for it, and loudly.

There was a time when Microsoft WAS at fault - back in the days of Slammer, for example. But most of the malware that goes around anymore relies on social engineering to propagate, because Windows and OS X are really pretty secure.

Re:Why is this news? (4, Insightful)

thetoadwarrior (1268702) | about 2 years ago | (#40500733)

Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.

Re:Why is this news? (4, Insightful)

93 Escort Wagon (326346) | about 2 years ago | (#40501031)

Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.

Except remember how Safari had a similar issue several years ago? It could automatically launch stuff that was downloaded just by virtue of you hitting the wrong page? That's why you get asked now - that was part of the fix Apple added to solve the problem.

I've been a Mac user since 2003. I like the OS, and I think it's had a pretty good security track record overall... but Apple's definitely made a few missteps along the way. Nothing of the sheer magnitude of Slammer or Blaster - the only remote OS X exploit I can remember required the attacker to be on the same subnet (think it was an AFS exploit, but I might be mis-remembering).

Re:Why is this news? (0)

Anonymous Coward | about 2 years ago | (#40500887)

Actually, it isn't hard to blame Apple. I used to sell Mac's, and many sales people told almost every customer that Mac's cannot get viruses (or trojan's) due to the way it is designed ("it's based on Unix"). Furthermore, Apple's own ads deceive users into believing this. Very few people on OSX have anti-virus, and that is purely Apple's fault.

Microsoft on the other hand encourages users to remain secure, and install AV.

Everyone who has been infected by Malware on Mac OSX would have a strong case to sue Apple for deceptive advertising

simple summary. (2)

pbjones (315127) | about 2 years ago | (#40500391)

this isn't a virus, it doesn't replicate. It's an email trojan. It's not a Mac or PC exploit, because it exploits the person not the machine. And it's got a very specific target. Thanks for the warning, I won't, and don't click on attachments anyway.

Fucking editors (0)

Grudge2012 (2662391) | about 2 years ago | (#40500399)

Headline calls it a virus, submission text an exploit. It's neither, it's a fucking Trojan installing a backdoor. Even Kaspersky says so.

Quick! (0)

Anonymous Coward | about 2 years ago | (#40500471)

Summon the fanboi spin squad! They have been getting a workout lately.

Not a trojan (0)

Anonymous Coward | about 2 years ago | (#40500481)

It's not a trojan, its a feature.

Ok (1)

Anonymous Coward | about 2 years ago | (#40500533)

So you have to recieve an email from somone who has been infected, unzip the file, start the program, disregard the warning about running downloaded programs and type in root password?
Scary stuff!
You really deserve to e infected by then. :)

kaspersky now shaking down apple (0)

Anonymous Coward | about 2 years ago | (#40500779)

they need to fucking stop. fuck russia. it was bad enough when these israeli and russian "anti-virus" shit heads were shaking down microsoft now their going after the big money with their scareware bullshit.

Give me a fucking break (3, Funny)

Legion303 (97901) | about 2 years ago | (#40500781)

Kaspersky discovered that if users willingly execute files that turn out to be malicious, their computers will be backdoored.

In other news, I discovered that fire produces heat. Please front-page this important announcement immediately.

Yawn (0, Troll)

Megane (129182) | about 2 years ago | (#40500829)

Wake me up when they find something that can infect a Mac connected to the internet when no is one using it. You know, kind of like "install windows, connect to internet, pwned in 15 minutes"?

Anyone can do a user-mode trojan that says "PLEEZE INSTAWL ME! I'M A UPGRAYD!"

Re:Yawn (0)

Anonymous Coward | about 2 years ago | (#40501029)

Calm down, l33t twrms waz considered outdated when they stopped dev on BitchX

Re:Yawn (3, Informative)

LinuxIsGarbage (1658307) | about 2 years ago | (#40501125)

Wake me up when they find something that can infect a Mac connected to the internet when no is one using it. You know, kind of like "install windows, connect to internet, pwned in 15 minutes"?

Anyone can do a user-mode trojan that says "PLEEZE INSTAWL ME! I'M A UPGRAYD!"

That was only an issue with Pre- WindowsXP-SP2 computers. SP2 was released 8 years ago. With SP2 Windows firewall came enabled by default, which protected unpatched services (like SMB) from being connected directly to the internet.

Re:Yawn (0)

Anonymous Coward | about 2 years ago | (#40501369)

The firewall doesn't stop kernel IP stack vulnerabilities, like this one in Windows 7 http://www.cvedetails.com/cve/CVE-2011-2013/

There are plenty of other firewall-on remote exploits for Windows post XP SP2. And there a ton (I think I counted 8 in Windows 7 alone) of others which can be exploited by someone on your local subnet by responding to the SMB broadcasts that Windows does by default. More if you can control a DNS server.

Jesus, not again (5, Insightful)

sootman (158191) | about 2 years ago | (#40501365)

I know Slashdot editors are famously lazy ('sup, guys!) but why does the summary they posted say "The attachment tricks the Mac user into installing..." when TFA* clearly says "the [attack] described here relies on social engineering to get the user to run the backdoor"? You know, just like every single other Trojan out there?!?** The attachment itself is totally benign until someone clicks on it several times. (Even if you view the message with webmail with Safari's "Open 'safe' files after downloading" in its (admittedly brain-dead) default "checked" position***, you still have to click on the attachment link in your webmail and then double-click the visible file to run it.) The only way this actually happens is if someone reads the email and takes a few steps on their own. As always, the attachment itself does nothing.****

Slashdot has been a techy news site for a decade and a half now. You'd think errors as blatant as this would get caught by the editors, even with their usual lack of checking.

You know what would be an awesome site? Exactly what Slashdot is, but with better editors. (And maybe lay off the JavaScript some.)

Anyway: sky is blue, water is wet, sun rises in the east, and all computers--by definition--are vulnerable to trojans. Film at 11.

And by the way, WTF is "point-and-grunt"? Does that imply that users are dumbly clicking on things? If so, doesn't that also imply that the users just might be the problem? Trojans are trivially easy to write. Here's one in one line:

echo "rm -rf ~/*" > NataliePortmanHotGrits.jpg.command; chmod 755 NataliePortmanHotGrits.jpg.command

Voila. Type that into Terminal, email it to all of Slashdot, and wait for a great disturbance in the Force, as if millions of home directories suddenly cried out in terror and were suddenly silenced.

* I know no one here reads them, but I think the submitter should, right? Even if they don't, they should just submit the URL and not make up shit for the summary.

** Which is to say, like every single Mac "virus" of the last decade as well.

*** Apple even puts "Safe" in quotes, so they obviously know that's not an ideal term. They should set it to "off" by default--and then remove the option.

**** Unlike the bad old days with Outlook Express' infinitely more brain-dead "Hey, let me run that executable attachment for you!" setting.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...