Forgot your password?
typodupeerror
Security Desktops (Apple) OS X Apple IT News

New Mac Trojan Installs Silently, No Password Required 300

Posted by timothy
from the look-ma-no-hands dept.
An anonymous reader writes "A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware."
This discussion has been archived. No new comments can be posted.

New Mac Trojan Installs Silently, No Password Required

Comments Filter:
  • by Anonymous Coward on Thursday July 26, 2012 @11:16AM (#40777629)

    Yeah, right.

  • by acidfast7 (551610) on Thursday July 26, 2012 @11:19AM (#40777683)
    how about an article on every windows- or android-based trojan.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      how about an article on every windows- or android-based trojan.

      Android and windows are not being sold as a safe heaven for troyan and viruses, Mac OS is.

      • Re: (Score:2, Troll)

        by acidfast7 (551610)
        show me where on the Apple webpage that OS 10.8 is "a safe haven" from trojans and viruses?
        • by rhsanborn (773855) on Thursday July 26, 2012 @11:52AM (#40778179)
          They pulled that comment just a few months ago. Earlier this spring you would have found a claim that it doesn't get PC viruses (Don't be pedantic and claim that it doesn't get PC viruses because PC refers to windows viruses, that's a specious argument and it's a deliberate ploy to claim Macs don't get viruses). So yes, almost every currently deployed Mac was sold with the claim that Macs don't get viruses, directly from Apple.

          http://www.redmondpie.com/apple-removes-its-virus-immunity-claim-for-mac-from-official-website-not-so-safe-from-viruses-after-all-huh/

          http://www.forbes.com/sites/timworstall/2012/06/26/yes-apples-machines-really-can-get-viruses/
          • Re: (Score:2, Flamebait)

            by Dunbal (464142) *

            because PC refers to windows viruses

            PC means personal computer and makes no reference whatsoever to the operating system running on it. Now we could argue that Mac machines are not, in fact, personal computers, but that is another point entirely. But you're wasting your time. Apple "Can Do No Wrong" in the eyes of its cultists. I ask myself, however, what exactly is it they are paying all that extra money for... Are their computers faster? No. Are their computers more secure? No. Are their computers able to do something that non Apple compute

            • by courteaudotbiz (1191083) on Thursday July 26, 2012 @12:50PM (#40779087) Homepage

              because PC refers to windows viruses

              PC means personal computer and makes no reference whatsoever to the operating system running on it.

              Wrong. When apple did their "I'm a PC, I'm a Mac" marketing campaing, it was perfectly clear they referred to Windows against OSX. They specifically insisted that a Mac and a PC are different, but the geeks we are know that PCs and Macs are almost the same on their hardware base. So what they referred to was about the OS they run.

              AND I AM NOT AN APPLE FANBOY! I have no Mac computers, no iPods, no iPhone

          • by acidfast7 (551610)
            That's a US-based advertising issue. I NEVER saw those comments on the Swedish and German versions of the pages, becuase you're not blatantly state incorrect facts ... for example, the US-based I'm and Mac and I'm a PC adverts aren't legal in Germany/Sweden (I saw them while watching illegal NFL feeds and my German/Swedish colleagues laughed at what can be advertised in the US).
        • by cpu6502 (1960974)

          Apple's never made that claim for 10.8, because they know they would get sued for false advertising. But they made the "Macs don't get viruses" claim to OS 10.5, 10.6, and 10.7 (which has been shown to be false).

          I like Macs. But not the pricetag (see my signature). I used them faithfully throughout college, but not anymore. I wish Commodore & Atari were still in business. They sold computers at prices normal people could afford ($150 for a C64, $500 for an Amiga or ST) (versus $2-3000 for IBM PC or

          • by gtall (79522)

            Yes, because a decent OS gui, associated software, and integration is priceless.

            • by cpu6502 (1960974)

              That's the same logic people use to justify buying Honda's $35,000 Acura that has automatic everything and can even park itself. Personally I'd rather buy a Honda Civic for $15,000, do my own parking, and give myself $20,000 worth of time off (3 months) to spend it with my wife & kids & friends.

              Ditto with PC v. Mac. Admittedly $600 saved isn't a lot, but it does eliminate the need to work overtime on Saturday to pay the Mac's extra cost.

            • by Nerdfest (867930)

              No, thanks to Linux, a decent OS gui, associated software, and integration is free. Apple lock-in is the priceless part.

          • by Krojack (575051)

            Wait what? $2k-$3k for a Windows/Linux computer?

            Sure if you want the biggest and baddest machine currently out. You can easily build a Window/Linux machine for $900-$1500 tops that is pretty powerful.

            • You can easily build a Window/Linux machine for $900-$1500 tops that is pretty powerful.

              In 1985? The GP was talking about comparable systems that were out at the same time as an Atari ST or C64....

    • how about an article on every windows- or android-based trojan

      Mac OS Trojans are still pretty exceptional.

    • by LodCrappo (705968)

      how about an article about Mac malware that doesn't feel compelled to mention Windows?

  • by Anonymous Coward on Thursday July 26, 2012 @11:24AM (#40777743)

    if you actually read the article this is just some bullshit proof of concept made by a anti-virus company to shake down mac users. it's never actually been seen outside of a security website.

  • Hopefully LIttle Snitch [obdev.at] alerts about this, and can block it?
  • by bugs2squash (1132591) on Thursday July 26, 2012 @11:26AM (#40777775)
    that a new version of OSX has just become available to purchase, better rush out and buy it.
    • by repetty (260322)

      that a new version of OSX has just become available to purchase, better rush out and buy it.

      Yeah, and it's a total rip-off at $20!

  • by mrdogi (82975) <mrdogi@MENCKENsbcglobal.net minus author> on Thursday July 26, 2012 @11:30AM (#40777843) Homepage
    The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult...

    However, blocking the threat is as simple as an ACL on your router...
    • The address seems to be located in the UK. Try to arrange a chat at this address, and you get yourself a way to learn the 9 yo UK English :-)
    • However, blocking the threat is as simple as an ACL on your router...

      This time. Next week it's a different address. So now you're playing Wack-a-mole?

      Sounds like a vaguely familiar strategy....

    • The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult... However, blocking the threat is as simple as an ACL on your router...

      Assuming the only access your machine has to the internet is via said router...

  • by Anonymous Coward

    That's not a trojan, that's Mountain Lion.

  • by BoRegardless (721219) on Thursday July 26, 2012 @11:39AM (#40777975)

    To catch outgoing calls.

  • by slashmydots (2189826) on Thursday July 26, 2012 @11:46AM (#40778071)
    So they just assign these viruses an arbitrary nickname, right? I think "Crisis" was a pretty funny shot at Apple, seeing as how they refuse to admit the last month or two has been one for them because of viruses. But if anyone can just randomly assign it a name, why not go all the way and name it Lol@Apple then the next one Lol@Apple2 etc?
  • by Viol8 (599362) on Thursday July 26, 2012 @11:50AM (#40778147)

    Disassemble it and follow the code. Even if some of the code is encrypted something in the virus will have to decrypt it before it can be run and you'll have that on hand too.

    I'm not saying its easy but its not protected by some magic ward.

    • by ceoyoyo (59147)

      This is an antivirus company we're talking about.

      The whole thing seems a little suspicious as yet. They "found" this trojan on a website security professionals use to share suspicious files, but haven't seen it in the wild? Intego's own article (http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/) says they "have not yet seen if or how this threat is installed on a user’s system." Really? So how do they know it doesn't ask for a password?

  • by Anonymous Coward on Thursday July 26, 2012 @11:56AM (#40778235)

    It's called "Morcut" by Sophos [sophos.com] and they offer a free anti-virus product for Mac OS X.

    They claim it's designed to access these things: mouse coordinates, instant messengers (for instance, Skype [including call data], Adium and MSN Messenger), location, internal webcam, clipboard contents, key presses, running applications, web URLs, screenshots, internal microphone, calendar data & alerts, device information, address book contents

  • User mode malware (Score:5, Insightful)

    by tlhIngan (30335) <slashdotNO@SPAMworf.net> on Thursday July 26, 2012 @12:01PM (#40778315)

    It seems more and more these days, that malware is becoming user-mode to avoid the nasty popups that comes with trying to gain administrator mode.

    Which makes sense as a lot of stuff you need to do as malware can be done strictly as usermode without needing to get admin priviledges. This one apparently checks to see if it can get admin or running in a restricted user account.

    So even malware these days are learning to be friendly and compatible with users who aren't admins and not requiring admin for everything.

Never buy from a rich salesman. -- Goldenstern

Working...