macmalware?

Anything that doesn't fit anywhere else below.

Moderators: Calilasseia, amok, ADParker

macmalware?

#1  Postby Onyx8 » Apr 06, 2012 6:35 am

I'm so not a nerd, but someone sent me this.

http://www.bbc.co.uk/news/science-environment-17623422
The problem with fantasies is you can't really insist that everyone else believes in yours, the other problem with fantasies is that most believers of fantasies eventually get around to doing exactly that.
User avatar
Onyx8
Moderator
THREAD STARTER
 
Posts: 13444
Age: 58
Male

Canada (ca)
Print view this post

Ads by Google


Re: macmalware?

#2  Postby Pulvinar » Apr 06, 2012 6:41 am

Has anyone here actually been a victim of this Flashback trojan?

http://www.macworld.com/article/1166227/analyst_600_000_macs_infected_with_trojan_horse.html

"Information security consultant Adrian Sanabria wrote on his blog that he is unconvinced about Dr. Web’s findings: “So far, I haven’t seen any other reports numbering the victims of Flashback, but if accurate, such a large infection rate on Macs may change common perception of OS X as ‘virus-proof’ and could result in a spike in Mac antivirus software sales.

“However, given that the company reporting these numbers is in the business of selling antivirus software, I think we need to see their claims corroborated before we get too excited,” he added. Mikko Hypponen from F-Secure commented on Twitter on Dr. Web’s findings, saying: “We can’t confirm or deny the figure.”
Pulvinar
 
Posts: 193

Print view this post

Re: macmalware?

#3  Postby Onyx8 » Apr 06, 2012 6:45 am

Thanks for that. It's not like my heartbeat was raised, just that I figured something might be up.
The problem with fantasies is you can't really insist that everyone else believes in yours, the other problem with fantasies is that most believers of fantasies eventually get around to doing exactly that.
User avatar
Onyx8
Moderator
THREAD STARTER
 
Posts: 13444
Age: 58
Male

Canada (ca)
Print view this post

Re: macmalware?

#4  Postby The_Metatron » Apr 06, 2012 6:48 am

Yeah, this big story comes from a company called Kaspersky. Guess what they sell?
My blog, Skepdick.eu

"If a human disagrees with you, let him live. In a hundred billion galaxies, you will not find another." - Carl Sagan
User avatar
The_Metatron
Moderator
 
Name: Jesse
Posts: 14693
Age: 51
Male

Country: United States
United States (us)
Print view this post

Re: macmalware?

#5  Postby Haven » Apr 06, 2012 7:09 am

I've used Macs for years, and have never once had a problem with malware. Like everyone else, this is probably just a case of a company wanting to sell some products.
"Les mortels sont égaux; ce n'est pas la naissance, c'est la seule vertu qui fait la différence." -- Voltaire
User avatar
Haven
 
Posts: 45
Age: 28
Male

Country: USA
Jolly Roger (arr)
Print view this post

Re: macmalware?

#6  Postby james1v » Apr 06, 2012 8:29 am

I suspect the only "spike" we will see, is in their sales. :coffee:
"When humans yield up the privilege of thinking, the last shadow of liberty quits the horizon". Thomas Paine.
User avatar
james1v
 
Name: James.
Posts: 8628
Age: 56
Male

Country: UK
United Kingdom (uk)
Print view this post

Re: macmalware?

#7  Postby Scar » Apr 06, 2012 9:36 am

Of course there can be and is malware for macs. It's just that by far the majority of malware is targetting windows, so we on osx are fairly save.
Image
User avatar
Scar
 
Name: Michael
Posts: 3163
Age: 28
Male

Country: Germany
Germany (de)
Print view this post

Ads by Google


Re: macmalware?

#8  Postby orpheus » Apr 06, 2012 12:10 pm

Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.
I think that language has a lot to do with interfering in our relationship to direct experience. A simple thing like metaphor will allow you to go to a place and say 'this is like that'. Well, this isn't like that. This is like this.

–Richard Serra
User avatar
orpheus
 
Posts: 6676
Age: 49
Male

Country: New York, USA
United States (us)
Print view this post

Re: macmalware?

#9  Postby Scar » Apr 06, 2012 12:32 pm

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.
Image
User avatar
Scar
 
Name: Michael
Posts: 3163
Age: 28
Male

Country: Germany
Germany (de)
Print view this post

Re: macmalware?

#10  Postby campermon » Apr 06, 2012 12:49 pm

Scar wrote:Of course there can be and is malware for macs. It's just that by far the majority of malware is targetting windows, so we on osx are fairly save.


Scary though, that malware has crossed the species barrier..

:shock:
Scarlett and Ironclad wrote:Campermon,...a middle aged, middle class, Guardian reading, dad of four, knackered hippy, woolly jumper wearing wino and science teacher.
User avatar
campermon
Moderator
 
Posts: 14857
Age: 44
Male

United Kingdom (uk)
Print view this post

Re: macmalware?

#11  Postby orpheus » Apr 06, 2012 1:09 pm

Scar wrote:
orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.


Well, does it retain that robust property of such systems?
I think that language has a lot to do with interfering in our relationship to direct experience. A simple thing like metaphor will allow you to go to a place and say 'this is like that'. Well, this isn't like that. This is like this.

–Richard Serra
User avatar
orpheus
 
Posts: 6676
Age: 49
Male

Country: New York, USA
United States (us)
Print view this post

Re: macmalware?

#12  Postby Godless Infidel » Apr 06, 2012 1:34 pm

Apple hired unix developers to rewrite unix, yet again, in order to have their own closed source version. Unix≠open source. *nix OSs are by somewhat less vulnerable to malware but not significantly so. Extensive efforts to make OSX non-nerd friendly have undermined security further. As market share increases malware will follow.
"Let it be remembered that all churches have persecuted heretics to the extent of their power. Toleration has increased only when and where the power of the church has diminished"
-Robert Green Ingersoll 1874
User avatar
Godless Infidel
 
Posts: 1019
Age: 1
Male

Canada (ca)
Print view this post

Re: macmalware?

#13  Postby Scar » Apr 06, 2012 1:36 pm

Well OSX is based on Darwin, which is an open-source OS created by apple. It basically is OSX without the graphical interface.
Image
User avatar
Scar
 
Name: Michael
Posts: 3163
Age: 28
Male

Country: Germany
Germany (de)
Print view this post

Re: macmalware?

#14  Postby PsYcHoTiC_MaDmAn » Apr 06, 2012 6:04 pm

The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?


which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.


on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:
orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too
Image
User avatar
PsYcHoTiC_MaDmAn
 
Posts: 1367

Print view this post

Re: macmalware?

#15  Postby felltoearth » Apr 06, 2012 8:12 pm

Apparently the Trojan requires your password to install a spoofed version of Flash Player from a malware site. Supplying a password to an untrusted install from a dodgy site is like letting a thief in through your front door. FYI, any legit site will send you directly to Adobe to install Flash and will not have you install directly from their site. If you are installing an app or plugin that requires your password, it's buyer beware.

Incidentally, as recommended, I checked using the Terminal app (it's in your Utilities folder) and my system's clean. Also patched Java using Update today.

Here are instructions for those concerned:

http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you're home free and you're not (yet) infected by Flashback. You can proceed to the "Run Software Update" section of this post. If they do return results, then it's likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.
"Walla Walla Bonga!" — Witticism
User avatar
felltoearth
 
Posts: 3167
Age: 47

Canada (ca)
Print view this post

Ads by Google


Re: macmalware?

#16  Postby The_Metatron » Apr 06, 2012 8:46 pm

PsYcHoTiC_MaDmAn wrote:
The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.

[Reveal] Spoiler: comments on which I am not commenting
on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:
orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too

Follow the money, man. You don't see a possible conflict of interest with a seller of anti-virus software telling us the sky is falling?

There are other sources for this sort of information.
My blog, Skepdick.eu

"If a human disagrees with you, let him live. In a hundred billion galaxies, you will not find another." - Carl Sagan
User avatar
The_Metatron
Moderator
 
Name: Jesse
Posts: 14693
Age: 51
Male

Country: United States
United States (us)
Print view this post

Re: macmalware?

#17  Postby PsYcHoTiC_MaDmAn » Apr 07, 2012 12:22 am

felltoearth wrote:Apparently the Trojan requires your password to install a spoofed version of Flash Player from a malware site. Supplying a password to an untrusted install from a dodgy site is like letting a thief in through your front door. FYI, any legit site will send you directly to Adobe to install Flash and will not have you install directly from their site. If you are installing an app or plugin that requires your password, it's buyer beware.

Incidentally, as recommended, I checked using the Terminal app (it's in your Utilities folder) and my system's clean. Also patched Java using Update today.

Here are instructions for those concerned:

http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you're home free and you're not (yet) infected by Flashback. You can proceed to the "Run Software Update" section of this post. If they do return results, then it's likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.



thats not the one for this exploit, the first java hole required a password, the second which followed up just required you to visit a site with exploit code on it. no password needed
http://www.theregister.co.uk/2012/04/05/flashback_trojan_botnet/
Image
User avatar
PsYcHoTiC_MaDmAn
 
Posts: 1367

Print view this post

Re: macmalware?

#18  Postby PsYcHoTiC_MaDmAn » Apr 07, 2012 12:29 am

The_Metatron wrote:
PsYcHoTiC_MaDmAn wrote:
The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.

[Reveal] Spoiler: comments on which I am not commenting
on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:
orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too

Follow the money, man. You don't see a possible conflict of interest with a seller of anti-virus software telling us the sky is falling?

There are other sources for this sort of information.


very well, they list this specific vulnerability on the front page
Apple Update for Java for OS X Lion and Mac OS X
Wednesday, April 4, 2012 at 10:03 am

Apple has released a Java update for the following products to address multiple vulnerabilities:

OS X v10.6.8
OS X server v10.6.8
OS X Lion v10.7.3
Lion Server v10.7.3

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive information.

US-CERT encourages users and administrators to review Apple article HT5228 and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2011-5035 can be found in the US-CERT Vulnerability Note VU#903934.


the claims of a 600k botnet arise from a russian AV firm having gotten data from a command server due to apple not patching the java exploit quickly http://nakedsecurity.sophos.com/2012/04/05/mac-botnets-gaining-traction-using-drive-by-java-exploit/
Russian anti-virus firm Dr. Web reports that they have been able to sink-hole one of the command and control servers used to control victims of this latest attack.

The result? Dr. Web is stating that more than 600,000 OS X users are part of this botnet, including 274 from Cupertino, California.

The Flashback malware being distributed by this exploit is what we refer to as a "downloader". In and of itself it doesn't do any harm to the system, it simply compromises the system and downloads a further payload that can do just about anything the attackers desire.
Image
User avatar
PsYcHoTiC_MaDmAn
 
Posts: 1367

Print view this post

Re: macmalware?

#19  Postby quas » Apr 09, 2012 2:08 pm

It's things like this that makes me thank Jesus I am using Windows 7.
The surest way to corrupt a youth is to instruct him to hold in higher esteem
those who think alike than those who think differently. -Nietzsche
User avatar
quas
 
Posts: 1067

Print view this post

Re: macmalware?

#20  Postby PsYcHoTiC_MaDmAn » Apr 09, 2012 7:15 pm

quas wrote:It's things like this that makes me thank Jesus I am using Windows 7.


lol seems to be an appropriate response.

win7 is just as vunerable to thus exploit if java isnt patched. not to mention any other exploits

likewise. linux is vunerable to this java exploit if not patched. however because of the security model linux employs. such an infection would be temporary. as it would need root access to permanently infect the machine. whereas both windows and mac have superuser access.
Image
User avatar
PsYcHoTiC_MaDmAn
 
Posts: 1367

Print view this post

Next

Return to General Science & Technology

Who is online

Users viewing this topic: No registered users and 1 guest