Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New OS X Trojan Adware Injects Ads Into Chrome, Firefox, Safari

timothy posted 1 year,26 days | from the long-sloping-path-down dept.

Botnet 129

An anonymous reader writes "A new trojan specifically for Macs has been discovered that installs an adware plugin. The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple's desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them. The threat, detected as "Trojan.Yontoo.1" by Russian security firm Doctor Web, is part of a wider scheme of adware for OS X that has "been increasing in number since the beginning of 2013," according to the company."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


The only defence is a good HOST file (-1)

Anonymous Coward | 1 year,26 days | (#43237015)

$10,000 CHALLENGE to Alexander Peter Kowalski

Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.

Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?

Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.

If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.

I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.

Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.

Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.

I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.

If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!

You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel, claiming that the APK on OSY was fake.

My reputation as a professional in this field clearly shows in multiple publications in this field in written print, & also online in various GOOD capacities since 1996 to present day. This has happened since I was first published in Playgirl Magazine in 1996 & others to present day, with helpful tools online in programs, & professionally sold warez that were finalists @ Westminster Dog Show 2000-2002.



That was amazing. - http://tech.slashdot.org/comments.pl?sid=3037687&cid=40948073 [slashdot.org]


My, God! It's beatiful. Keep it up, you glorious bastard. - http://news.slashdot.org/comments.pl?sid=3222163&cid=41835161 [slashdot.org]


Let us bask in its glory. A true modern The Wasteland. - http://tech.slashdot.org/comments.pl?sid=3037687&cid=40948579 [slashdot.org]


put your baby IN ME -- I just read this whole thing. Fuck mod points, WHERE DO I SEND YOU MY MONEY?!!! - http://tech.slashdot.org/comments.pl?sid=3037687&cid=40950023 [slashdot.org]


Oh shit, Time Cube Guy's into computers now... - http://news.slashdot.org/comments.pl?sid=3040317&cid=40946259 [slashdot.org]


He's done more to discredit the use of HOSTS files than anyone in the "do it right and set up a firewall" crowd ever could. - http://developers.slashdot.org/comments.pl?sid=3038791&cid=40945357 [slashdot.org]


Can I have some of what you're on? - http://news.slashdot.org/comments.pl?sid=3040317&cid=40947587 [slashdot.org]


this obnoxious fucknuts [apk] has been trolling the internet and spamming his shit delphi sub-fart app utilities for 15 years. - http://linux.slashdot.org/comments.pl?sid=3041123&cid=40954565 [slashdot.org]


oh come on.. this is hilarious. - http://linux.slashdot.org/comments.pl?sid=3041123&cid=40955479 [slashdot.org]


I agree I am intrigued by these host files how do I sign up for your newsletter? - http://linux.slashdot.org/comments.pl?sid=3041123&cid=40961339 [slashdot.org]


Gimme the program that generates this epic message. I'll buy 5 of your product if you do... - http://yro.slashdot.org/comments.pl?sid=3041313&cid=40954251 [slashdot.org]


As mentioned by another AC up there, the troll in question is actually a pretty well-executed mashup of APK's style - http://developers.slashdot.org/comments.pl?sid=3038791&cid=40945357 [slashdot.org]


It's actually a very clever parody of APK - http://developers.slashdot.org/comments.pl?sid=3038791&cid=40944229 [slashdot.org]


Please keep us updated on your AI research, you seem quite good at it. - http://tech.slashdot.org/comments.pl?sid=3038597&cid=40944603 [slashdot.org]


$20,000 to anyone providing proof of Alexander Peter Kowalski's death. - http://games.slashdot.org/comments.pl?sid=3040921&cid=40958289 [slashdot.org]


Obviously, it must be Alexander Peter Kowalski. He's miffed at all these imposters... - http://games.slashdot.org/comments.pl?sid=3040921&cid=40958429 [slashdot.org]


And here I was thinking I was having a bad experience with a Dr. Bronner's bottle. - http://developers.slashdot.org/comments.pl?sid=3041081&cid=40952247 [slashdot.org]


Damn, apk, who the fuck did you piss off this time? Hahahahaahahahahahahaahaha. Pass the popcorn as the troll apk gets pwned relentlessly. - http://linux.slashdot.org/comments.pl?sid=3041123&cid=40954673 [slashdot.org]


I think it's the Internet, about to become sentient. - http://yro.slashdot.org/comments.pl?sid=3041313&cid=40956187 [slashdot.org]


Does anyone know if OpenGL has been ported to Windows yet? - http://politics.slashdot.org/comments.pl?sid=3042199&cid=40956781 [slashdot.org]


golfclap - http://apple.slashdot.org/comments.pl?sid=3029723&cid=40900827 [slashdot.org]


The Truth! wants to be Known! - http://apple.slashdot.org/comments.pl?sid=3029723&cid=40897389 [slashdot.org]


DNS cube? - http://apple.slashdot.org/comments.pl?sid=3029723&cid=40897493 [slashdot.org]


KUDOS valiant AC. - http://apple.slashdot.org/comments.pl?sid=3029723&cid=40897777 [slashdot.org]


Polyploid lovechild of APK, MyCleanPC, and Time Cube --> fail counter integer overflow --> maximum win! - http://apple.slashdot.org/comments.pl?sid=3029723&cid=40899171 [slashdot.org]


You made my day, thanks! - http://games.slashdot.org/comments.pl?sid=3029589&cid=40896469 [slashdot.org]


Wow. The perfect mix of trolls. Timecube, mycleanpc, gnaa, apk... this is great! - http://linux.slashdot.org/comments.pl?sid=3027333&cid=40893381 [slashdot.org]


truer words were never spoken as /. trolls are struck speechless by it, lol! - http://yro.slashdot.org/comments.pl?sid=3042765&cid=41041795 [slashdot.org]


It's APK himself trying to maintain the illusion that he's still relevant. - http://hardware.slashdot.org/comments.pl?sid=3043535&cid=40967209 [slashdot.org]


Mod this up. The back and forth multi posting between APK and this "anti-APK" certainly does look like APK talking to himself. - http://hardware.slashdot.org/comments.pl?sid=3043535&cid=40969175 [slashdot.org]


APK himself would be at the top of a sensible person's ban list. He's been spamming and trolling Slashdot for years. - http://hardware.slashdot.org/comments.pl?sid=3043535&cid=40967137 [slashdot.org]


You got that right. I think. - http://yro.slashdot.org/comments.pl?sid=3044971&cid=40972239 [slashdot.org]


Michael Kristopeit, is that you? - http://politics.slashdot.org/comments.pl?sid=3045075&cid=40972377 [slashdot.org]


ROFL! :) (Now the sick bastard will follow me again) - http://yro.slashdot.org/comments.pl?sid=3138079&cid=41429251 [slashdot.org]


I miss Dr Bob. - http://yro.slashdot.org/comments.pl?sid=3138079&cid=41432027 [slashdot.org]


Not sure if actually crazy, or just pretending to be crazy. Awesome troll either way. - http://yro.slashdot.org/comments.pl?sid=3138079&cid=41432951 [slashdot.org]


Awesome! Hat off to you, sir! - http://news.slashdot.org/comments.pl?sid=3154555&cid=41509273 [slashdot.org]


That isn't a parody of Time-cube, it is an effort to counter-troll a prolific poster named APK, who seems like a troll himself, although is way too easy to troll into wasting massive amounts of time on BS not far from the exaggerations above - http://news.slashdot.org/comments.pl?sid=3154555&cid=41514107 [slashdot.org]


I am intrigued and I wish to subscribe to your newsletter. - http://science.slashdot.org/comments.pl?sid=3164403&cid=41555345 [slashdot.org]


1. You philistine, that is Art . Kudos to you, valiant troll on your glorious FP - http://news.slashdot.org/comments.pl?sid=3222163&cid=41832599 [slashdot.org]


What? - http://news.slashdot.org/comments.pl?sid=3222163&cid=41832673 [slashdot.org]


I don't know if it is poorly-thought-out, but it is demented because it is at the same time an APK parody. - http://news.slashdot.org/comments.pl?sid=3222163&cid=41832905 [slashdot.org]


It is in fact an extremely well thought out and brilliantly executed APK parody, combined with a Time Cube parody, and with a sprinkling of the MyCleanPC spam. - http://news.slashdot.org/comments.pl?sid=3222163&cid=41841251 [slashdot.org]


er... many people have disproved your points about hosts files with well reasoned, factual arguments. You just chose not to listen and made it into some kind of bizarre crusade. And I'm not the timecube guy, just someone else who finds you intensely obnoxious and likes winding you up to waste your time. - http://news.slashdot.org/comments.pl?sid=3222163&cid=41843313 [slashdot.org]


performance art - http://yro.slashdot.org/comments.pl?sid=3224905&cid=41847089 [slashdot.org]


it's apk, theres no reason to care. - http://yro.slashdot.org/comments.pl?sid=3224905&cid=41847097 [slashdot.org]


Seems more like an apk parody. - http://yro.slashdot.org/comments.pl?sid=3224905&cid=41847661 [slashdot.org]


That's great but what about the risk of subluxations? - http://yro.slashdot.org/comments.pl?sid=3224905&cid=41847101 [slashdot.org]


Oh, come on. Just stand back and look at it. It's almost art, in a Jackson Pollock sort of way. - http://ask.slashdot.org/comments.pl?sid=3227697&cid=41868923 [slashdot.org]


Read carefully. This is a satirical post, that combines the last several years of forum trolling, rolled into one FUNNY rant! - http://ask.slashdot.org/comments.pl?sid=3227697&cid=41864711 [slashdot.org]


I can has summary? - http://ask.slashdot.org/comments.pl?sid=3227697&cid=41861327 [slashdot.org]


I'd have a lot more sympathy if you would log in as APK again instead of AC. - http://it.slashdot.org/comments.pl?sid=3228991&cid=41868133 [slashdot.org]


If [apk] made an account, it would be permanently posting at -1, and he'd only be able to post with it twice a day. - http://it.slashdot.org/comments.pl?sid=3228991&cid=41869409 [slashdot.org]


DAFUQ I just look at? - http://apple.slashdot.org/comments.pl?sid=3229177&cid=41869085 [slashdot.org]


Trolls trolling trolls... it's like Inception or something. - http://apple.slashdot.org/comments.pl?sid=3229177&cid=41869353 [slashdot.org]


We all know it's you, apk. Stop pretending to antagonize yourself. - http://bsd.slashdot.org/comments.pl?sid=3229179&cid=41869305 [slashdot.org]


Do you know about the shocking connection between APK and arsenic? No? Well, your innocence is about to be destroyed. - http://news.slashdot.org/comments.pl?sid=3472971&cid=42939965 [slashdot.org]


Send bug reports to 903 east division street, syracuse, ny 13208 - http://yro.slashdot.org/comments.pl?sid=3483339&cid=42972783 [slashdot.org]


Now you've made me all nostalgic for USENET. - http://mobile.slashdot.org/comments.pl?sid=3486045&cid=42981977 [slashdot.org]


Google APK Hosts File Manager. He's written a fucking application to manage your hosts file. - http://mobile.slashdot.org/comments.pl?sid=3486045&cid=42984521 [slashdot.org]


In case you are not aware, the post is a satire of a fellow known as APK. The grammar used is modeled after APK's as you can see here [thorschrock.com]. Or, you can just look around a bit and see some of his posts on here about the wonders of host files. - http://mobile.slashdot.org/comments.pl?sid=3486045&cid=42983119 [slashdot.org]


You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times. - http://it.slashdot.org/comments.pl?sid=3486901&cid=42989683 [slashdot.org]


"What kind of meds cure schizophrenic drunk rambling?" -> "Whatever APK isn't taking" - http://developers.slashdot.org/comments.pl?sid=3501001&cid=43028403 [slashdot.org] http://developers.slashdot.org/comments.pl?sid=3501001&cid=43028425 [slashdot.org]


I'm confused, is apk trolling himself now? - http://developers.slashdot.org/comments.pl?sid=3501001&cid=43029495 [slashdot.org]


Excellent mashup. A++. Would troll again. - http://news.slashdot.org/comments.pl?sid=3503531&cid=43037445 [slashdot.org]


Your ideas are intriguing to me, and I wish to subscribe to your newsletter. - http://hardware.slashdot.org/comments.pl?sid=3506945&cid=43048291 [slashdot.org]


Best. Troll. Ever. - http://hardware.slashdot.org/comments.pl?sid=3506945&cid=43044811 [slashdot.org]


I like monkeys. - http://science.slashdot.org/comments.pl?sid=3508287&cid=43051505 [slashdot.org]


This is one of the funniest things I've ever read. - http://science.slashdot.org/comments.pl?sid=3508287&cid=43052263 [slashdot.org]


lul wut? - http://news.slashdot.org/comments.pl?sid=3510265&cid=43057839 [slashdot.org]


I admire this guy's persistence. - http://science.slashdot.org/comments.pl?sid=3511487&cid=43063797 [slashdot.org]


It's a big remix of several different crackpots from Slashdot and elsewhere, plus a liberal sprinkling of famous Slashdot trolls and old memes. - http://science.slashdot.org/comments.pl?sid=3511487&cid=43063881 [slashdot.org]


Tabloid newspapers have speculated for years that APK is a prominent supporter of Monsanto. Too bad we didn't believe them sooner! - http://science.slashdot.org/comments.pl?sid=3511487&cid=43063893 [slashdot.org]


Here's a hint, check out stories like this one [slashdot.org], where over 200 of the 247 posts are rated zero or -1 because they are either from two stupid trolls arguing endless, or quite likely one troll arguing with himself for attention. The amount of off-topic posts almost outnumber on topic ones by 4 to 1. Posts like the above are popular for trolling APK, since if you say his name three times, he appears, and will almost endlessly feed trolls. - http://science.slashdot.org/comments.pl?sid=3511487&cid=43064383 [slashdot.org]


I love this copypasta so much. It never fails to make me smile. - http://science.slashdot.org/comments.pl?sid=3512099&cid=43069271 [slashdot.org]


^ Champion Mod parent up. - http://science.slashdot.org/comments.pl?sid=3513659&cid=43067371 [slashdot.org]


I appreciate the time cube reference, and how you tied it into the story. Well done. - http://yro.slashdot.org/comments.pl?sid=3521721&cid=43094565 [slashdot.org]


The day you are silenced is the day freedom dies on Slashdot. God bless. - http://tech.slashdot.org/comments.pl?sid=3522191&cid=43097221 [slashdot.org]


AHahahahah thanks for that, cut-n-pasted.... Ownage! - http://science.slashdot.org/comments.pl?sid=3522219&cid=43097215 [slashdot.org]


Don't hate the player, hate the game. - http://games.slashdot.org/comments.pl?sid=3526293&cid=43110679 [slashdot.org]


If you're familiar with APK, the post itself is a pretty damn funny parody. - http://mobile.slashdot.org/comments.pl?sid=3528603&cid=43115215 [slashdot.org]


">implying it's not apk posting it" --> "I'd seriously doubt he's capable of that level of self-deprecation..." - http://mobile.slashdot.org/comments.pl?sid=3528603&cid=43115337 [slashdot.org] http://mobile.slashdot.org/comments.pl?sid=3528603&cid=43115363 [slashdot.org]


No, the other posts are linked in a parody of APK's tendency to quote himself, numbnuts. - http://mobile.slashdot.org/comments.pl?sid=3528603&cid=43116855 [slashdot.org]


The thirteenth link is broken. Please fix it. - http://mobile.slashdot.org/comments.pl?sid=3528603&cid=43115361 [slashdot.org]


Just ban any post with "apk", "host file", or "hosts file", as that would take care of the original apk too. The original has been shitposting Slashdot much longer & more intensively than the parody guy. Or ban all Tor exit nodes, as they both use Tor to circumvent IP bans. - http://tech.slashdot.org/comments.pl?sid=3561925&cid=43216431 [slashdot.org]


Sadly this is closer to on-topic than an actual APK post is. - http://tech.slashdot.org/comments.pl?sid=3561925&cid=43216225 [slashdot.org]


YOU ARE A GOD AMONG MEN. - http://tech.slashdot.org/comments.pl?sid=3569149&cid=43236143 [slashdot.org]


Did you see the movie "Pokemon"? Actually the induced night "dream world" is synonymous with the academic religious induced "HOSTS file" enslavement of DNS. Domains have no inherent value, as it was invented as a counterfeit and fictitious value to represent natural values in name resolution. Unfortunately, human values have declined to fictitious word values. Unknowingly, you are living in a "World Wide Web", as in a fictitious life in a counterfeit Internet - which you could consider APK induced "HOSTS file". Can you distinguish the academic induced root server from the natural OpenDNS? Beware of the change when your brain is free from HOSTS file enslavement - for you could find that the natural Slashdot has been destroyed!!

FROM -> Man - how many times have I dusted you in tech debates that you have decided to troll me by ac posts for MONTHS now, OR IMPERSONATING ME AS YOU DID HERE and you were caught in it by myself & others here, only to fail each time as you have here?)...

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking.

cower in my shadow some more, feeb. you're completely pathetic.

Disproof of all apk's statements:
http://slashdot.org/comments.pl?sid=3040317&cid=40946043 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040729&cid=40949719 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040697&cid=40949343 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040597&cid=40948659 [slashdot.org]
http://slashdot.org/comments.pl?sid=3037687&cid=40947927 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040425&cid=40946755 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040317&cid=40946043 [slashdot.org]
http://slashdot.org/comments.pl?sid=3038791&cid=40942439 [slashdot.org]
http://slashdot.org/comments.pl?sid=3024445&cid=40942207 [slashdot.org]
http://slashdot.org/comments.pl?sid=3038597&cid=40942031 [slashdot.org]
http://slashdot.org/comments.pl?sid=3038601&cid=40942085 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040803&cid=40950045 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040867&cid=40950563 [slashdot.org]
http://slashdot.org/comments.pl?sid=3040921&cid=40950839 [slashdot.org]
http://slashdot.org/comments.pl?sid=3041035&cid=40951899 [slashdot.org]
http://slashdot.org/comments.pl?sid=3041081&cid=40952169 [slashdot.org]
http://slashdot.org/comments.pl?sid=3041091&cid=40952383 [slashdot.org]
http://slashdot.org/comments.pl?sid=3041123&cid=40952991 [slashdot.org]
http://slashdot.org/comments.pl?sid=3041313&cid=40954201 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042199&cid=40956625 [slashdot.org]
http://slashdot.org/comments.pl?sid=3029723&cid=40897177 [slashdot.org]
http://slashdot.org/comments.pl?sid=3029589&cid=40894889 [slashdot.org]
http://slashdot.org/comments.pl?sid=3027333&cid=40886171 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042451&cid=40959497 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042547&cid=40960279 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042669&cid=40962027 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042765&cid=40965091 [slashdot.org]
http://slashdot.org/comments.pl?sid=3042765&cid=40965087 [slashdot.org]
http://slashdot.org/comments.pl?sid=3043535&cid=40967049 [slashdot.org]
http://slashdot.org/comments.pl?sid=3044971&cid=40972117 [slashdot.org]
http://slashdot.org/comments.pl?sid=3044971&cid=40972271 [slashdot.org]
http://slashdot.org/comments.pl?sid=3045075&cid=40972313 [slashdot.org]
http://slashdot.org/comments.pl?sid=3045349&cid=40973979 [slashdot.org]
http://slashdot.org/comments.pl?sid=3046181&cid=40978835 [slashdot.org]
http://slashdot.org/comments.pl?sid=3046211&cid=40979293 [slashdot.org]
http://slashdot.org/comments.pl?sid=3050711&cid=41002319 [slashdot.org]
http://slashdot.org/comments.pl?sid=3118863&cid=41341925 [slashdot.org]
http://slashdot.org/comments.pl?sid=3131751&cid=41397971 [slashdot.org]
http://slashdot.org/comments.pl?sid=3138079&cid=41429005 [slashdot.org]
http://slashdot.org/comments.pl?sid=3146511&cid=41469199 [slashdot.org]
http://slashdot.org/comments.pl?sid=3146549&cid=41469495 [slashdot.org]
http://slashdot.org/comments.pl?sid=3154555&cid=41509255 [slashdot.org]
http://slashdot.org/comments.pl?sid=3164403&cid=41555261 [slashdot.org]
http://slashdot.org/comments.pl?sid=3222163&cid=41832417 [slashdot.org]
http://slashdot.org/comments.pl?sid=3224905&cid=41846971 [slashdot.org]
http://slashdot.org/comments.pl?sid=3227697&cid=41861263 [slashdot.org]
http://slashdot.org/comments.pl?sid=3228787&cid=41866351 [slashdot.org]
http://slashdot.org/comments.pl?sid=3228683&cid=41866627 [slashdot.org]
http://slashdot.org/comments.pl?sid=3228991&cid=41866737 [slashdot.org]
http://slashdot.org/comments.pl?sid=3229177&cid=41868513 [slashdot.org]
http://slashdot.org/comments.pl?sid=3229177&cid=41868567 [slashdot.org]
http://slashdot.org/comments.pl?sid=3229179&cid=41869275 [slashdot.org]
http://slashdot.org/comments.pl?sid=3229765&cid=41872927 [slashdot.org]
http://slashdot.org/comments.pl?sid=3472971&cid=42939773 [slashdot.org]
http://slashdot.org/comments.pl?sid=3483339&cid=42972349 [slashdot.org]
http://slashdot.org/comments.pl?sid=3486045&cid=42981835 [slashdot.org]
http://slashdot.org/comments.pl?sid=3486901&cid=42988415 [slashdot.org]
http://slashdot.org/comments.pl?sid=3500483&cid=43026797 [slashdot.org]
http://slashdot.org/comments.pl?sid=3501001&cid=43028205 [slashdot.org]
http://slashdot.org/comments.pl?sid=3503531&cid=43033535 [slashdot.org]
http://slashdot.org/comments.pl?sid=3504883&cid=43040365 [slashdot.org]
http://slashdot.org/comments.pl?sid=3506945&cid=43044767 [slashdot.org]
http://slashdot.org/comments.pl?sid=3507727&cid=43048175 [slashdot.org]
http://slashdot.org/comments.pl?sid=3507873&cid=43049019 [slashdot.org]
http://slashdot.org/comments.pl?sid=3508287&cid=43051385 [slashdot.org]
http://slashdot.org/comments.pl?sid=3509683&cid=43054221 [slashdot.org]
http://slashdot.org/comments.pl?sid=3510265&cid=43056879 [slashdot.org]
http://slashdot.org/comments.pl?sid=3511487&cid=43063711 [slashdot.org]
http://slashdot.org/comments.pl?sid=3512099&cid=43066627 [slashdot.org]
http://slashdot.org/comments.pl?sid=3513659&cid=43066843 [slashdot.org]
http://slashdot.org/comments.pl?sid=3521721&cid=43094323 [slashdot.org]
http://slashdot.org/comments.pl?sid=3521669&cid=43094855 [slashdot.org]
http://slashdot.org/comments.pl?sid=3521797&cid=43096277 [slashdot.org]
http://slashdot.org/comments.pl?sid=3522191&cid=43096733 [slashdot.org]
http://slashdot.org/comments.pl?sid=3522219&cid=43097179 [slashdot.org]
http://slashdot.org/comments.pl?sid=3522851&cid=43101761 [slashdot.org]
http://slashdot.org/comments.pl?sid=3523181&cid=43103421 [slashdot.org]
http://slashdot.org/comments.pl?sid=3526293&cid=43109809 [slashdot.org]
http://slashdot.org/comments.pl?sid=3526893&cid=43114659 [slashdot.org]
http://slashdot.org/comments.pl?sid=3528603&cid=43115059 [slashdot.org]
http://slashdot.org/comments.pl?sid=3528811&cid=43116535 [slashdot.org]
http://slashdot.org/comments.pl?sid=3561925&cid=43216155 [slashdot.org]
http://slashdot.org/comments.pl?sid=3569095&cid=43234975 [slashdot.org]
http://slashdot.org/comments.pl?sid=3569109&cid=43235533 [slashdot.org]
http://slashdot.org/comments.pl?sid=3554655&cid=43201719 [slashdot.org]
http://slashdot.org/comments.pl?sid=3554655&cid=43209405 [slashdot.org]
http://slashdot.org/comments.pl?sid=3569149&cid=43236007 [slashdot.org]
http://slashdot.org/comments.pl?sid=0020721&cid=43236047 [slashdot.org]
http://slashdot.org/comments.pl?sid=3569235&cid=43236165 [slashdot.org]
http://slashdot.org/comments.pl?sid=3569173&cid=43236409 [slashdot.org]


* :)

Ac trolls' "BIG FAIL" (quoted): Eat your words!

P.S.=> That's what makes me LAUGH harder than ANYTHING ELSE on this forums (full of "FUD" spreading trolls) - When you hit trolls with facts & truths they CANNOT disprove validly on computing tech based grounds, this is the result - Applying unjustifiable downmods to effetely & vainly *try* to "hide" my posts & facts/truths they extoll!

Hahaha... lol , man: Happens nearly every single time I post such lists (proving how ineffectual these trolls are), only showing how solid my posts of that nature are...

That's the kind of martial arts I practice.

Re:The only defence is a good HOST file (-1)

Anonymous Coward | 1 year,26 days | (#43237239)

Happy now??? Grow up dickhead!!!

Inb4 apple h8rz (2)

noh8rz10 (2716597) | 1 year,25 days | (#43237491)

Inb4 cries of "but apple always said they were virus free!" NB this is a Trojan which the user installs himself. These have always been an issue with macs, although not very prevalent. Now OSx has built in blacklisting which is pushed out to all computers every update. I'm sure this will be blocked in the near future if not blocked already. Not too shabby, eh?

Re:Inb4 apple h8rz (-1)

Anonymous Coward | 1 year,25 days | (#43237899)

Ooh god stfu. Majority of applefags couldnt tell the difference between the two. Congrats on having a brain. Maybe you can actually use it

Re:Inb4 apple h8rz (2)

Wookact (2804191) | 1 year,25 days | (#43238367)

You do realize that in the minds of 99.9% of the population that trojans are a type of virus. Therefore if you say you are immune to viruses, and you KNOW that people think trojans are viruses, and you DO NOT clarify. Then you have INTENTIONALLY misled people.

Re:Inb4 apple h8rz (2)

noh8rz10 (2716597) | 1 year,25 days | (#43238509)

what do you want me to say? regardless of people's perceptions, words have definitions, and those definitions are what defines them. truth and accuracy are the twin torches by which I light my path in life.

Re:Inb4 apple h8rz (2, Interesting)

Wookact (2804191) | 1 year,25 days | (#43238587)

Actually in the world of communications, misunderstandings are the speakers fault, and not the listeners fault.

Apple intentionally mislead people. It does not matter if they are technically correct, they left out key information that would have assisted the listener in understanding the issue better. That makes it AOK in my book at least to gripe about the fact that Apple mislead the pleebs.

Food for thought::
Bill Clinton said he did not have sex with Monica, and he didn't, and people still got pissed at him for "lying". Why is that?

Re:Inb4 apple h8rz (1)

noh8rz10 (2716597) | 1 year,25 days | (#43239673)

I dont think you know much about communications. Perhaps you misunderstood what I said earlier?

Re:Inb4 apple h8rz (1)

Wookact (2804191) | 1 year,25 days | (#43240001)

I have obviously failed to explain my position adequately.

I understood you correctly if you were saying that apple never made the overt claim that they are safe from trojans. Therefore people should not make any disparaging comments concerning their previous statments.

My supposition is because they made an overt claim that it was safe from viruses, that they implied that they were protected from malware. Due to the implication that Apple was safe and others were not, that they mislead consumers.

That is exactly like Billy misleading America when he said he did not have sex. He did something that most people would consider a form of sex, even if it technically is not.

Apple claimed they do not have viruses. They do have stuff that many people would consider viruses. Even if they technical are not.

Therefore if people believe that Bill lied, then the same logical steps could be used to come to the same conclusion that Apple lied.

Re:Inb4 apple h8rz (1)

noh8rz10 (2716597) | 1 year,25 days | (#43240397)

to be fair, if you go back to the marketing material, you'll see that apple claimed to be immune to PC viruses. A very true statement!

Re:Inb4 apple h8rz (1)

kermidge (2221646) | 1 year,25 days | (#43241719)

Given the percentage of people who watch television and the number of some of the advertisements I've seen, I'd venture that most people consider Trojans to be a brand of raincoat to be worn by Mr. Willie "Pud" Johnson for, among other things, preventing the spread of viruses and such.

Re: Inb4 apple h8rz (2)

mjwx (966435) | 1 year,25 days | (#43241493)

Very shabby. Blacklists suck as a defence. Look at how many different versions of Windows Trojans like Zeus and Conficker there are. Blacklisting one only means that a malware author has to make minor revisions to get around it. A malware author with half a brain would have prepared several in advance. Blacklist all you like. It wont help against an unpatched vulnerability or an 0day. The problem with Apple security is that Apple have trained their users to believe they are automagically protected.

Re: Inb4 apple h8rz (0)

noh8rz10 (2716597) | 1 year,25 days | (#43241863)

Just sayin, whenever there is an apple story all the googtards and apple h8rz come out to play. I'm trying to inject some rational logic into the convo.

Re: Inb4 apple h8rz (2)

smash (1351) | 1 year,25 days | (#43242171)

Which is where gatekeeper comes in. If gatekeeper is enabled this will either warn that this is unsigned code, or outright prevent it from running unless the user bypasses it manually. I.e., if you run a current OS (even back to 10.7.4) - you are, by default, protected from this.

Re:Inb4 apple h8rz (1)

smash (1351) | 1 year,25 days | (#43242149)

Furthermore, even if you don't use the blacklisting, both Lion (Pretty sure, since 10.7.4) and Mountain Lion both have gatekeeper. Which if enabled or left enabled will warn that this software is not signed.

Sure, if you have this option turned off then you can run and install it like any other software. But if you've turned that option off, it is expected that you know what you are doing.

Re:The only defence is a good HOST file (1)

benjfowler (239527) | 1 year,25 days | (#43237455)

Utterly pointless.

This guy isn't even pissing anybody off for entertainment value.

Doesn't compute.

Re:The only defence is a good HOST file (2)

black3d (1648913) | 1 year,25 days | (#43237891)

He's trying to do a parody of Time Cube. www.timecube.com It's a relatively good impression in places, but it'd be better in a more appropriate article.

Re:The only defence is a good HOST file (0)

Anonymous Coward | 1 year,25 days | (#43237645)


Clarification (3, Insightful)

schneidafunk (795759) | 1 year,26 days | (#43237043)

Can someone explain to me why advertisers would want to pay for bogus clicks? How does this money get laundered to hide the trojan creator and also defraud the advertiser?

Re:Clarification (0)

Anonymous Coward | 1 year,26 days | (#43237111)

They pay without wanting to, that's the short answer. There's no filter for "good clicks"

Re:Clarification (1)

schneidafunk (795759) | 1 year,25 days | (#43237351)

That's not 100% true. I've done adword campaigns through Google (and other sites) and was able to track the return on investment from different ads & clicks.

Re:Clarification (2)

Darinbob (1142669) | 1 year,25 days | (#43239463)

It's their own fault. They do automatic signup and usage of advertising, without ever meeting their customers or getting a contract. Imagine an ad agency doing this with radio and television stations; you could just mail in a letter saying you are manager of WAFK 101.1 FM, and their spot played 27 times, so please pay up.

Better Question (4, Interesting)

Deathlizard (115856) | 1 year,26 days | (#43237335)

Can Someone explain to me why Yontoo is detected on the Mac Platform but on Windows it's totally ok.

While we're at it, why are any of these still not detected by any malware scanner. Even as a Potentially Unwanted Program? I'm sure just about anything listed here does a lot more malicious stuff than anything spyware like Gator ever did.

Anything from Conduitt
Anything from Mindspark Interactive
coupon wonderland
big fish games
we care ASCPA Reminder (my personal favorite. When you uninstall it, it basically accuses you of wanting to kill puppies.)
shop to win
inbox toolbar
anything from Crawler
24x7 help

Most of the above either popup ads, install, or trick users into installing more junk like registry scanners, fake flash players and the like. Yet almost no scanner I've found short of JRT or ADWcleaner gets rid of these things.

It's about time these AV companies wake the heck up and realize that Spyware is back disguising itself as adware and is more prevalent than ever,

Re:Better Question (0)

Anonymous Coward | 1 year,25 days | (#43238109)



This is a valid question.

And while we're at it, let's put Wajam on that list, too.

Re:Better Question (1)

Aryeh Goretsky (129230) | 1 year,25 days | (#43244037)


Not sure which anti-malware software you are using, but a quick check of my employer's gave me half-a-dozen hits:

Not sure about the others, but would not be surprised if they are detected, just with a different name than you wrote. Maybe you just need to change anti-malware software, and make sure detection of Potentially Unwanted Applications [welivesecurity.com] is turned on on it.


Aryeh Goretsky

this is how it works (0)

Anonymous Coward | 1 year,25 days | (#43237385)

When you have a website and get Google's advertising, they'll pay you when someone clicks on the ads being shown on your site - when I did it, they wouldn't send you a check until your Google ad acount hit $100; which is A LOT of clicks - tens of thousands. That's right, if you never hit $100, Google keeps the money - they kept about $20+ from me.

So, if you have something or someone that can click the ads, you could rake it in at the advertisers' expense. It's against their policy and if they found out, they'd just shut your account down, but it happens and I don't think that they can check.

Makes sense (0, Troll)

ColdWetDog (752185) | 1 year,26 days | (#43237055)

As everyone on Slashdot knows, Apple users exist only to spend money. They have no other useful information (who cares about email contacts these days). Just get them to click on the ads and you're golden.


Re:Makes sense (2, Funny)

Anonymous Coward | 1 year,26 days | (#43237115)

Meanwhile the communists using Linux are not a target since they all have ad blockers and get their content via torrents anyway.

Re:Makes sense (0)

Anonymous Coward | 1 year,26 days | (#43237223)

"... not a target because of the average aptitude level of the users .."


Re:Makes sense (0)

Anonymous Coward | 1 year,25 days | (#43237845)

Personally, I've been using Linux for a decade and a half and I'm borderline retarded.

I guess I'm just helping to level out that average.

Re:Makes sense (0)

Anonymous Coward | 1 year,25 days | (#43239457)

Personally, I've been using Linux for a decade and a half and I'm borderline retarded.

That's his point, they'd struggle to understand the ads anyway.

Great Strategy (1)

Anonymous Coward | 1 year,26 days | (#43237063)

>hopes that users will generate money for its creators by viewing (and maybe even clicking) them

Nothing makes me want to support a company more than when in injects advertising onto my computer.

Not true !!! (0, Funny)

Anonymous Coward | 1 year,26 days | (#43237133)

This has to be a lie, because everybody knows there is no such thing as viruses, worms or ad-ware on OS-X operating systems. They're so advanced, that these things are impossible.

Re:Not true !!! (0, Flamebait)

Lumpy (12016) | 1 year,25 days | (#43237673)

You must be one of those retards that posted the same comments over on lifehacker...

I love how utterly uneducated you fools are.

I'll worry when it can spread without an installer (5, Insightful)

Kenja (541830) | 1 year,26 days | (#43237137)

Basically, this requires you to download and execute an installer, then click through it (including entering the administrator password). At that point, you could have installed something far worse then adware.

Re:I'll worry when it can spread without an instal (1, Funny)

RedHackTea (2779623) | 1 year,26 days | (#43237199)

Hmmm, so the only useful thing from this /. post: I like the adorable, red robot with the shiny key!

Re:I'll worry when it can spread without an instal (4, Insightful)

h4rr4r (612664) | 1 year,26 days | (#43237201)


The user is a flaw every OS has.

Re:I'll worry when it can spread without an instal (1)

the_Bionic_lemming (446569) | 1 year,26 days | (#43237237)

Only now, it's "Blame the user" instead of the way it used to be - "Blame that Buggy OS" ..

Re:I'll worry when it can spread without an instal (4, Insightful)

h4rr4r (612664) | 1 year,26 days | (#43237329)

Not at all.

Blame the buggy OS is when you get a nice drive by install or virus. Adware that requires a user to install is always the users fault.

Re:I'll worry when it can spread without an instal (1)

Thrill Science (2845693) | 1 year,25 days | (#43237587)

No it's not always the user's fault. Try doing this on an un-jailbroken iOS device.

Re:I'll worry when it can spread without an instal (1)

h4rr4r (612664) | 1 year,25 days | (#43237647)

Then you tell the user to do a jailbreak. Sure it might not always work, but conning users is conning users.

I would rather take the risk, than have my ability to own my computers stolen from me.

Re:I'll worry when it can spread without an instal (1)

dgatwood (11270) | 1 year,25 days | (#43238895)

No it's not always the user's fault. Try doing this on an un-jailbroken iOS device.

Only the approach is different. There's nothing preventing you from convincing users to install a web browser that provides some customization features and displays extra ads in exchange. And if you can convince them to install it and use it, you now have adware that isn't really substantially different from adware that installs itself as a Safari browser extension on the desktop.

So yes, adware that requires a user to explicitly install it is always the user's fault. You can certainly try to make it harder for the user to make changes that they can't undo, as iOS does (and, to some degree, OS X does), but ultimately if a user is so naïve that he or she is incapable of recognizing scams, that user will eventually get conned, and there's really not much you can do about it besides finding and arresting the people who do the conning and punishing them harshly so that they will serve as an example to others.

Re:I'll worry when it can spread without an instal (1)

BasilBrush (643681) | 1 year,25 days | (#43240161)

There's nothing preventing you from convincing users to install a web browser that provides some customization features and displays extra ads in exchange.

Unless the app is up front about this in it's description, then the app will be rejected. If it *is* upfront, and the user chooses to install it anyway, then it's not a problem. The user decided the tradeoff was worth it for the features they are getting.

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43239535)

Wasn't it a while back where it was a feature of said platform that simply opening a PDF would jb said devices?

Re:I'll worry when it can spread without an instal (1)

smash (1351) | 1 year,25 days | (#43242213)

Try doing this with gatekeeper enabled. If it works at all, it will be for a limited time only until apple revoke the cert, and go after the developer who the cert was issued to.

Re:I'll worry when it can spread without an instal (1)

AmiMoJo (196126) | 1 year,25 days | (#43241879)

Maybe they are complaining that MacOS runs any software you like, unlike iOS where everything is curated by Apple. This "criticism" (I view it as a complement) is often levelled at Android, for example.

Re:I'll worry when it can spread without an instal (1)

BasilBrush (643681) | 1 year,25 days | (#43240071)

Well not quite. This is where the curated app store of iOS comes in. The user can only install apps from a store that requires the apps to be prevetted. And the store will remove any malware that manages to sneak past the vetting process, as soon as it becomes known.

This is removing user stupidity as a vector for trojans.

Re:I'll worry when it can spread without an instal (1)

hawk (1151) | 1 year,25 days | (#43241617)


This isn't "malware;" it's "stupidware."


Re:I'll worry when it can spread without an instal (4, Funny)

j00r0m4nc3r (959816) | 1 year,26 days | (#43237227)

At that point, you could have installed something far worse then adware

Like RealPlayer

Re:I'll worry when it can spread without an instal (1)

Anonymous Coward | 1 year,25 days | (#43237893)

At that point, you could have installed something far worse then adware

Like RealPlayer


Re:I'll worry when it can spread without an instal (2)

BLToday (1777712) | 1 year,25 days | (#43238035)

QuickTime on Mac is pretty useful. It's shit on WIndows. On the Mac, QuickTime can be used for screen recording and is generally pretty fast. Never knew how useful a screen recorder was until my friend needed to record a training session. Windows version is like me trying to run a marathon in a business suit, isn't very functional and pretty slow.

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43241111)

Yeah but you look so damn sharp.

Re:I'll worry when it can spread without an instal (1)

BasilBrush (643681) | 1 year,25 days | (#43240189)

Jeez, you just reminded me of one of the things that pushed me to switch to OSX. The Realplayer menace - shudder.

Re:I'll worry when it can spread without an instal (0)

thetoadwarrior (1268702) | 1 year,26 days | (#43237281)

Exactly. It doesn't really target OS X, it targets complete morons.

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43237375)

Exactly, and everyone knows Apple [youtube.com] product users are known for their savvy!

Re:I'll worry when it can spread without an instal (2)

smash (1351) | 1 year,25 days | (#43242233)

Most of the network engineers, storage engineers I know run Mac Laptops. Linus himself owns apple machines. Try again.

Re:I'll worry when it can spread without an instal (1)

marsu_k (701360) | 1 year,25 days | (#43244139)

Linus himself owns apple machines.

...and he runs Linux on them, your point is?

Re:I'll worry when it can spread without an instal (3, Funny)

Anonymous Coward | 1 year,26 days | (#43237315)

You and the summary left out the best part: the installer's name is "Free Twit Tube." Almost as bad as a girl on a dating site agreeing to go out with someone with the username "DonkeyPunchLover."

Re:I'll worry when it can spread without an instal (2)

Anubis IV (1279820) | 1 year,25 days | (#43237389)

Exactly. And given past trends, it's entirely likely that there will be a malware definition update pushed out to all Macs running the last few iterations of OS X within the next 24-48 hours, rendering this threat moot.

Moreover, even in the case of idiotic users, the default behavior on all new Macs is to not allow installs from unregistered developers. I.e. This malware will only work against folks who ignore all warnings and are using something other than the latest release, which had an extremely fast adoption rate, or for users who have explicitly chosen to override the default behavior, in which case they'll still need to ignore all of the warnings.

Re:I'll worry when it can spread without an instal (2, Insightful)

Anonymous Coward | 1 year,25 days | (#43237941)

And then, after downloading, and authenticating the install, OS-X also reminds you that it is from the Internet and you might want to pause and consider before actually launching the program.

It really does target people who *want* to run it.

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43237521)

Unlike in Windows, where you simply have to view an advert in Internet Explorer and your system is infected...

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43237801)

You mean just like that other thing that happened to mac users last year?

Re:I'll worry when it can spread without an instal (3, Insightful)

amicusNYCL (1538833) | 1 year,25 days | (#43238191)

Unlike in Windows, where you simply have to view an advert in Internet Explorer and your system is infected...

IE itself is exploited no more than 10% of the time to infect a Windows computer. Windows gets drive-by infections these days from exploits in Java, Acrobat, and Flash, which are not unique to Windows. There's no reason for attackers to focus on a single browser any more when they can instead target a plugin like Java that works across all browsers.

Re:I'll worry when it can spread without an instal (1)

McFly777 (23881) | 1 year,25 days | (#43239377)

There's no reason for attackers to focus on a single browser any more when they can instead target a plugin like Java that works across all browsers.

Java... Write once, Infect everywhere!

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43241751)

I'd say typically Windows users who don't use IE are savvy enough to have things like adblock, no script, have disabled java in their browser etc. It is the users who "stick with the defaults" who are more likely to be infected. Chances are they won't even have any malware protection installed either. This could maybe be your "mom and pop" crew, or the people who simply believe IE is secure thanks to Microsoft's adverts and removing browser choice (http://www.bbc.co.uk/news/technology-21684329). Not saying others don't get infected, just they are typically more knowledgeable. Thankfully, it seems most people are realising using a Windows OS means making a lot of changes to browsing habits, as Chrome now seems to have a large portion of the browser market share (http://en.wikipedia.org/wiki/Usage_share_of_web_browsers).

Re:I'll worry when it can spread without an instal (1)

smash (1351) | 1 year,25 days | (#43242247)

You mean like the huge number of users still running Firefox 3.5, despite there being many security updates it doesn't have?

Re:I'll worry when it can spread without an instal (0)

Anonymous Coward | 1 year,25 days | (#43237989)

Then it wouldn't be called a trojan but a worm...

Macos, like windoze, is a juicy target because it has a lot of users and many of those are completely clueless.

Re:I'll worry when it can spread without an instal (1)

smash (1351) | 1 year,25 days | (#43242189)

You also forgot - bypass gatekeeper or click through the "are you sure, this is unsigned code?" warning.

Yontoo (2)

BradleyAndersen (1195415) | 1 year,26 days | (#43237163)

Yontoo has been around already, and not just @ Macs. I recently removed it from a Windows 7 PC. The uninstaller does not uninstall (shock!) ... one needs to remove registry keys to prevent this thing from sticking itself into Chrome, IE, etc. Spybot will find it well before Norton and others.

Re:Yontoo (2)

MachineShedFred (621896) | 1 year,25 days | (#43237495)

Luckily for Mac users though, that if it installs from a standard PKG or MPKG (which another comment above basically states) you can go to /var/db/receipts and get the entire bill of materials for that package with the lsbom command.

Pipe that into a delete routine, and you're all set.

(this works as a fairly effective uninstall for most PKG installs)

Re:Yontoo (1)

BasilBrush (643681) | 1 year,25 days | (#43240245)

Interesting. Is that how apps like AppZapper know what to delete when uninstalling some random app?

I'm not sure how useful it would be for malware though, because when it's run for the first time, it can of course create new copies of files with different names and/or locations.

Re:Yontoo (1)

MachineShedFred (621896) | 1 year,25 days | (#43244685)

I haven't looked at AppZapper, but I did write a perl script that would uninstall just about any PKG by reversing the order of the lsbom output, and then deleting files, and deleting the directory if it was empty.

Worked like a champ for getting rid of an application that liked to scribble all over the disk, rather than be a good Mac app and self-contain...

As for the malware thing, it's got to run from somewhere. As they can't even be bothered to find themselves a proper exploit to get installed, I doubt they are executing from somewhere not in the following list:

Find the .plist, blow it away, reboot. The rest is benign.

Here it comes (0)

Sparticus789 (2625955) | 1 year,26 days | (#43237171)

In this corner, wearing the green trunks, the Apple FanBoys. In the opposing corner, wearing the blue trunks, the Windows FanBoys. Standing outside the ring, holding the steel folding chair and molotov cocktail, the Linux FanBoys. LET THE GAMES BEGIN!

uh oh (4, Interesting)

slashmydots (2189826) | 1 year,26 days | (#43237225)

Yontoo Layers is a "legitimate" advertising program that just barely complies with US laws. I find it on at least 1 in 3 customer computers at my shop. It has a legit uninstaller and asks for permission to install by piggybacking on freeware and installer framers like download.com's new atrocity. So to call it a trojan is just asking for another Symantec style lawsuit for defamation, etc. You have to call it "possibly unpopular software" now. And if this is coincidentally another Yontoo unrelated to the actual company, that's a whole new depth of deep shit they're in for naming it that. That'd be right up there with naming it Pepsi.

Pepsi (0)

Anonymous Coward | 1 year,25 days | (#43239375)

That's brilliant, naming a virus after a brand to keep people from talking negatively about it.

Re:Pepsi (1)

slashmydots (2189826) | 1 year,25 days | (#43241021)

Don't virus writers rarely name their viruses? It's usually "security researchers" they name them. They should stop giving them such cool-sounding names half the time! Seriously@ Yontoo is crap but I've heard stuff like overlord and mega-justaboutanything and things sounding like a japanese robot. Seriously. Call it jackass1, asshole2, and my favorite, srslywtfwhatajackass32

Simpler the Better (1)

F.Minusia (748125) | 1 year,26 days | (#43237233)

Seems to be done in a simpler way without depending on Java. But the report at Dr webs does not say much?

I remember when they'd convince you to install it (0)

Anonymous Coward | 1 year,25 days | (#43237355)

By offering to pay you. Was it AllAdvantage? AdAdvantage? I can't recall. I got like one check from them.

Was nice.

It seems that every year /. hypes a Mac Trojan. (-1, Troll)

RocketRabbit (830691) | 1 year,25 days | (#43237371)

These proof of concept Trojans, which were likely all created by AV software companies, come out every year or so and Slashdot reports on them like clockwork.

What about the Trojan that delets all your data? It looks like this, and works on Linux too!

rm -rf /

Re:It seems that every year /. hypes a Mac Trojan. (1)

CanHasDIY (1672858) | 1 year,25 days | (#43237545)

shred -fuz /*

Re:It seems that every year /. hypes a Mac Trojan. (1)

AliasMarlowe (1042386) | 1 year,25 days | (#43238081)

shred -fuz /*

If you're not logged in as root (and many linuxes strongly discourage it), you'd need a sudo in front of that. Anyway,
sudo srm -rz /*
would work better, as it will wipe many jounaled file systems. Both would leave fragments around on NFS volumes, however.

While you're at it, don't forget to leave the shred or srm command until last, after you've cleaned "empty" space and the swap file. To clean empty space, first fill it with:
sudo scrub -X -s 1G /
Some versions of scrub will also remove the files securely after making them, but others don't. So it's best to securely delete them in a separate step. The swap partition should be wiped with:
sudo swapoff -a
sudo umount -f /dev/swap_partition
sudo sswap -z /dev/swap_partition

Then you can issue the shred or srm command, leaving you a nice clean unbootable system.

Re:It seems that every year /. hypes a Mac Trojan. (1)

CanHasDIY (1672858) | 1 year,25 days | (#43239679)

... aaaaand this is why I continue to visit Slashdot! Great post, man. Just spiffy. /nosarc

Re:It seems that every year /. hypes a Mac Trojan. (1)

0111 1110 (518466) | 1 year,25 days | (#43243437)

How can you use sudo without the account password? Also, what if sudo is not installed?

Re:It seems that every year /. hypes a Mac Trojan. (1)

flyingfsck (986395) | 1 year,25 days | (#43238037)

Yeah well, rm -rf is so 01d 5k001. You can do much better on bleeding edge Linux distros with: cat /dev/zero /tmp/crashme

I don't believe it! (1)

Thrill Science (2845693) | 1 year,25 days | (#43237441)

Steve Jobs told me the Mac was secure by design, and immune to attacks. I'm going to stick my fingers in my ears and sing "LA LA LA." This is obviously propaganda spread by Windows users.

Re:I don't believe it! (-1)

Anonymous Coward | 1 year,25 days | (#43237723)

Look everyone another person with an IQ below 81. Because he is too fucking stupid to know the different between a HACKER ATTACK, a VIRUS, and adware that requires the users to install it.

Put your thumb and finger on your forehead and say "herpderp" for the rest of the day you tard.

Re:I don't believe it! (1)

Anonymous Coward | 1 year,25 days | (#43237839)

Everyone here knows that when a user installs something malicious on Windows it is Microsoft's fault, but when a user installs something malicious on OS X it is the user's fault. Come on that is Slashdot 101.

macs don't get viruses... (0)

Anonymous Coward | 1 year,25 days | (#43238357)

...they get CANCER.

Lies..... (1)

Anonymous Coward | 1 year,25 days | (#43238719)

Lies.. All Lies.. Mac's can't be infected.

doctor web is an extortionist outfit (0)

Anonymous Coward | 1 year,25 days | (#43240019)

they create the virus and then "discover it". fuck russia and fuck russians.

Re:doctor web is an extortionist outfit (0)

Anonymous Coward | 1 year,25 days | (#43241573)

In Russia, the security firm controls the viruses.

internet explorer? (0)

Anonymous Coward | 1 year,25 days | (#43242121)

i was gonna ask why the adware doesn't inject advertisments into internet explorer, then i remembered most everyone doesn't use IE 5.2.3 on Mac OS X Snow Leopard 10.6. lol. But on a serious note; i didn't know that Apple operating systems encounter adware and malware. i only thought Windows computer catch adware. learned something new today.

bitch (-1)

Anonymous Coward | 1 year,25 days | (#43242437)

fun to be again. Hubbard a8d Mike if you* don't Usenet is roughly
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account