Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X.
The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that …
I've just managed to pull myself out of a Blog site that was taken over by Mac/PC bitching... Do we have to do this all over again??
Please El Reg.. Pull this story before I pull my hair out.. There's never a winner when you set Mac and PC users against each other.. Just endless, pointless droning on and on and on and on.....
"So where's the completely unwarranted crowing from Windows fans and the equally invalid "it doesn't really count because (fill in specious reasoning here)" replies from the Mac cult?"
There it is...
Jamie "Having Mac fanbois crow..." Davis
Allan "usual fanboi comments... ...jobsy porn" Rutland
Obvisouly "Webster "We all know..." Phreaky
and on the other hand
J "Windiot"
Magilla "Vista IS a piece of crap"
Actually it seems relatively sensible for a story mentioning Apple, by El Reg commenter standards.
You can put as many messages saying "this application wants to run" "this application wants to format" "this application wants to take over your PC" as you want, but you will never manage to make users read them. In fact, the more of them you make the less likely people are to read them.
As for the whole mac vs windows vs linux... I'd love a mac at home, I'd hate to do my job on a mac or linux network.
Saying one is better than the other is like saying a spanner is better than a hammer.
"The Trojan installs a root crontrab that makes minute-by-minute queries to check that the doctored DNS server is still active"
It can only do this if you are logged in as root while surfing p0rn - which you aren't unless you're a complete knob - in which case you deserve to have your system 0wn3d.
But wasn't the point made the other day by someone, that if you run a virtualised known good/uninfected copy of an OS (say XP using Parallels or something), you can lose all the malware once you close the virtual app thingy.
The user IS a hole. In more ways than one on a mac. But I digress, probably not the best word.
The point I was trying to make is that a large part of smugness that comes from the Mac crowd is indirectly derived from being a low profile group. Their profile is raised, a head comes above a parapet and now it gets shot at.
I read the article I assure you, a poorly chosen word on the part of "hole" (and "anthropomorphised")
Well, looks like the 'security by obscurity' argument is looking weaker and weaker from the MacFanBois. Welcome to the world of constant av/anti-spyware/patch updating that us Windows users are now well practiced at.
Didn't I warn them? I did didn't I? I sure I did..
Everyone duck.. The Windows and Mac crowd are throwing rocks at each other again!!
As for the "Only a vulnerability if you log on as root"... These attacks are aimed at (ab)users at home, not many people are brave/foolhardy enough to look at porn at work.. I would say from experience that 90% or more of home users log onto their machines with root privs.. Or admin privs if your a Windows user, which is why these vulnerabilities work.. I wonder how many of you reading this now are logged on without Root/Admin privs if you're at home??
What a piece of ArsePlug OSX is, its shitty safe heaven is now starting to be raped thanks to Jobs and his buddies wanting a bigger house and a faster car. All the old beardy weirdoes that were there from day one are thinking "Jobs has betrayed us". That's right, he took your geeky elitist friendship and he's starting to wipe his ass on it in the name of profit. MS has had years of experience when it comes to security on a totally massive user base and they still haven't got it all sown up, Apple has absolutely no chance. Bunch of wankers, this fluffy feminine OS has seen its day. I think it’s time it bowed out and relegated itself to the set-top box industry, saying that though Linux would whoop its ass there as well.
Apple users are moronic, who else would pay 3 times the going rate for a piece of hardware and a shit OS. durrrr duurrrrrr DUUURRRRRRRRRR
"It can only do this if you are logged in as root while surfing p0rn"
Erm... No. OSX, like most desktop linuxes etc that I've seen, have a GUI version of (or frontend to) su/sudo. What the article says is that it asks for your root password, which means the installer runs with root priviedges.
The only way to get round this is a system-level security system, like SELinux et al, which says "even as root, that program is not allowed to do that!", but this complicates things alot, and Mac users wouldnt be able to understand ( just had to get a quick jab in). Notice that windows doesnt have owt like this either, but thats because Microsoft collectively has even less brains than the average Mac user.
To misquote a famouse Australian: "Can you guess which OS I use yet?"
PS: Wheres the IT angle? This is about Macs, not Computers :P
'When we see Macs being infected through buffer overflow viruses etc.we'll be able to seperate the men from the boys'
http://www.heise-security.co.uk/news/98156
As this report shows, Leopard is far from secure. I have mailed this link to el reg, but so far they have failed to put an article up about it. Expect lots of security vulnerabilities to surface very soon and then maybe you won't be so smug.
This time I think Apple have been too smug for their own good. 'Why do you need a firewall, you're on a mac - you're invulnerable hahahahahah'
Strip this post of the "technical" icon. He obviously does not understand what cron does, and probably does not even understand what a "Multi-User" and "Multi-Tasking" operating system really is! Probably even believes that you need more than one processor in a system to do more than one thing apparantly at once, like the PC World and Intel ad. people.
Cron will run a job when specified, as the specified user, regardless of who (or even whether anybody at all) is logged on. Root's crontab is an obvious place to put such an exploit, but an equally obvious place to look to find it! It indicates that the writer was not really that clever.
Apple's security system of using sudo-like protection for sensitive commands mean that it is actually quite difficult (but not impossible, this is a ) to surf as root on a Mac. But people are now very used to just do what they are asked to do by the system, without thinking (think most personal firewalls and the Vista over-the-top UAC). But modern systems are complex, and most home computer users make poor System Administrators, and know no better.
Tell you what. Get Microsoft (or their partners) and Apple to offer outsourcing of the admin. of home systems. Introduce change control systems, requests forms, helpdesks etc. to have software loaded or system changes made. It'll make using computers at home just like work!!
Maybe we should <chmod 777 /etc/resolv.conf> to make it easier for the malware writers, so that we can get rid of that pesky admin login OS X (and any reputable *nix OS) requires before changing something important?
"Macs are all very well for adding that effete look in latte lounges but when you want the heavy lifting done then it's the boys from Redmond to the rescue."
And what's wrong with the effete look? Hell, when I'm in latte lounges with my Mac I look positively girly. Possibly that's because I am one. And I'm usually waiting for a transatlantic plane working on some kind of low level software issue as part of my consultancy business. I don't need no stinkin' boys whether they be in Seattle or Scunthorpe to help me...
I do not think anyone of you m$ fanbois have a clue how your systems work, let alone a mac. Here is your mac fan chiming in. the reason a mac is secure has nothing to do with obscurity but the fact that osx is a bonafide nix and at such time there is no virii for unix. social engineering is just that. mac/pc people can all be coerced into doing something not all that safe. but here is one for ya, since the mac users have had to bear witness to the tribulation of windows, most of us know what to expect from the net. besides, most pc lusers are just pfy's that couldn't get laid in a womens prison with a handfull of pardons. why do you think all the pron sites affect pc's? auto install to pc's? have av software created for pc's... etc...
If your eloquent response is a good indicator of the intelligence levels of a mac user, no wonder you need the Lord God Jobs to dictate everything to you. Can spell, use punctuation or put together a coherent sentence. Then you degenerate into worthless insults. Adding latin at the end does not make you look any smarter and one wonders if you actually know what it means.
Just to enlighten you, ad nauseum means something that has been continuing 'to the point of nausea' which is exactly how most real computer users feel about the pile of shit that spews from the mouths of mac fanboys about how great and impervious macs are.
Most viruses, trojans etc target pc users because of the large majority market share - not for any other reason.
As for most windows users not knowing how their system works - probably true but if you compare percentages instead of numbers the same can be said for mac users. Most mac users do not have a clue what goes on behind the nice shiny gui as Apple have taken anything to do with the system out of their hands.
As for there being no virii for unix, I think you will find there are so try looking facts up before mouthing off.
ha ! i think that dodgy trojan is having a right laugh at all you fighting over macs and windows and which witch is which... when the real issue here is PORN. that's right, the most sought after online activity worldwide, from the puritan, religous extremist creationist freak living in the bible belt over to sadr al bahmood's third wife, nasha al bahmood, sittin drinkin tea and fantasising over lesbian virgin girls from sweden, those sites will always attract malware or whatever else you want to call it. you wanna avoid all that rubbish, go down your local, get yourself a dvd and watch it on your telly... and i am sure you wont have any problems with trojans on your computer :D (or alternateively, get laid, that works as well)...
"To state the bleedin' obvious to anyone who's actually read the article, the software does not AUTO-Install via the browser, QuickTime redirects to a site with an alledged codec and "The Trojan requires victims to enter the administrative password for their machine"."
One word: COBBLERS. The browser (not bloody Quicktime, it's a bogus message the browser is fooled into displaying), even when redirecting to another site and asking for root privs, is not telling the user exactly what he or she is installing. It is, in effect, saying "you need this bit of binary blob to view your smut and I approve wholeheartedly of the use of it" which is somewhat different to your scenario of the user saying "whoa, a root password prompt! WTF?" They're probably so used to MacOS asking for root privs at this point that it hardly registers any more. Yes, Ubuntu et al also do the same thing. It's still wrong no matter who does it and it is my opinion that MS have inherited this idea of UAC *from* the OSS world. In fact, MS's implementation is a little better; at least it warns the user of the possible consequences of supplying the administrative credentials. irrespective of the fact that most Vista boxen have null Administrator passwords.
OK, so the trojan poses as a Quicktime codec. The user should simply think "WTF? Quicktime's already installed" and suspect the worst? Nope, because they're trained by a lax security model to be guided by the machine making assumptions instead of the correct method of ensuring their machine does as it is told and no more. And that, my friend, is the whole point: They've got it wrong. Again.
This is endemic in the software world. Firefox, the OSS posterchild of security, does a similar thing on multiple platforms with its plugin finder, although this uses a central point of known values, as opposed to the site "requiring" the binary, to locate the appropriate software. A bit better, but only by a small margin. To quote the infamous spam solution reply form: "why should we trust you or your servers?" Konqueror, from which webkit evolved, doesn't do any of this at all. Most amusing.
Another little heads-up for the Mac users affected by this: Open a console and type "man resolv.conf" to learn how to remove the bogus DNS entries manually. It doesn't matter that the DNS textboxes are greyed out on the advanced networking applet. If you remove the bogus servers from /var/run/resolv.conf (yes, /etc/resolv.conf is a symlink) after blitzing the DNS check from crontab (removing whatever executable is referenced by that entry with "rm" would also be a good idea), you'll be cured and you'll also understand the underlying system a little better.
That's not to say I don't expect the vast majority to just dig out their installation DVD and start holding down C, another thing Microsoft has given us which will haunt us for decades to come. Be thankful this is a simple trojan and not a rootkit. For the same effect and much more fun removing the infection, just think of the hilarity that would ensue if the malicious site replaced dhclient with a modified version that rewrites resolv.conf with these bogus servers every time the lease renews. "chflags schg /sbin/dhclient" (assuming a UFS filesystem, I have no idea whether this works on HFS+) is a 99% sure prevention of this attack vector, but what are the chances of people listening? Even then, adding "prepend domain-name-servers ns.example.invalid ns2.example.invalid;" to dhclient.conf will achieve the same results but be a little easier to get rid of. This is all off the top of my head, of course. There are 101 ways to attack the securest of boxen; it just takes fooling the operator to effect 100 of them. Vendors supplying more and more ways to fool said operator is just plain short-sighted so, although I seem to have digressed, this whole rant brings us back to the point I tried to make earlier: The OS vendors are actively contributing to the ease of socially engineering root credentials from their users.
Oh, and it's Chronos. With an "h" and a capital "C". Not that you didn't already know, of course. The quality of trolling in these comments seems to be at an all-time low, amanfrommars excepted of course.
Call me when something is found that can compromise root on the Mac without user intervention. Then the Gates towelboys will start to have a valid point.
I'd hardly consider social engineering to be a platform issue, more of a clueless user issue. Unfortunately, those types of users exist on every computing platform that has ever existed. Simple fix: I've disabled root/admin access to users on machines I administer. Easy to do on Unix/Linux/MacOSX. Much harder on MS Windows.
So my users have received several trojans, but it has no effect because Unix/Linux/MacOSX systems have adequate (but not great) security. The very few remaining MS Windows users have, unfortunately, managed to corrupt their systems even with all the extra software and hardware that has been deployed to protect users from their own idiocy. Frankly, they're more work than it's worth, and I've given them notice that their support for MS Windows terminates at the end of the year.
In summary, in Unix/Linux/Mac you can avoid a lot of user problems by not giving the user root access. In Windows... you can't, because at its core it's still a single-user system and applications constantly require root access to operate successfully. So applications have to all run in root mode, with horrible consequences.
All commercial operating systems made to date have serious flaws, mainly due to flawed design processes that are driven more by marketing than by science. MS Windows, unfortunately, has more flaws than most. No amount of marketing can change that fact. Just because it's popular doesn't mean it's any good.
Positive proof that a computer can only be as secure as the dumbest user. This isn't a flaw of security. This is the same for Linux and Windows. Lately, it seems less about security flaws and more not wanking off on the computer.
That's OK, I borrowed the language anyway, it's not mine. I'll return it as soon as I'm done here in the US and go elsewhere -- but it might take a while, mind you. Have been using it for almost 6 years now, and even getting to like it a tad by now.
But, anyway, I feel that "hippopomorphised" has got one too many "pos" there (no German jokes now, please).
"Think you're confusing your Latin and Greek there - would it not be hippomorphised?"
Sure, but since I'm of mixed Latin stock I guess I'll make up words in mixed etymology to keep things interesting. Just in case.
Too bad we haven't got an icon for "grammar/spelling/language" related stuff here... Maybe one big tongue would do it.
...then get a jazz mag. I haven't yet come across one that asks you for your administrator password.
Even better, get a girlfriend - though the trojan horse problem may well also rear its ugly head here, as whilst you might be letting in a beautiful lady through the gates you'll likely also be letting in all kinds of trouble too. Maybe McAfee could come up with an Anti-Strife suite to deal with this...
...anthropomorphised, To ascribe human characteristics to things not human. It appears the Davies family must have hooves.
This is installed when a user is stupid enough to enter his root password for a supposed codec to watch a porn film. Some idiot is always going to fall for it. The only way this can be avoided is for OS's to only allow applications signed by a trusted authority to run.
This is what Orange have done to my SPV and I sent it back to them the next day. I hope this isn't the way we are heading.
"anyone on a Mac box can launch the console and type man crontab to find out what the hell we're all talking about and maybe even learn how to get things out of the crontabs for themselves."
Mac. It just works. Sort of. Until you try to use the internet or you run Quicktime. Or buy an iPhone.
These comments are soooooo making it to this weeks comments section! :)
Incidently, I've decided to create a Nintendo camp instead of joining windows, apple or *nix. So my reasoning (something the macs cant claim anymore) is, if you really wanna be safe online, use your opera broswer on the wii... there are absolutely no malware or viruses in the wild that attack my (obviously much more secure) platform.
"Fortunately for Mac owners there is a very simple way around this vicious and devastating attack.
Simply install a program called Boot Cap.
Boot Cap is very clever because it literally Boots out the security plagued OSX operating system and places a Cap over it -- Windows!
From then on you can enjoy stable, secure, efficient, beautiful, innovative, cool, fast, compatible and cost effective Vista like the rest of the grown ups in the world of computing."
let's see...use OS/X which costs $129 and is susceptible to one (1) (count em...>1<) virus if the user is dumb enough to play along far enough to actually get it installed...
OR
install M$ Vista, which costs a MINIMUM of $199 for the crap low-end version, and become susceptible to 73,743 (that's >seventy-three THOUSAND<) viruses, according to the "Daily Updates" section of http://www.symantec.com/business/security_response/index.jsp, many of which will install *themselves* if i just leave the firewall off.
idk, maybe i'm a "fanboi" but honestly, it just amazes me that any Micro$uck supporter would have the nerve to claim that XP or Vista is a better value than OS X. try moving forward in time from 1995 to the present era.
"Boot Cap, Boot Crap whatever... the point is that yet again Microsoft is able to provide an effective solution that addresses Apple's myriad failings."
Whatever you're smoking, mate, it's some serious ganga. Give some to Osama, and he could recruit Virginians to be suicide bombers for Al Queda.
I'll stay with Ubuntu for my personal systems, thanks. Can't seem to find a current virus *or* Trojan that attacks it.
I'm alarmed and reviled by respondents to articles of this sort that claim victims, "had it coming to them" because they are not as computer-literate as themselves. If these technogeeks were screwed by an auto mechanic because their knowledge of internal combustion engines is limited, I doubt you'd hear them saying "I had it coming to me." No, they'd be whining that they were ripped off. So why hold people to a different standard because they have professions that don't allow them to eat, drink and sleep computers? Wake up! Many computer users are elderly, or have full-time jobs not at all within the electronic spectrum: hair dressers, assembly line workers, checkout clerks. For them, computers are tools of communication and they don't know a codec from a [insert clever jargon that sounds like 'codec' here], and don't want to know.
I know technogeeks often sacrifice girlfriends, interpersonal skills or even decent personal hygiene for a wealth of computer knowledge, but claiming that a victim of computer tampering of any sort "had it coming to them" is tantamount to siding with the crooks. Shame on anyone who takes that stance.
Register
Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X. The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that …
Page:
Aaaarrrggghhhh nooooooooo....
I've just managed to pull myself out of a Blog site that was taken over by Mac/PC bitching... Do we have to do this all over again??
Please El Reg.. Pull this story before I pull my hair out.. There's never a winner when you set Mac and PC users against each other.. Just endless, pointless droning on and on and on and on.....
Aaaaaaaaaghggggghhhhhhh!!!!!!!
@Steven Knox
"So where's the completely unwarranted crowing from Windows fans and the equally invalid "it doesn't really count because (fill in specious reasoning here)" replies from the Mac cult?"
There it is...
Jamie "Having Mac fanbois crow..." Davis
Allan "usual fanboi comments... ...jobsy porn" Rutland
Obvisouly "Webster "We all know..." Phreaky
and on the other hand
J "Windiot"
Magilla "Vista IS a piece of crap"
Actually it seems relatively sensible for a story mentioning Apple, by El Reg commenter standards.
Webster
Where's the iPhone comment??? You're letting yourself down!
Mac owners visiting porn sites?
Must be the Dirty Mac Brigade
I don't need no frickin' comment
WTF is 'a root crontrab'???
Are you sure?
You can put as many messages saying "this application wants to run" "this application wants to format" "this application wants to take over your PC" as you want, but you will never manage to make users read them. In fact, the more of them you make the less likely people are to read them.
As for the whole mac vs windows vs linux... I'd love a mac at home, I'd hate to do my job on a mac or linux network.
Saying one is better than the other is like saying a spanner is better than a hammer.
Not an OS vulnerability
"The Trojan installs a root crontrab that makes minute-by-minute queries to check that the doctored DNS server is still active"
It can only do this if you are logged in as root while surfing p0rn - which you aren't unless you're a complete knob - in which case you deserve to have your system 0wn3d.
I thought 'boot cap' was meant to be ironic...
As in like 'run something good on top of Mac OS'.
But wasn't the point made the other day by someone, that if you run a virtualised known good/uninfected copy of an OS (say XP using Parallels or something), you can lose all the malware once you close the virtual app thingy.
@J
The user IS a hole. In more ways than one on a mac. But I digress, probably not the best word.
The point I was trying to make is that a large part of smugness that comes from the Mac crowd is indirectly derived from being a low profile group. Their profile is raised, a head comes above a parapet and now it gets shot at.
I read the article I assure you, a poorly chosen word on the part of "hole" (and "anthropomorphised")
This post has been deleted by its author
I'm bored of this one ...
... can we resurrect the "vi vs emacs" holy war ;)
Yeay!
Well, looks like the 'security by obscurity' argument is looking weaker and weaker from the MacFanBois. Welcome to the world of constant av/anti-spyware/patch updating that us Windows users are now well practiced at.
Here we go again...
I warned you..
Didn't I warn them? I did didn't I? I sure I did..
Everyone duck.. The Windows and Mac crowd are throwing rocks at each other again!!
As for the "Only a vulnerability if you log on as root"... These attacks are aimed at (ab)users at home, not many people are brave/foolhardy enough to look at porn at work.. I would say from experience that 90% or more of home users log onto their machines with root privs.. Or admin privs if your a Windows user, which is why these vulnerabilities work.. I wonder how many of you reading this now are logged on without Root/Admin privs if you're at home??
Where's the Paris Hilton angle on this?
Title
What a piece of ArsePlug OSX is, its shitty safe heaven is now starting to be raped thanks to Jobs and his buddies wanting a bigger house and a faster car. All the old beardy weirdoes that were there from day one are thinking "Jobs has betrayed us". That's right, he took your geeky elitist friendship and he's starting to wipe his ass on it in the name of profit. MS has had years of experience when it comes to security on a totally massive user base and they still haven't got it all sown up, Apple has absolutely no chance. Bunch of wankers, this fluffy feminine OS has seen its day. I think it’s time it bowed out and relegated itself to the set-top box industry, saying that though Linux would whoop its ass there as well.
Apple users are moronic, who else would pay 3 times the going rate for a piece of hardware and a shit OS. durrrr duurrrrrr DUUURRRRRRRRRR
Dicks
RE: Not an OS vulnerability
"It can only do this if you are logged in as root while surfing p0rn"
Erm... No. OSX, like most desktop linuxes etc that I've seen, have a GUI version of (or frontend to) su/sudo. What the article says is that it asks for your root password, which means the installer runs with root priviedges.
The only way to get round this is a system-level security system, like SELinux et al, which says "even as root, that program is not allowed to do that!", but this complicates things alot, and Mac users wouldnt be able to understand ( just had to get a quick jab in). Notice that windows doesnt have owt like this either, but thats because Microsoft collectively has even less brains than the average Mac user.
To misquote a famouse Australian: "Can you guess which OS I use yet?"
PS: Wheres the IT angle? This is about Macs, not Computers :P
Baka
Type your admin password in at the request of a website and you get what you deserve.
Now I wouldnt be running my win2000 box with a user account with admin rights would I that would just be asking for trouble ;)
@mad mike
'When we see Macs being infected through buffer overflow viruses etc.we'll be able to seperate the men from the boys'
http://www.heise-security.co.uk/news/98156
As this report shows, Leopard is far from secure. I have mailed this link to el reg, but so far they have failed to put an article up about it. Expect lots of security vulnerabilities to surface very soon and then maybe you won't be so smug.
This time I think Apple have been too smug for their own good. 'Why do you need a firewall, you're on a mac - you're invulnerable hahahahahah'
@Anonymous Coward (Own3d)
Strip this post of the "technical" icon. He obviously does not understand what cron does, and probably does not even understand what a "Multi-User" and "Multi-Tasking" operating system really is! Probably even believes that you need more than one processor in a system to do more than one thing apparantly at once, like the PC World and Intel ad. people.
Cron will run a job when specified, as the specified user, regardless of who (or even whether anybody at all) is logged on. Root's crontab is an obvious place to put such an exploit, but an equally obvious place to look to find it! It indicates that the writer was not really that clever.
Apple's security system of using sudo-like protection for sensitive commands mean that it is actually quite difficult (but not impossible, this is a ) to surf as root on a Mac. But people are now very used to just do what they are asked to do by the system, without thinking (think most personal firewalls and the Vista over-the-top UAC). But modern systems are complex, and most home computer users make poor System Administrators, and know no better.
Tell you what. Get Microsoft (or their partners) and Apple to offer outsourcing of the admin. of home systems. Introduce change control systems, requests forms, helpdesks etc. to have software loaded or system changes made. It'll make using computers at home just like work!!
Then you would be 0wn3d!
change resolv.conf
Maybe we should <chmod 777 /etc/resolv.conf> to make it easier for the malware writers, so that we can get rid of that pesky admin login OS X (and any reputable *nix OS) requires before changing something important?
@Abdul Omar
"Macs are all very well for adding that effete look in latte lounges but when you want the heavy lifting done then it's the boys from Redmond to the rescue."
And what's wrong with the effete look? Hell, when I'm in latte lounges with my Mac I look positively girly. Possibly that's because I am one. And I'm usually waiting for a transatlantic plane working on some kind of low level software issue as part of my consultancy business. I don't need no stinkin' boys whether they be in Seattle or Scunthorpe to help me...
you cant prove anything
my boys had nothing to do with this Trojan
fanbois
I do not think anyone of you m$ fanbois have a clue how your systems work, let alone a mac. Here is your mac fan chiming in. the reason a mac is secure has nothing to do with obscurity but the fact that osx is a bonafide nix and at such time there is no virii for unix. social engineering is just that. mac/pc people can all be coerced into doing something not all that safe. but here is one for ya, since the mac users have had to bear witness to the tribulation of windows, most of us know what to expect from the net. besides, most pc lusers are just pfy's that couldn't get laid in a womens prison with a handfull of pardons. why do you think all the pron sites affect pc's? auto install to pc's? have av software created for pc's... etc...
ad nauseum.
</smug>
OK Mac kiddies - here endeth your smugness regarding viruses.
@ Allan Rutland
"Those pathetic meatbags ..."
Either you've played KotOR, or you've magically channeled HK-47 to a tee ^.^ Well done.
re fanbois
If your eloquent response is a good indicator of the intelligence levels of a mac user, no wonder you need the Lord God Jobs to dictate everything to you. Can spell, use punctuation or put together a coherent sentence. Then you degenerate into worthless insults. Adding latin at the end does not make you look any smarter and one wonders if you actually know what it means.
Just to enlighten you, ad nauseum means something that has been continuing 'to the point of nausea' which is exactly how most real computer users feel about the pile of shit that spews from the mouths of mac fanboys about how great and impervious macs are.
Most viruses, trojans etc target pc users because of the large majority market share - not for any other reason.
As for most windows users not knowing how their system works - probably true but if you compare percentages instead of numbers the same can be said for mac users. Most mac users do not have a clue what goes on behind the nice shiny gui as Apple have taken anything to do with the system out of their hands.
As for there being no virii for unix, I think you will find there are so try looking facts up before mouthing off.
OSX & Windows both crap for Pr0n
Methinks you're all missing the point.
Windows, Mac and to some extent Linux are all crap for viewing pr0n.They all keep too many tell tale history logs and cookies for it to be safe.
No, the best way to view pr0n is via some form of live CD OS (pronounced live seedy Oh Yessss!) then save it to an easy to hide usb device.
I use Umbongo live for this as I ike my pr0n with a bit of exotic feel.
Share and enjoy
Targeted
I guess those pesky VX'res did some reasearch when they found this one.
ok guys we've found a hole in osx, right best place to exploint this for the average Mac user? ok we're all agreed then porn sites it is!! lol
new meaning to perverts in macs, I'll get me coat now...
cure for trojans
ha ! i think that dodgy trojan is having a right laugh at all you fighting over macs and windows and which witch is which... when the real issue here is PORN. that's right, the most sought after online activity worldwide, from the puritan, religous extremist creationist freak living in the bible belt over to sadr al bahmood's third wife, nasha al bahmood, sittin drinkin tea and fantasising over lesbian virgin girls from sweden, those sites will always attract malware or whatever else you want to call it. you wanna avoid all that rubbish, go down your local, get yourself a dvd and watch it on your telly... and i am sure you wont have any problems with trojans on your computer :D (or alternateively, get laid, that works as well)...
ROFL
"This may mean that the OS is beginning to gain enough users to be attractive to attackers."
So endeth the Myth about the Invulnerability of the Macintosh...
It's simply that there's so few of you that you're not interesting as a target, boys and girls, even your own security software specialists say it...
besides the hilarious fact that seemingly even for Mac users "the Internet is for Porn"... ;)
@ Greg Witt
What are you talking about? You fit exactly into the box described in the post above yours.
Virus, Trojan, Virus,Trojan.
Spelled differently, work differently.
Just read the piece before posting tosh.
smug mac user (support) - 15 years and not one virus
We've had trojans before - they're nothing new, but I've never met a macuser who'se had one on their machine. Most macusers appear to have a brain.
Re: @cronos
"To state the bleedin' obvious to anyone who's actually read the article, the software does not AUTO-Install via the browser, QuickTime redirects to a site with an alledged codec and "The Trojan requires victims to enter the administrative password for their machine"."
One word: COBBLERS. The browser (not bloody Quicktime, it's a bogus message the browser is fooled into displaying), even when redirecting to another site and asking for root privs, is not telling the user exactly what he or she is installing. It is, in effect, saying "you need this bit of binary blob to view your smut and I approve wholeheartedly of the use of it" which is somewhat different to your scenario of the user saying "whoa, a root password prompt! WTF?" They're probably so used to MacOS asking for root privs at this point that it hardly registers any more. Yes, Ubuntu et al also do the same thing. It's still wrong no matter who does it and it is my opinion that MS have inherited this idea of UAC *from* the OSS world. In fact, MS's implementation is a little better; at least it warns the user of the possible consequences of supplying the administrative credentials. irrespective of the fact that most Vista boxen have null Administrator passwords.
OK, so the trojan poses as a Quicktime codec. The user should simply think "WTF? Quicktime's already installed" and suspect the worst? Nope, because they're trained by a lax security model to be guided by the machine making assumptions instead of the correct method of ensuring their machine does as it is told and no more. And that, my friend, is the whole point: They've got it wrong. Again.
This is endemic in the software world. Firefox, the OSS posterchild of security, does a similar thing on multiple platforms with its plugin finder, although this uses a central point of known values, as opposed to the site "requiring" the binary, to locate the appropriate software. A bit better, but only by a small margin. To quote the infamous spam solution reply form: "why should we trust you or your servers?" Konqueror, from which webkit evolved, doesn't do any of this at all. Most amusing.
Another little heads-up for the Mac users affected by this: Open a console and type "man resolv.conf" to learn how to remove the bogus DNS entries manually. It doesn't matter that the DNS textboxes are greyed out on the advanced networking applet. If you remove the bogus servers from /var/run/resolv.conf (yes, /etc/resolv.conf is a symlink) after blitzing the DNS check from crontab (removing whatever executable is referenced by that entry with "rm" would also be a good idea), you'll be cured and you'll also understand the underlying system a little better.
That's not to say I don't expect the vast majority to just dig out their installation DVD and start holding down C, another thing Microsoft has given us which will haunt us for decades to come. Be thankful this is a simple trojan and not a rootkit. For the same effect and much more fun removing the infection, just think of the hilarity that would ensue if the malicious site replaced dhclient with a modified version that rewrites resolv.conf with these bogus servers every time the lease renews. "chflags schg /sbin/dhclient" (assuming a UFS filesystem, I have no idea whether this works on HFS+) is a 99% sure prevention of this attack vector, but what are the chances of people listening? Even then, adding "prepend domain-name-servers ns.example.invalid ns2.example.invalid;" to dhclient.conf will achieve the same results but be a little easier to get rid of. This is all off the top of my head, of course. There are 101 ways to attack the securest of boxen; it just takes fooling the operator to effect 100 of them. Vendors supplying more and more ways to fool said operator is just plain short-sighted so, although I seem to have digressed, this whole rant brings us back to the point I tried to make earlier: The OS vendors are actively contributing to the ease of socially engineering root credentials from their users.
Oh, and it's Chronos. With an "h" and a capital "C". Not that you didn't already know, of course. The quality of trolling in these comments seems to be at an all-time low, amanfrommars excepted of course.
Call me
Call me when something is found that can compromise root on the Mac without user intervention. Then the Gates towelboys will start to have a valid point.
I'd hardly consider social engineering to be a platform issue, more of a clueless user issue. Unfortunately, those types of users exist on every computing platform that has ever existed. Simple fix: I've disabled root/admin access to users on machines I administer. Easy to do on Unix/Linux/MacOSX. Much harder on MS Windows.
So my users have received several trojans, but it has no effect because Unix/Linux/MacOSX systems have adequate (but not great) security. The very few remaining MS Windows users have, unfortunately, managed to corrupt their systems even with all the extra software and hardware that has been deployed to protect users from their own idiocy. Frankly, they're more work than it's worth, and I've given them notice that their support for MS Windows terminates at the end of the year.
In summary, in Unix/Linux/Mac you can avoid a lot of user problems by not giving the user root access. In Windows... you can't, because at its core it's still a single-user system and applications constantly require root access to operate successfully. So applications have to all run in root mode, with horrible consequences.
All commercial operating systems made to date have serious flaws, mainly due to flawed design processes that are driven more by marketing than by science. MS Windows, unfortunately, has more flaws than most. No amount of marketing can change that fact. Just because it's popular doesn't mean it's any good.
Ahhh yes
Positive proof that a computer can only be as secure as the dumbest user. This isn't a flaw of security. This is the same for Linux and Windows. Lately, it seems less about security flaws and more not wanking off on the computer.
you need a girlfriend
If you are willing to do that, to your computer; you don't need a computer, you need a girlfriend.
Operating system, software and hardware mean nothing, an idiot is an idiot. And you can't fix stupid.
You just can't.
Re: Decline and fall of the English language
That's OK, I borrowed the language anyway, it's not mine. I'll return it as soon as I'm done here in the US and go elsewhere -- but it might take a while, mind you. Have been using it for almost 6 years now, and even getting to like it a tad by now.
But, anyway, I feel that "hippopomorphised" has got one too many "pos" there (no German jokes now, please).
"Think you're confusing your Latin and Greek there - would it not be hippomorphised?"
Sure, but since I'm of mixed Latin stock I guess I'll make up words in mixed etymology to keep things interesting. Just in case.
Too bad we haven't got an icon for "grammar/spelling/language" related stuff here... Maybe one big tongue would do it.
Want porn...
...then get a jazz mag. I haven't yet come across one that asks you for your administrator password.
Even better, get a girlfriend - though the trojan horse problem may well also rear its ugly head here, as whilst you might be letting in a beautiful lady through the gates you'll likely also be letting in all kinds of trouble too. Maybe McAfee could come up with an Anti-Strife suite to deal with this...
Jamie Davies....
...anthropomorphised, To ascribe human characteristics to things not human. It appears the Davies family must have hooves.
This is installed when a user is stupid enough to enter his root password for a supposed codec to watch a porn film. Some idiot is always going to fall for it. The only way this can be avoided is for OS's to only allow applications signed by a trusted authority to run.
This is what Orange have done to my SPV and I sent it back to them the next day. I hope this isn't the way we are heading.
Macs seized by porn Trojan
Macs seized by porn Trojan.
Is that the Macs at The Register?
None of mine have been 'seized by porn Trojan' and I would challenge you to point a single Mac that has.
Now I know hat happens to Daily Star journos that find themselves out of a job!
Pot kettle black
"Just to enlighten you, ad nauseum means something that has been continuing 'to the point of nausea'" Er, it's 'ad nauseam'...
@Joey
>None of mine have been 'seized by porn Trojan' and I would challenge you to point a single Mac that has.
And not one of my Windows boxes (Actually, I mostly run Linux now) has ever been infected with a virus. Therefore, I need proof that they exist.
Grow a brain.
Mac advertising
"anyone on a Mac box can launch the console and type man crontab to find out what the hell we're all talking about and maybe even learn how to get things out of the crontabs for themselves."
Mac. It just works. Sort of. Until you try to use the internet or you run Quicktime. Or buy an iPhone.
virii?
I keep seeing this word, "virii".
So what, then, is a virius?
lmao
These comments are soooooo making it to this weeks comments section! :)
Incidently, I've decided to create a Nintendo camp instead of joining windows, apple or *nix. So my reasoning (something the macs cant claim anymore) is, if you really wanna be safe online, use your opera broswer on the wii... there are absolutely no malware or viruses in the wild that attack my (obviously much more secure) platform.
there mac users
"We see no evidence that Mac users are any more resilient to social-engineering attacks."
umm i think the fact they are mac users just highlights the fact they are very very suscepatble to soicial engineering......
Patch for human stupidity
How do Apple dare not install that in their latest OS!!! Atrocious!!!
At last!
The dirty mac brigade get their deserved comeuppances!
@abdul omar
"Fortunately for Mac owners there is a very simple way around this vicious and devastating attack.
Simply install a program called Boot Cap.
Boot Cap is very clever because it literally Boots out the security plagued OSX operating system and places a Cap over it -- Windows!
From then on you can enjoy stable, secure, efficient, beautiful, innovative, cool, fast, compatible and cost effective Vista like the rest of the grown ups in the world of computing."
let's see...use OS/X which costs $129 and is susceptible to one (1) (count em...>1<) virus if the user is dumb enough to play along far enough to actually get it installed...
OR
install M$ Vista, which costs a MINIMUM of $199 for the crap low-end version, and become susceptible to 73,743 (that's >seventy-three THOUSAND<) viruses, according to the "Daily Updates" section of http://www.symantec.com/business/security_response/index.jsp, many of which will install *themselves* if i just leave the firewall off.
idk, maybe i'm a "fanboi" but honestly, it just amazes me that any Micro$uck supporter would have the nerve to claim that XP or Vista is a better value than OS X. try moving forward in time from 1995 to the present era.
@ Abdul Omar
"Boot Cap, Boot Crap whatever... the point is that yet again Microsoft is able to provide an effective solution that addresses Apple's myriad failings."
Whatever you're smoking, mate, it's some serious ganga. Give some to Osama, and he could recruit Virginians to be suicide bombers for Al Queda.
I'll stay with Ubuntu for my personal systems, thanks. Can't seem to find a current virus *or* Trojan that attacks it.
Quit calling the victims "stupid"
I'm alarmed and reviled by respondents to articles of this sort that claim victims, "had it coming to them" because they are not as computer-literate as themselves. If these technogeeks were screwed by an auto mechanic because their knowledge of internal combustion engines is limited, I doubt you'd hear them saying "I had it coming to me." No, they'd be whining that they were ripped off. So why hold people to a different standard because they have professions that don't allow them to eat, drink and sleep computers? Wake up! Many computer users are elderly, or have full-time jobs not at all within the electronic spectrum: hair dressers, assembly line workers, checkout clerks. For them, computers are tools of communication and they don't know a codec from a [insert clever jargon that sounds like 'codec' here], and don't want to know.
I know technogeeks often sacrifice girlfriends, interpersonal skills or even decent personal hygiene for a wealth of computer knowledge, but claiming that a victim of computer tampering of any sort "had it coming to them" is tantamount to siding with the crooks. Shame on anyone who takes that stance.
Page: