Feeds

back to article Lame Mac Trojan limps into view

Security researchers have uncovered a rare example of a Trojan that affects Mac PCs. Lamzev-A creates a backdoor on compromised Mac OS-X systems. The malware typically disguises itself as video codec or game on dodgy websites. Mac users hoping to watch a clip from a grumble flick get infected instead, a trick well known from the …

COMMENTS

This topic is closed for new posts.
Coat

Am I the first...

to get in the obligatory "Mac users are w*nkers" joke?

0
0
jai
Silver badge

does anyone install individual codecs anymore?

surely everyone these days only uses either VLC to watch video or installs Perian to get all the codecs in one go, no?

if you listen very carefully, you can hear Webster desperately trying to think of something smug to type

0
0

uh oh

Queue a bunch of Mac bashers shouting "see, Macs get viruses too".

Incidentally, I don't see how this malware app can be automatically launched after the .dmg is mounted since Apple added the warning prompt when opening a new application back in 2004, if I'm not mistaken.

BTW there's a good video codec here:

http://dodgy.site.net/codec/rm_minus_rf_slash.sh

0
0
Jobs Halo

Mac PCs???

You should probably get that updated to 'Macs' before The Lord Our Jobs reads it and smites you down with his Almighty Wrath and sets a Plague of Locusts upon Reg HQ. You'll never hear a Mac saying "I'm a PC"... Cuz it ain't.

0
0

Minor technical note

"Previous examples of malware able infect Mac systems have included an Apple-variant of a scareware (fake anti-spyware) package and a Trojan, DNsChan-A, that detected whether it was attempting to infect either Windows or Mac systems before running the appropriate infection routine."

That's not quite correct; to my knowledge, no single binary file exists which detects the host platform and then 'runs the appropriate infection routine.' Instead, what happens is that the Web site hosting the malware detects the platform (by looking at the browser's user agent), then downloads either a Windows executable or a Mac/Linux shell script.

The article also does not make clear that this malware and 'the earlier RSPlug Mac Trojan' are one and the same; the malware is variously called OSX.DNSchanger.A, OSX.RSplug.A, OSX.RSplugin.A, or OSX/Zlob. It's different in structure but identical in function to the Windows Zlob malware, and almost certainly originates from the same group. The OS X version is actually a generic *nix shell script that creates a root crontab on any *nix variant, which runs every two minutes and changes the system's name servers to hostile name servers in Eastern Europe; as you may imagine, it requires that the user type in an administrator password on OS X or a root password on Linux/Unix in order to do its work.

0
0
Go

@glennog

The Apple Mac is essentially a brand of PC with its own operating system. The ads can separate "Macs" from "PCs" all they like, but in technical terms we're all the same.

0
0
Joke

We Mac-olites don't even get decent trojans

That's the sorry state of that inferior OS ...

Methinks i'm gonna install XP on my iMac

0
0

Meanwhile

Trend Micro seems to be playing it up as a major threat. I guess the dearth of any real threats (so far) to the Mac platform has made them rather desperate to find anyone willing to purchase their (so far) rather useless software?

@david kelly: LOL. Although shouldn't that be: sudo_rm_minus_rf_slash.sh?

0
0
Tom

^ lmfao ^

I'm really suprises there aren't more trojans relying on blind ignorance, i think they'd be a massive success...

;)

0
0
Coat

Grumble Flick

Grumble Flick? Not in urbandictionary.com

Perhaps someone should make a website called "britsurbandictionary".

0
0

I want one

Would you like a Trojan with that, sir?

0
0

@Jodo

Clearly you haven't read this site long.

grumble flick = porn

0
0
Anonymous Coward

They tried to mine bank details

then found Mac users had fuck all ready cash as they'd already been taken to the cleaners.

0
0
Silver badge

@Jodo Kast

A grumble flick is a form of video based entertainment that allows men to pleasure themselves without excessive use of their imagination. A blue movie or skin film in other words. Rather than relying on the Urban Dictionary, I suggest you pick up a copy of Rogers' Profanisaurus (Amazon probably stock it).

0
0
Bronze badge
Alert

Really?

Really? That's the best malware people can do?

Why not just have them download a dodgy shell script file that changes the root password and runs some IRC bot? If people are stupid enough to run a random program from a porn site you don't really need to get clever about it. Just prompt for the admin password in the normal way and users will provide it without question.

Seems like a lot of work to find some vulnerability in the OS or Browser when you can rely on the stupidity of the user to be far more consistent (and un-patchable).

0
0
Silver badge
Jobs Horns

Notorious Mac viruses...

... also include, if my memory is anything to be relied on, the first computer virus. Ever.

Macs used to be somewhat spared by the malware developers because:

- no-one had a Mac (except for hackers in the Good old days of the Apple ][, but it would have been silly to aim at this target)

- it was a specific architecture

- and finally, the OS security settings by default were marginally better than on Windows

But now that the clueless crowd of yuppies jumped on Macs like frogs on a red rag, now that Macs are really Intel PCs, and now that security has been banned from the OS, we'll see more and more of that.

Now where is the "smirking BeasTux" icon when we need it?

0
0
Alert

You say: grumble flick

I say: stick film

Anon 4 this

0
0
Thumb Down

@Pierre

Something for you to read before you spread any more misinformation:

http://mac360.com/index.php/mac360/comments/part_1_macs_and_viruses_fact_vs_fud/

0
0

"like frogs on a red rag"

I seem to have lost the ability to understand English.

I hate it when that happens.

0
0
Joke

@Pierre

I still think the Amish virus is the best cross-platform virus ever.

0
0
Bronze badge
Heart

@Jodo Kast

As you can see from earlier comments, none of the El Reg readers need a dictionary to understand this bit of rural idiom.

0
0
Silver badge
Flame

@David Kelly, and Dr Harkin

David, I really don't see what the, erm, collection of words you linked to has anything to do with my comment. In the middle of the laughingly inaccurate load of spin, I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant. Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. *owning* a mac might be safer for now -against blind, bulk attacks at least-, but the machine itself isn't. MacOS' default security settings used to be a bit less moronic than Windows' ones, but M$ upped its game a bit and MacOS went downhill, so it's pretty much reversed now. And that's saying something. From up here, they look the same anyway. "BeasTux" is still smirking.

Dr Patrick J R Harkin, what word did you not understand? Frogs tend to jump on red rags, really. Though you might have to be from a muddy, froggy area to know that.

Red flames icon, grilled frog legs for dinner!

0
0
Flame

This just proves

That people are idiots. Like Ron White says, "You can fix stupid". As a matter of fact, don't even try - you'll just drive away all the intelligent users. Maybe Apple should take this chance to introduce its users to apt.

0
0
Thumb Down

@Pierre

"I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant"

Sure, so why did you say in your first message:

"now that Macs are really Intel PCs, ... we'll see more and more [Mac malware]."

"Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. "

No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux.

Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !

0
0
Thumb Down

@glennog

PC stands for Personal Computer - as much as I dislike using Mac, you can't say that the machine isn't a computing machine designed for personal use.

0
0
Silver badge

David Kelly,

"Sure, so why did you say in your first message: "now that Macs are really Intel PCs, ... we'll see more and more [Mac malware].""

Because the article and my post are clearly and specifically about *new* malware. It's obvious that Safari is immune to MSWord macro viri, but it doesn't make it secure.

"No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux."

The article you linked to ALSO says that. Which is a load of bullcrap anyway. Being initially, a long time ago, based on a BSD kernel doesn't make it more or less secure. All Linux distros are based on the same kernel, but some are tougher than others. Same for BSD distros. And re-read it, you will find a lot of the "Macs are more secure because there are no malware targetting them in the wild" flawed circular logic.

"Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !"

I do not know about specific felines, but I can assure you that all the OSX machines I've seen are in the single-user-with-full-admin-rights configuration. With auto-mount and auto execute for external media on. Good default settings, ain't it?

0
0
Silver badge

g00p

Your semantics is good, but there is an even better reason to say "Mac PC": Macs are now Intel-based PCs. Same as Dells, but with a different logo on the box. The Mac vs PC distinction is made for/by clueless people who really mean MacOS vs Windows but couldn't tell the difference between hardware and software to save their lives. Reminds me of this old lady from Morocco who despised Africans (it meant "black people" for her).

0
0
Thumb Up

@ Pierre

Heh, well expanded ;)

0
0
This topic is closed for new posts.