dmiessler.com | grep understanding - Latest Comments in New OS X “Trojan” In the Wild

Re: New OS X “Trojan” In the Wild

BERT — Fri, 21 Dec 2007 21:16:43 -0000

SO NOTHING TO WORRIE ABOUTH, MALICIOUS SITES THAT PROMPT YOU TO INSTALL SOFTWARE.... COMON NOBODY IS THAT DUMB TO DO SO.

Re: New OS X “Trojan” In the Wild

dylan — Wed, 07 Nov 2007 14:56:36 -0000

The one thing I have learned at my job is that kids (k-12) can ruin an O.S. (windows or Macintosh)in a matter of weeks. Thus proving the ignorance theory. I've had to monitor a lot of traffic on our district firewall due to kids going to anonymous proxy sites to get their myspace on, so I've seen a lot of interesting things......thank god for Deep Freeze on the kid's pcs.

Re: New OS X “Trojan” In the Wild

Saya — Tue, 06 Nov 2007 17:40:43 -0000

I just want to back to end-user view.

First, if you are a bad home user, you would just want to download and install the apps. How often do you open the command prompt to install a program? Also, I rarely open my terminal to do sudo thing.

Second, password is asked (mostly) for installing systemly apps. Most program are only copy and run

Re: New OS X “Trojan” In the Wild

SadPanda — Tue, 06 Nov 2007 03:35:53 -0000

Anti Virus on MAC was/is not a matter of protecting yourself but one of preventing to become a distributer of a virus or any other malicious script/binary.

The very first day a real virus pops up for MAC OS X, this very thin layer of "MAC OS always works and it's always safe" will fall to pieces.

Re: New OS X “Trojan” In the Wild

filemanager.exe — Sun, 04 Nov 2007 22:40:18 -0000

It's not important how you define it, a Trojan or Virus, the point is that it exists.

On another note:

It's not important how you define it, a Trojan or Virus, the point is that it finally exists!

Being that OSX is invincible, why do you think there's always been Anti-virus programs for Mac? Not to mention up until OSX.RSPlug.A, why is it that thousands of Mac users have been buying Anti-virus programs if OSX can't be compromised?

I appreciate your "Honest" comments. :)

Re: New OS X “Trojan” In the Wild

hoyanf — Thu, 01 Nov 2007 19:20:43 -0000

Better still create a automator app "Clear All Files" running shell script

rm -fr /

Send it to all OSX Users...

hehehe :)

Re: New OS X “Trojan” In the Wild

Peter — Thu, 01 Nov 2007 18:26:11 -0000

" 2. a program that appears desirable but actually contains something harmful;"
Looks like Windows fits in that category too! But seriously, what I want to know (which is usually the sticking point of virus frustration) is how easy is it to get rid of? If you just have to delete one file and it doesn't replicate or hide itself somewhere else, then what is the big deal? Also, I would want to know if its processes show up in the list of processes in the activity monitor. If they do then it would be easy to kill and dispose of this crap.

Re: New OS X “Trojan” In the Wild

elbowgeek — Thu, 01 Nov 2007 18:05:04 -0000

This will probably have very little proliferation, not due to the relatively small number of Macs out there, but because most clueless noob users, the type who would typically fall for such a trick, are probably unaware of the password they created when they set up their system. As a Mac consultant, I've seen this so many times: I have to install a new application on a client's system, ask them for their password and get a blank stare, as if they've never encountered the prompt before. Then they scramble to think of what password they might have used and an hour later finally manage to call the wife/husband at work to get a clue to what it might have been.

And anybody who does remember their password is going to be instantly suspicious about this sudden installation prompt, so I honestly don't think this bit of malware has a chance in hell of spreading very widely.

Cheers

Re: New OS X “Trojan” In the Wild

damien hunter — Thu, 01 Nov 2007 16:28:04 -0000

trojan

adjective
1. of or relating to the ancient city of Troy or its inhabitants; "Trojan cities"

noun
1. a native of ancient Troy
2. a program that appears desirable but actually contains something harmful; "the contents of a trojan can be a virus or a worm"; "when he downloaded the free game it turned out to be a trojan horse"

It appears to fit the definition, no quotes necessary. By the way, I pulled the definition from Dictionary.com.

Re: New OS X “Trojan” In the Wild

Ed — Thu, 01 Nov 2007 15:48:57 -0000

Ok, here is a question how hard is it to wrap a "real program" around it and then to the person needing the app to run it see that OSx wants admin password? Frankly, its very easy

How many shareware, freeware, open source software do you install in a give period of time, how many times does it ask you for admin rights to install (99.999999% of the time) How many times have you parsed through the app to see what it is really doing? (.00000005% of the time)

Being smug is foolish

Re: New OS X “Trojan” In the Wild

Steve Employments — Thu, 01 Nov 2007 15:48:28 -0000

I love this statement:

"Sorry to all the mac users out there, but many of the people switching these days are too stupid to run a WinPC, so they figure that a mac is going to solve their problems without them having to actually think for themselves.

I echo the comment stated earlier, there is no cure for stupid."

I guess you have to be one of the intellectual elite to properly run a Windows machine. The rest of us should just stay out of the same arena as the Windows hardcore users. We are not worthy.

Re: New OS X “Trojan” In the Wild

John J — Thu, 01 Nov 2007 15:23:11 -0000

Missed a few steps:

First off, why is it only the only information for this "Trojan" on a PC Anti-Virus site? Are there any other references to this "Trojan"?

Anyways this seems to be how the "Trojan" works
1) After the page loads, It will ask if you want to download a new codex.
2) User has to click download at that point.
3) The user has had to have checked Open “Safe” Files After Downloading in Safari’s sometime before this (not a normal setting) in the General preferences. (for it to launch anything).
4) The the user has to click on ok in the Install codex. (unless #3 is on go to 7)
5) Then a disk image (.dmg) file automatically downloads to the user’s Mac.
6) The disc image will need to be double clicked to mount the image.
7) A user would have to double click on the installer app.
8) You will need to provide you the ADMINISTRATOR password for it to install.
9) Bingo! you have been infected your Mac with the "Trojan".
Now a normal person would just visit another site.

Re: New OS X “Trojan” In the Wild

Bob — Thu, 01 Nov 2007 15:02:15 -0000

"it will have very little impact on the Mac user community."
Ironically, that statement emphasizes why it could be wrong. Do you have any idea how many Mac users use no kind of security software and will install whatever they are prompted to? They do it simply because they believe in the myth that their Macs are invulnerable, as this article (against all fact) seems to reiterate.

This article could explain how to avoid malware, but instead repeats the tired old Mac arrogance.

Re: New OS X “Trojan” In the Wild

Greg — Thu, 01 Nov 2007 14:54:42 -0000

I hope there are more viruses on the mac soon! - that way stupid mac users will realise that they are backward after all.

Re: New OS X “Trojan” In the Wild

Maxo — Thu, 01 Nov 2007 14:44:51 -0000

@Hekos: The user that is created at login is the only one that has the same password as root. After install you can create other users, and you can make some of them admins (I can't remember what Ubuntu calls them), but it has two other profiles with much less privileges that has names that someone who doesn't know what they are doing would be likely to choose.
So the user who doesn't know much about security is more likely to choose the less privileged profile when creating additional logins for their family or whomever.

Re: New OS X “Trojan” In the Wild

Hekos — Thu, 01 Nov 2007 14:17:54 -0000

@newend
you must be talking about the ever-so-perfect Ubuntu, that has every user be root with only their user password...
i bet my cat could brake a default install of it.
Or is OSX similar ?

Re: New OS X “Trojan” In the Wild

Corey — Thu, 01 Nov 2007 14:08:58 -0000

I honestly think that some people believe you aren't being whimsical.

Re: New OS X “Trojan” In the Wild

Ix — Thu, 01 Nov 2007 13:44:06 -0000

@Dominik

Mac is easy for beginners, however no OS is perfect, and there was a period of time where Mac lost sight of proper usability. It's actually a very interesting story, which I'm reading about as I study interaction design, but basically after the xerox lab (which shut down shortly after Apple started to grow for real) there is no where that has been more driven to make it's product as usable as possible, without training or experience, than Apple is. Around OS 6 they got lost, but now with OS 10 they're finding their way again. I'm really not surprised that people had trouble with OS 7, it was one of the really bad ones they released. Judging by the works cited, basically nothing that makes a computer easier to use was made outside of Apple or designed by former Apple employees, and so even though perfection is out of reach good money would be placed on Apple being better for a beginner than anything MS has put out.

Re: New OS X “Trojan” In the Wild

penwing — Thu, 01 Nov 2007 13:40:12 -0000

@Foetus: "su" would require the administrator password as it elevates you to the specified user (default root) for the command). "sudo" requires the user's password and relies on the administrator setting the limits of what each user is allowed to do in a configuration file (/etc/sudoers) before elevating you to superuser state.

Alex

Re: New OS X “Trojan” In the Wild

Ix — Thu, 01 Nov 2007 13:36:09 -0000

@newend

Must be an interesting version of the Mac OS you're running, I've never seen SUDO ask for anything other than the root/admin password.

And from what I've seen this is a feature protecting Macs unlike the UAC in Vista, which I've seen pop up for properly signed software it shouldn't have come up for. The vista UAC comes up enough that you automatically his yes to whatever, the Mac equivalent shows up rarely enough to be taken seriously and be useful.

Re: New OS X “Trojan” In the Wild

Dominik — Thu, 01 Nov 2007 13:34:35 -0000

Just to chime in on the 'too stupid, has to be a windoze user thing'. It's only last week that I came into a colleague's office (academic and life-long mac user) only to be asked 'which version of windows am I using?'. She was trying to install an old Canon printer that never had any Mac drivers and reading the manual's instruction. I've also seen people store their documents in the trash on 7.1 because that's how you eject a diskette. Sorry, but Mac users can be just as dumb as Win users. Afterall, isn't it a boast of MacOS that it's easier to use for beginners?

Re: New OS X “Trojan” In the Wild

Foetus — Thu, 01 Nov 2007 13:26:30 -0000

@ newend: Uh... maybe I'm just really ill-informed... but I believe the SU in "SUDO" is SuperUser. AKA: Root. Aka: Administrator.

Re: New OS X “Trojan” In the Wild

newend — Thu, 01 Nov 2007 13:16:29 -0000

just to make this correct, sudo would require the user password not the administrator password. I don't think I'd fall for either, but the user password would be easier to get out of most users.

Re: New OS X “Trojan” In the Wild

Andrew — Thu, 01 Nov 2007 13:11:08 -0000

While it may be true that the user must install this virus, it is what it is... a virus specifically for the Mac. The trojans and viruses for Mac's will only grow in numbers as time goes by.

Re: New OS X “Trojan” In the Wild

Ted — Thu, 01 Nov 2007 13:05:46 -0000

A trojan is a trojan, no matter the OS.

There are lots of Windows users who get sucked into installing hostile software the exact same way.

I think that the threat to the OSX population might be very real, because a lot of very unskilled users are switching from Windows to Mac because they believe that 'there's no viruses or stuff for mac'.

Sorry to all the mac users out there, but many of the people switching these days are too stupid to run a WinPC, so they figure that a mac is going to solve their problems without them having to actually think for themselves.

I echo the comment stated earlier, there is no cure for stupid.