New Mac OS X Trojan Hides Inside PDFs 194
Trailrunner7 contributes this snippet from ThreatPost: "Malware that targets Mac OS X isn't anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that's been in favor among Windows malware authors for several years now."
But... (Score:0, Insightful)
Macs don't get viruses. The Genius Bar guy told me this yesterday...
Does not hide in PDFs (Score:5, Insightful)
It's just a trojan with a PDF icon.
And it will be nerfed as soon as it's added to the OS X XProtect filter, if it hasn't already.
Trojans are nothing new, giving them fake icons is nothing new, even Mac trojans are nothing new. News this ain't.
Re:Nothing to see.. (Score:5, Insightful)
Do much being .... What, exactly? Access your browser to capture your passwords? Participate in a DDOS? Send spam email? Propagate itself?
Don't need admin to do any of that...
Re:Windows is bad, hmmmmk? (Score:4, Insightful)
So it requires a gullible user. There's not exactly a shortage of those.
Okay, fellow Mac users (Score:4, Insightful)
Here's the plan:
1) OS X makes it brain-dead easy to not run as an admin user. Create a separate admin account first, then remove the admin privilege from your everyday account. On those rare occasions you need admin privileges, you'll be automatically asked to provide the admin account info - you don't need to even think about it.
(Somehow that isn't sinking into a lot of peoples' heads, even those who should know better)
2) Back up your stuff regularly. Again, OS X makes this brain-dead easy with Time Machine. You can use something else like a custom rsync script, but - just DO IT.
If you're running as a non-admin user, the worst that can happen is your own stuff gets hosed - and then you can get it back from your backups. But since trojans are probably only going to go after the system files, it's unlikely even your stuff will get touched.
Okay, there's one caveat. If you click on an infected file, and it asks for admin permissions and you provide it, you're screwed. But one would hope you're smart enough to realize viewing a PDF should not require admin authentication. In the end, common sense does have to enter into the picture.
BTW if you claim running as an admin is okay because you're always prompted to authenticate anyway... you're just wrong.
Re:Okay, fellow Mac users (Score:4, Insightful)
Smells Like AV Flackery (Score:4, Insightful)
Yep (Score:5, Insightful)
In fact I've seen a big rise in the amount of non-admin Windows malware. It just infects the user that is using the system. The reason is they realize that for the vast majority of systems, the user IS the system, there is no need to infect anything else. It also lets them get an infection in an enterprise setup where users don't get admin.
Now I suppose it does make the malware slightly easier to get rid of but then it really doesn't matter, I tend to scan the things from a boot disk anyhow.
This geek idea that only the system matters is silly. True for a server maybe, not for a desktop. On a desktop, the user's data is all that matters and you don't need admin to get at that.