Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
OS X Security Apple

New Mac Virus Discovered, Making the Rounds 239

Posted by Soulskill
from the sharing-is-caring dept.
sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."
This discussion has been archived. No new comments can be posted.

New Mac Virus Discovered, Making the Rounds

Comments Filter:
  • by Kenja (541830) on Friday June 29, 2012 @05:35PM (#40500203)
    I know its overly popular these days to call any malware, trojan or other malicious bit of software a virus, but they really dont meet the definition. Frankly, I cant think of a real virus being released in quite some time. Which just seems lazy to me.
  • by nurb432 (527695) on Friday June 29, 2012 @05:38PM (#40500219) Homepage Journal

    Misuse use of terms like this really pisses me off.

    Like 'hacker', 'pirate', 'theft', and a host of others that have been twisted to the point of being ludicrous.

  • by toadlife (301863) on Friday June 29, 2012 @05:38PM (#40500223) Journal

    "Virus" is the new "hacker". Get over it.

  • by imagined.by (2589739) on Friday June 29, 2012 @05:42PM (#40500247)

    Malware, not virus. Virii aren't installed by the users themselves...

    Thank you very much.

  • by cpu6502 (1960974) on Friday June 29, 2012 @05:56PM (#40500371)

    Only reason it's a big deal is because Apple used to advertise OS X "doesn't get PC viruses." So when a Mac gets one, now everyone jumps on it with a /. article to show apple was wrong.

    BTW Apple just removed their claim: http://www.huffingtonpost.com/2012/06/25/mac-virus-apple_n_1625110.html [huffingtonpost.com]

  • Why is this news? (Score:5, Insightful)

    by Grayhand (2610049) on Friday June 29, 2012 @05:58PM (#40500389)
    It's hard to blame Mac when you open an infected file. People have been unwittingly installing Malware and other infecting programs onto Macs for years. This is very different from one that propagates without the help of the user. It's a non story.
  • by newcastlejon (1483695) on Friday June 29, 2012 @06:08PM (#40500467)
    No it doesn't, but hepatitis isn't a virus anyway. Hepatitis can be caused by a number of different pathogens and viruses are only one kind. Off the top of my head, Listeria can cause it and so can Cryptosporidium (bacteria and protozoa respectively). Of course this is all academic since your analogy was doomed from the start. You'd have had better luck if you compared it to kissing a person with a cold sore (Herpes) on their lips.
  • by Anonymous Coward on Friday June 29, 2012 @06:14PM (#40500511)
    We shouldn't constantly accept wrong terms just because they somehow crept into the language.
  • by Alwin Henseler (640539) on Friday June 29, 2012 @06:15PM (#40500523) Homepage

    Or popular use of the word becoming a generalization for a class of items, as opposed to a specific item in that class. In other words: the average Joe might care to know what malware is (and use "virus" to describe it), but doesn't care enough to devote brain cells in keeping virus / trojan / backdoor etc apart.

    We might expect better from /. editors, but then again... ;-)

  • by 93 Escort Wagon (326346) on Friday June 29, 2012 @06:23PM (#40500559)

    Well, except when this happens in the PC world at least some subset of folks do blame Microsoft for it, and loudly.

    There was a time when Microsoft WAS at fault - back in the days of Slammer, for example. But most of the malware that goes around anymore relies on social engineering to propagate, because Windows and OS X are really pretty secure.

  • by ColdWetDog (752185) on Friday June 29, 2012 @06:31PM (#40500615) Homepage

    But it's an interesting term to use in this discussion because the lay definition is exactly that - hepatitis as a viral infection. Even if it's not the most common form of hepatitis (it would be alcoholic hepatitis in the US at least), it's the one that most people think of.

    That isn't to excuse Slashdot editors or submitters for not making that distinction. Somebody needs to wave the pedantic flag now and again.

  • by BronsCon (927697) <social@bronstrup.com> on Friday June 29, 2012 @06:31PM (#40500621) Journal

    But, that's anti-virus software, and Macs don't have viruses!

    This. Right here. Is why. It. Is. Dangerous. To claim. Your. Platform. Does. Not. Have. The same. Security needs. As. Any. Other. Platform.

    Hopefully that was slow enough for everyone to follow.

  • by thetoadwarrior (1268702) on Friday June 29, 2012 @06:39PM (#40500683) Homepage
    You're more than welcome to get virus scanners or anything that windows has and it has a firewall. But it already asks you to make sure you're certain you want to run something downloaded and if someone is willing to ignore that and still run a application that someone stranger sent to them then there isn't much hope for them. Idiots will disable anything if they want to run something.
  • by thetoadwarrior (1268702) on Friday June 29, 2012 @06:45PM (#40500733) Homepage
    Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.
  • by nadaou (535365) on Friday June 29, 2012 @07:17PM (#40500921) Homepage

    the /. editor is not doing his job, which makes the site a worse place to visit.

  • by 93 Escort Wagon (326346) on Friday June 29, 2012 @07:36PM (#40501031)

    Microsoft *was* at fault at times like when Outlook express' preview pane ran anything in the preview pane which was on by default so you could get infected by virture of a new email just coming in even if you'd be smart enough not to open it. Which is definitely different from a Mac asking you to be sure and you open it anyway.

    Except remember how Safari had a similar issue several years ago? It could automatically launch stuff that was downloaded just by virtue of you hitting the wrong page? That's why you get asked now - that was part of the fix Apple added to solve the problem.

    I've been a Mac user since 2003. I like the OS, and I think it's had a pretty good security track record overall... but Apple's definitely made a few missteps along the way. Nothing of the sheer magnitude of Slammer or Blaster - the only remote OS X exploit I can remember required the attacker to be on the same subnet (think it was an AFS exploit, but I might be mis-remembering).

  • by hairyfeet (841228) <bassbeast1968@@@gmail...com> on Friday June 29, 2012 @07:51PM (#40501081) Journal

    Oh please! You say trojan to the average user and the want to know why their PC needs a rubber, you say backdoor and they start looking for that rubber for their PC and you say rootkit you get a deer in the headlights look.

    Frankly, and I'm sure i'll get hate for saying this but ask me if I care, truth is truth, is that most of those I've seen that really REALLY care about that is because they are "true believers" who want to use it to say "But it doesn't count!" like an 8 year old demanding a do over on the playground. I have sat here on this very forum literally gobsmacked by people that otherwise seem intelligent saying "Only if it installs without the user does it count!" like the world owes them a do over.

    Honestly folks to the end user it doesn't matter if it gets in from the front, back, or from stage left if it fucks their shit up, puts their ID at risk, or turns them into a spammer? Then its a bug, simple as that. if you want to quibble over semantics that is YOUR business but to 99% of the population a bug is a bug is a bug.

  • by 517714 (762276) on Friday June 29, 2012 @07:52PM (#40501087)
    As you are a slashdotter, we can safely assume your having sex is purely hypothetical.
  • Re:Yawn (Score:2, Insightful)

    by El_Oscuro (1022477) on Friday June 29, 2012 @08:16PM (#40501219) Homepage
    You mean like ms12-020 [microsoft.com]? There are lots of others too. Just Google "windows remote exploits"
  • by Farmer Tim (530755) <roundfile@NospaM.mindless.com> on Friday June 29, 2012 @08:16PM (#40501223) Journal

    True enough, most people do think viral when hepatitis is mentioned, but you wouldn't get away with that kind of imprecision in a professional medical forum. I suppose how much a similar terminological distinction matters depends on how close you consider /. is to being a professional tech forum...

    [lightbulb]

    ...OK, it's futile, I get it...

  • Jesus, not again (Score:5, Insightful)

    by sootman (158191) on Friday June 29, 2012 @08:52PM (#40501365) Homepage Journal

    I know Slashdot editors are famously lazy ('sup, guys!) but why does the summary they posted say "The attachment tricks the Mac user into installing..." when TFA* clearly says "the [attack] described here relies on social engineering to get the user to run the backdoor"? You know, just like every single other Trojan out there?!?** The attachment itself is totally benign until someone clicks on it several times. (Even if you view the message with webmail with Safari's "Open 'safe' files after downloading" in its (admittedly brain-dead) default "checked" position***, you still have to click on the attachment link in your webmail and then double-click the visible file to run it.) The only way this actually happens is if someone reads the email and takes a few steps on their own. As always, the attachment itself does nothing.****

    Slashdot has been a techy news site for a decade and a half now. You'd think errors as blatant as this would get caught by the editors, even with their usual lack of checking.

    You know what would be an awesome site? Exactly what Slashdot is, but with better editors. (And maybe lay off the JavaScript some.)

    Anyway: sky is blue, water is wet, sun rises in the east, and all computers--by definition--are vulnerable to trojans. Film at 11.

    And by the way, WTF is "point-and-grunt"? Does that imply that users are dumbly clicking on things? If so, doesn't that also imply that the users just might be the problem? Trojans are trivially easy to write. Here's one in one line:

    echo "rm -rf ~/*" > NataliePortmanHotGrits.jpg.command; chmod 755 NataliePortmanHotGrits.jpg.command

    Voila. Type that into Terminal, email it to all of Slashdot, and wait for a great disturbance in the Force, as if millions of home directories suddenly cried out in terror and were suddenly silenced.

    * I know no one here reads them, but I think the submitter should, right? Even if they don't, they should just submit the URL and not make up shit for the summary.

    ** Which is to say, like every single Mac "virus" of the last decade as well.

    *** Apple even puts "Safe" in quotes, so they obviously know that's not an ideal term. They should set it to "off" by default--and then remove the option.

    **** Unlike the bad old days with Outlook Express' infinitely more brain-dead "Hey, let me run that executable attachment for you!" setting.

  • by cpu6502 (1960974) on Friday June 29, 2012 @09:23PM (#40501475)

    Apple also used to boast that users could "Safeguard your data. By doing nothing." And I noticed this: "When the latest version of Mac OS X, codenamed Mountain Lion, becomes available to users in July, the software will include a new "Gatekeeper" feature that restricts which applications users can download onto their phones or computers. Only apps "downloaded from the Mac App Store or those digitally signed by a registered developer" will be accessible with the Gatekeeper upgrade, per Computerworld"

    Wow. That means a lot of my programs, which are not "registered" developers, will not be installable on a Mac 10.8. I guess?
    - Stella (Atari emulator)
    - NES emulator
    - N64 emulator
    - VLC Player
    - uTorrent
    - azureus

  • by interkin3tic (1469267) on Friday June 29, 2012 @09:58PM (#40501613)
    A friend of mine was doing an internship in Washington DC, he saw on a schedule a congressional briefing thing about piracy. He went assuming it was about napster etc. It was actually about Somalia. He walked away caring about online piracy a little less.
  • by Pfhorrest (545131) on Saturday June 30, 2012 @02:20AM (#40502755) Homepage Journal

    The only way to patch the "bug" of stupid users being able to install malware on their computers is to prohibit users from installing arbitrary software on their computers, which would be a much bigger bug than any social exploit vulnerability.

    If the system didn't get infected by exploiting some weakness of the system, but rather by exploiting a weakness of its user, then the system is not at fault. THIS is why people get defensive. Much like making DRM work, it is impossibly to completely patch the social-exploit hole without destroying general purpose computing in the process, so stories of some social exploit making the rounds on one platform or another say nothing at all about the security of that platform.

    THAT is why people get defensive when you say "see, Macs are vulnerable too!" at every story like this. If the only way someone can get into my house is if I invite them in through the front door, then my house is secure, as the only way to plug that hole would be to keep me from having guests over at all.

: is not an identifier

Working...