Pelao

For those of you who follow security issues this article describes the recently released Trojan, it's seriousness and how to find and remove it.

http://www.macworld.com/2007/10/firs...orse/index.php

__________________
A MacPro 2.66 Xeon, an iMac G5, a Uni MB, a wee PowerBook 12" 1.5, an eMac, a couple of cameras, a lens collection and a wonderful iPod. Oh, and a delicious wife.

"Words are sacred. They deserve respect. If you get the right ones in the right order, you can nudge the world a little." Tom Stoppard

“No tears in the writer, no tears in the reader".
Robert Frost

guytoronto

LOL!

Just so everyone is clear, this is not something that can magically show up on your computer.

It infects you by tricking you into letting it install itself.

Here's the trick:
1) An offer to see a naughty Britney Spears video.
2) Message says you need to download the proper video codec.
3) You download the trojan thinking it's the video codec.
4) It requests your permission to install itself. You, being silly, give it permission.
5) You are now infected. D'oh!

__________________
I've lost my pants.

dona83

Seems more like an STD...

__________________
iMac 20" Mid-2006 (six years young) - Dell Vostro V13 (two year old piece of turd) - iPhone 4 16 GB Bell Mobility Black for me and White for the missus.

biovizier

I still consider this to be a significant development since it is malware targetted toward Mac users that actually seems to do something. I'm not sure - has there been anything else like that before?

The fake MSWord trojan was like an adolescent prank, Opener was clearly a thought excercise intended to demonstrate the flaws in OS X's security model, Oompa Loompa may have been similar, but this new trojan could actually seems to be intended to try to scam money from a victim.

Lets not be too hasty in dismissing this malware just because it happened to work through "Installer.app" and requests an "admin" password (note that this elementary security requirement was only introduced in a security update last year). In Tiger, with the majority of Mac users using an "admin" account, no "admin" password would be required for a trojan application or installer operating independently of "Installer.app" to make the DNS changes or modify the root crontab. I'm still waiting for Leopard so I'm curious to see how much this has changed - so far I'm encouraged by some of the little things that seem to have been improved, based on what has been written on the web, but it only takes one stupid design decision to let malware through.

So I agree to the extent that social-engineering type malware will always be a problem for as long as there are gullible users, and that nothing has prevented someone from writing one before now, but the fact that someone has actually bothered to go out and produce one could be a sign that malware writers are beginning to think the Mac user base is no longer too small to bother with.

pictor

1) I heard you *don't* need to give your permission, it never asks for admin login. There might be conflicting reports though

2) You can't criticize the majority of ignorant users too harshly. Some people will easily be fooled by this. Should they know better....maybe. But so many users are really technical luddites. They just have a machine, that maybe their child set up for them...and they check email and browse pictures their family sends them.

Ok...maybe those people aren't racing to see a Brit Spears video...but the point remains, it's a valid trojan, and represents an obvious effort to include Mac users as potential victims. We *will* see more of this as Macs get more popular.

__________________
Ottawa
24" intel core 2 duo with Leopard

Lars

__________________
Apple Certified Technician ACMT
Mac mini (Mid 2011) 2.7 GHz i7, 8GB RAM, 500GB + 1TB External, Mac OS X 10.7.4
iPhone 16GB • iPod nano 8GB • Sound System Audio Engine A2.

RISCHead

OS X invulnerability is a myth. Most users are trained (through numerous 'safe' software installs) to supply the admin password when asked for, therefore easily violating UNIX user security models.
In terms of true system exploitations and hacks, OS X is no less vulnerable than any other UNIX and certainly Mac kernel and application developers have not achieved the level of paranoia that Microsoft developers currently have.
Expect to see many more such threads in the next few years.

Leopard has done a good thing with its code signing and ASLR
Code Signing Release Notes: Code Signing Release Notes for Mac OS X v10.5

Some negative comments on Leopard security:
» Researchers pooh-pooh Mac OS X Leopard security | Ryan Naraine’s Zero Day | ZDNet.com

__________________
We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology. ~Carl Sagan

absolutetotalgeek

That day's a ways off yet, but it's coming that's for sure. When it does those people you see standing outside spinning around in circles looking towards the sky with a glazed look? Well those will be the clueless that bought into the OS X Invincibility myth. (U know who u r)

__________________
"That's trouble you've not seen before...you'd best run far far away mister."

mr.steevo

Hi,

You know, it was the Trojan's that lost the war.

s.

guytoronto

It's absolutely ridiculous that people are fearing an uprising of Trojans based on this instance. This is NOT an OS security issue. It's a user ignorance issue.

How easy would it be to create a little app to run the command line [ sudo rm -R *.*] ?

Would that be considered a trojan if I tricked people to use it?

__________________
I've lost my pants.