Forgot your password?
typodupeerror
OS X Security Apple

New Mac OS X Trojan Hides Inside PDFs 194

Posted by timothy
from the see-enclosed-nude-document dept.
Trailrunner7 contributes this snippet from ThreatPost: "Malware that targets Mac OS X isn't anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that's been in favor among Windows malware authors for several years now."
This discussion has been archived. No new comments can be posted.

New Mac OS X Trojan Hides Inside PDFs

Comments Filter:
  • But... (Score:0, Insightful)

    by Anonymous Coward on Saturday September 24, 2011 @03:43PM (#37503790)

    Macs don't get viruses. The Genius Bar guy told me this yesterday...

  • by Anonymous Coward on Saturday September 24, 2011 @03:47PM (#37503820)

    It's just a trojan with a PDF icon.

    And it will be nerfed as soon as it's added to the OS X XProtect filter, if it hasn't already.

    Trojans are nothing new, giving them fake icons is nothing new, even Mac trojans are nothing new. News this ain't.

  • by Richard_at_work (517087) <richardprice&gmail,com> on Saturday September 24, 2011 @04:08PM (#37503984)

    Do much being .... What, exactly? Access your browser to capture your passwords? Participate in a DDOS? Send spam email? Propagate itself?

    Don't need admin to do any of that...

  • by KDR_11k (778916) on Saturday September 24, 2011 @04:10PM (#37503998)

    So it requires a gullible user. There's not exactly a shortage of those.

  • by 93 Escort Wagon (326346) on Saturday September 24, 2011 @04:19PM (#37504054)

    Here's the plan:

    1) OS X makes it brain-dead easy to not run as an admin user. Create a separate admin account first, then remove the admin privilege from your everyday account. On those rare occasions you need admin privileges, you'll be automatically asked to provide the admin account info - you don't need to even think about it.

    (Somehow that isn't sinking into a lot of peoples' heads, even those who should know better)

    2) Back up your stuff regularly. Again, OS X makes this brain-dead easy with Time Machine. You can use something else like a custom rsync script, but - just DO IT.

    If you're running as a non-admin user, the worst that can happen is your own stuff gets hosed - and then you can get it back from your backups. But since trojans are probably only going to go after the system files, it's unlikely even your stuff will get touched.

    Okay, there's one caveat. If you click on an infected file, and it asks for admin permissions and you provide it, you're screwed. But one would hope you're smart enough to realize viewing a PDF should not require admin authentication. In the end, common sense does have to enter into the picture.

    BTW if you claim running as an admin is okay because you're always prompted to authenticate anyway... you're just wrong.

  • by berryjw (1071694) on Saturday September 24, 2011 @05:05PM (#37504322)
    Dude, I've watched so many OS X users click through *anything* that pops up to know better. That "average" user everyone keeps referencing doesn't read those boxes any more than they read the EULAs for the software they're using, and most of them will provide credentials without even considering why they might be asked for them. Users view all of this as speed bumps, and don't have any idea it's part of system security. Come on, how many passwords do you still see pasted on monitors, or sticky's on the desktop?
  • by jasnw (1913892) on Saturday September 24, 2011 @06:00PM (#37504626)
    Every time one of these "sky is falling, OS X is being attacked by new malware/virus/trojan" articles floats around the 'net, it seems like the source document is from one or another AV builder or a computer security outfit with things to sell. The first clue is how vapid and vague the article is, and how little useful information it provides. Another clue is when one part of the article tells the story a bit different than elsewhere in the same article. For OS X users, there are a handful of good, indepdent, computer security sites (apple.com NOT being one of them), and if it aint there, I ignore it.
  • Yep (Score:5, Insightful)

    by Sycraft-fu (314770) on Saturday September 24, 2011 @06:15PM (#37504726)

    In fact I've seen a big rise in the amount of non-admin Windows malware. It just infects the user that is using the system. The reason is they realize that for the vast majority of systems, the user IS the system, there is no need to infect anything else. It also lets them get an infection in an enterprise setup where users don't get admin.

      Now I suppose it does make the malware slightly easier to get rid of but then it really doesn't matter, I tend to scan the things from a boot disk anyhow.

    This geek idea that only the system matters is silly. True for a server maybe, not for a desktop. On a desktop, the user's data is all that matters and you don't need admin to get at that.

"Tell the truth and run." -- Yugoslav proverb

Working...