Macs hit with BitTorrent-embedded malware attack

Source: Yahoo Tech

For years, Mac users have long been rightfully smug about their platform's relative immunity to virus and malware attacks, but it's inevitable that those days will eventually come to an end. (As the Mac gains in popularity, it also earns more attention from malware developers, and it's this lack of malware being actively developed, not some special, inherent security, that have really kept the Mac a "safe" platform for the time being.)

Now we're seeing one of the first moderately-sized exploits to take advantage of Mac users. The iServices.A Trojan horse is an attack being distributed via BitTorrent, where it's disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.

Read more: http://tech.yahoo.com/blogs/null/117188

---

It was bound to happen.

VIOLATED I tell ya!

See? It's just as STUPID a suggestion the other way round...

:P

:-)

:rofl:

But you're right, platform wars are stupid. I use both OS-X and Windows XP, though admit to preferring OS-X for my own machines.

Remember, there's always a third way.

One of the greatest advantages of the Ubuntu/Kubuntu Linux platform is that it is SUPER-EASY to install it on a PC that is already running Windows XP or Windows Vista. So, if you're ever unlucky enough to download a virus onto Windows, simply reboot into Ubuntu and then grab all your files off your hard drive. It's that easy.

It reminds me of that old commercial with Dick Van Dyke and the groundhog: you should always have two ways out.

Or opening my email.

I'll wait....

This is limited only to people who try to STEAL software via BitTorrent?

I STILL have nothing to worry about. Since the malware doesn't spread on its own, I'd simply call this bad karma for stealing.

.

Oh, wait... That was your point.


;-)

"wake me when I can get viruses from simply opening a web page"

http://www.macworld.com/article/132733/2008/03/hack.html

It may be the quickest US$10,000 Charlie Miller ever earned.

He took the first of three laptop computers—and a $10,000 cash prize—Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges on Friday.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

demonstration hacks mean nothing. In the real world, while PC users spend $$$ and endless time on virus scans and software, I cruise along.

I've Owned macs for over 20 years and have never had one virus that didn't come from some infected PC, and then only by MS office files. I've had to wipe 2 PC's in the last 2 years because of crap/malware installed on them without my knowledge/assent.

You are having a dream.

:evilgrin:

Steve Jobs YOU LIED TO ME!!!

Read the article. It's merely a social-engineering scam, tricking people into installing malware onto their computer. The person has to knowingly install this malware by going through numerous steps.

The old bait and switch on stolen or pirated software that really contains malware. Welcome to the real world, MAC users!

Let's just say it does pop up fairly often regarding torrents.

Sounds like they got a virus to me.

:hi:

You might expect these sorts of things. It's not that expensive and one can use a free trial copy for 30 days to see if it is worth it.

:D

:rofl:

so, kiss my Mac ass :evilgrin:

none of this iWork junk.

What is iWork?

http://www.apple.com/iwork/

I want Office 2008, just to be up to date, but never had a problem with 2004, so I can wait.

:D

I plan to get a Mac laptop in the near future.

I switched this summer...had PC-based computers since 1991. Last summer I bought a Macbook and never looked back. It was different at first getting used to the Mac OS, but I love it now and I'll never buy another PC...ever.

If they were smug, they were wrong. The Mac is naturally vulnerable. Why would anyone care when they have 2-3% market share? Now there's more impact.

I have an iMac at work I run Boot Camp in XP mode 100% of the time

<snip>
Richard Clarke says use a Macintosh for computer security

Spies in the system 27.09.2004 By PAUL BRISLEN
www.nzherald.co.nz/storydisplay.cfm?
storyID=3594795&thesection=technology
&thesubsection=general&thesecondsubsection=

"Richard Clarke, the cyber-security adviser appointed by former US President Bill Clinton.
Clarke, who toured New Zealand recently, said he has managed to protect his computer from more than 99 per cent of all known viruses, worms, network attacks and spyware.
He runs an Apple, not a Microsoft PC, and says that does the job nicely."

http://seattlepi.nwsource.com/business/212437_rsaclarke17.html
Thursday, February 17, 2005
Clarke rips Microsoft over security
Former White House adviser alludes to its vulnerabilities
By TODD BISHOP
SEATTLE POST-INTELLIGENCER REPORTER

SAN FRANCISCO -- Don't expect Richard Clarke to rely on Microsoft Corp.'s anti-virus or anti-spyware programs to protect his own computer. "Given their record in the security area, I don't know why anybody would buy from them," the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft's forthcoming line of security software.
The observation came during an impromptu interview on the sidelines of the RSA computer security conference in San Francisco, where Clarke took part in panel discussions with other experts in technological and national security.

before this compromised their computer at all?

Doesn't sound so scary, just don't go pirating executable apps, which is probably a good idea anyway.

I am a PC guy in every sense of the definition, but I have to say this "attack" doesn't seem that convincing. It's not like surfing to a website and picking up a nice copy of XP Antivirus 2009.

No one ever claimed Macs to be safe from social-engineering (tricking someone into installing the malware themselves), but Macs ARE safe from viruses, worms, etc.

The only way you can get this Malware is by deliberately installing it on your computer. And 99% of Mac owners aren't stupid enough to knowingly install malware on their comp.

Yet, lookee here..... plenty of Mac users did just that. lol.

:P

That would be stupid for anyone to do, IF they knowingly did it. So what is the score now for viruses and malware on PCs compared with Macs? Yeah, I thought so.

Pretty good for a MAC user. I'm so glad that fact didn't go over the heads of ALL Mac users. Now go comment on the posts in this thread by a MAC user to educate him on the fact that the people doing the installing DON'T know it's malware. I was using his example. Ok, I know it was a trick, but us PC users don't HAVE to be honest all the time, unlike you guys.

lol

Wake me when I can get a virus by simply opening an email, logging onto a web site, or answering the wrong IM. A virus you can only get by tracking down, downloading and installing fake bootleg software that you shouldn't be stealing in the first place isn't a credible threat.

unlicensed copies of software and you get what you paid for.

too fricking bad...PC or MAC

:eyes:

I thought that downloading illegal applications was perfectly safe.

What a FOOL I've been.

lol!

And still think PCs suck.

Never a problem with malware, but then again I'm not downloading crap.

http://www.heise-online.co.uk/security/A-Mac-OS-X-attack-that-leaves-no-trace--/news/112481

Vincenzo Iozzo, an Italian security researcher, says he's discovered a new way to inject executable code directly into the memory of a Mac OS X machine without leaving any trace behind. That would make detection of an attack considerably more difficult.

Attackers normally leave files on the hard disk, such as their own code, and virus scanners can spot these. Iozzo's technique could be used to run a binary file entirely in the memory area of the program under attack, so that no change is made to the hard disk. It could also be used on an iPhone, which after all runs a modified version of Mac OS X.

Iozzo intends to present his discovery at the Black Hat security conference in February, and then publish a sample program written in C for Mac OS X 10.5.

http://www.oneitsecurity.it/22/01/2009/mac-os-x-vulnerability-an-interview-with-vincenzo-iozzo

And how these "scares" are posted here like it was a new thing.

This story will amount to Nothing. There will be no follow up story of massive amounts of users being "infected," like there would be with PC users.

Anyone who goes out of their way to download this illegal application gets what they deserve.

http://www.macworld.co.uk/mac/news/index.cfm?newsid=24572

Intego, makers of VirusBarrier and other security software for the Macintosh, issued a security alert for Mac users on Thursday, advising them about the existence of a new Trojan Horse, which they’ve named OSX.Trojan.iServices.A. This new Trojan Horse can be found in pirated copies of Apple’s iWork ‘09 application suite, which has been downloaded over 20,000 times, according to Intego’s numbers.

Hit by an OS X exploit
http://notahat.com/posts/28
This morning I found a bunch of these processes chewing 100% CPU on my laptop (OS X 10.5.6):
That's a PHP script, running as root, and DoSing a website. (I've taken out the website URL, but it is one that has recently been under a documented DDoS attack.)

I'm still trying to work out how these got fired up. My machine was otherwise idle at the time they started. Unfortunately I didn't capture the PPID, so I'm not sure what kicked them off.

Based on my one story, external firewire drives must be vulnerable to floor attacks now.



btw, welcome back.

You are just so full of stories.

:evilgrin:

Or the PC equivalent.

:rofl:

No, not really...

Someone just started a new thread on this, so let's kick this one back to page one for them.
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x4918207

If people are downloading illegal software from BitTorrent it's not like it's a vuluenrablity of the mac, it's the end0-user installing software that allows someone else to control there computer.

All the "virus writers" are doinging is changing the installation scripts for programs like Apple Remote Desktop and or Timbuktu.

And to all Mac pirates - download the trial versions of the software to crack *FROM APPLE ONLY*. iWork, iLife, Logi, etc are all avaialble as 30 day time-limited (but not feature limited) demos *directly* from Apple.

No platform is immune. It's as simple as that.

But Mac fanatics are still fair game.

:nopity:

:evilgrin:

BTW I have been running commercial Web sites and databases on mostly Windows-based systems professionally for more than 10 years, and have some experience running Linux and Mac servers. I have no problem with Macs or their owners per se, just with the (mostly technically naive) people who reduce it to the level of a Ford vs. Chevrolet debate.

hardly LBNs

.