Security researchers have uncovered a rare example of a Trojan that affects Mac PCs. Lamzev-A creates a backdoor on compromised Mac OS-X systems. The malware typically disguises itself as video codec or game on dodgy websites. Mac users hoping to watch a clip from a grumble flick get infected instead, a trick well known from the …
Am I the first...
to get in the obligatory "Mac users are w*nkers" joke?
does anyone install individual codecs anymore?
surely everyone these days only uses either VLC to watch video or installs Perian to get all the codecs in one go, no?
if you listen very carefully, you can hear Webster desperately trying to think of something smug to type
Queue a bunch of Mac bashers shouting "see, Macs get viruses too".
Incidentally, I don't see how this malware app can be automatically launched after the .dmg is mounted since Apple added the warning prompt when opening a new application back in 2004, if I'm not mistaken.
BTW there's a good video codec here:
You should probably get that updated to 'Macs' before The Lord Our Jobs reads it and smites you down with his Almighty Wrath and sets a Plague of Locusts upon Reg HQ. You'll never hear a Mac saying "I'm a PC"... Cuz it ain't.
Minor technical note
"Previous examples of malware able infect Mac systems have included an Apple-variant of a scareware (fake anti-spyware) package and a Trojan, DNsChan-A, that detected whether it was attempting to infect either Windows or Mac systems before running the appropriate infection routine."
That's not quite correct; to my knowledge, no single binary file exists which detects the host platform and then 'runs the appropriate infection routine.' Instead, what happens is that the Web site hosting the malware detects the platform (by looking at the browser's user agent), then downloads either a Windows executable or a Mac/Linux shell script.
The article also does not make clear that this malware and 'the earlier RSPlug Mac Trojan' are one and the same; the malware is variously called OSX.DNSchanger.A, OSX.RSplug.A, OSX.RSplugin.A, or OSX/Zlob. It's different in structure but identical in function to the Windows Zlob malware, and almost certainly originates from the same group. The OS X version is actually a generic *nix shell script that creates a root crontab on any *nix variant, which runs every two minutes and changes the system's name servers to hostile name servers in Eastern Europe; as you may imagine, it requires that the user type in an administrator password on OS X or a root password on Linux/Unix in order to do its work.
The Apple Mac is essentially a brand of PC with its own operating system. The ads can separate "Macs" from "PCs" all they like, but in technical terms we're all the same.
We Mac-olites don't even get decent trojans
That's the sorry state of that inferior OS ...
Methinks i'm gonna install XP on my iMac
Trend Micro seems to be playing it up as a major threat. I guess the dearth of any real threats (so far) to the Mac platform has made them rather desperate to find anyone willing to purchase their (so far) rather useless software?
@david kelly: LOL. Although shouldn't that be: sudo_rm_minus_rf_slash.sh?
^ lmfao ^
I'm really suprises there aren't more trojans relying on blind ignorance, i think they'd be a massive success...
Grumble Flick? Not in urbandictionary.com
Perhaps someone should make a website called "britsurbandictionary".
I want one
Would you like a Trojan with that, sir?
Clearly you haven't read this site long.
grumble flick = porn
They tried to mine bank details
then found Mac users had fuck all ready cash as they'd already been taken to the cleaners.
A grumble flick is a form of video based entertainment that allows men to pleasure themselves without excessive use of their imagination. A blue movie or skin film in other words. Rather than relying on the Urban Dictionary, I suggest you pick up a copy of Rogers' Profanisaurus (Amazon probably stock it).
Really? That's the best malware people can do?
Why not just have them download a dodgy shell script file that changes the root password and runs some IRC bot? If people are stupid enough to run a random program from a porn site you don't really need to get clever about it. Just prompt for the admin password in the normal way and users will provide it without question.
Seems like a lot of work to find some vulnerability in the OS or Browser when you can rely on the stupidity of the user to be far more consistent (and un-patchable).
Notorious Mac viruses...
... also include, if my memory is anything to be relied on, the first computer virus. Ever.
Macs used to be somewhat spared by the malware developers because:
- no-one had a Mac (except for hackers in the Good old days of the Apple ][, but it would have been silly to aim at this target)
- it was a specific architecture
- and finally, the OS security settings by default were marginally better than on Windows
But now that the clueless crowd of yuppies jumped on Macs like frogs on a red rag, now that Macs are really Intel PCs, and now that security has been banned from the OS, we'll see more and more of that.
Now where is the "smirking BeasTux" icon when we need it?
You say: grumble flick
I say: stick film
Anon 4 this
Something for you to read before you spread any more misinformation:
"like frogs on a red rag"
I seem to have lost the ability to understand English.
I hate it when that happens.
I still think the Amish virus is the best cross-platform virus ever.
As you can see from earlier comments, none of the El Reg readers need a dictionary to understand this bit of rural idiom.
@David Kelly, and Dr Harkin
David, I really don't see what the, erm, collection of words you linked to has anything to do with my comment. In the middle of the laughingly inaccurate load of spin, I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant. Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. *owning* a mac might be safer for now -against blind, bulk attacks at least-, but the machine itself isn't. MacOS' default security settings used to be a bit less moronic than Windows' ones, but M$ upped its game a bit and MacOS went downhill, so it's pretty much reversed now. And that's saying something. From up here, they look the same anyway. "BeasTux" is still smirking.
Dr Patrick J R Harkin, what word did you not understand? Frogs tend to jump on red rags, really. Though you might have to be from a muddy, froggy area to know that.
Red flames icon, grilled frog legs for dinner!
This just proves
That people are idiots. Like Ron White says, "You can fix stupid". As a matter of fact, don't even try - you'll just drive away all the intelligent users. Maybe Apple should take this chance to introduce its users to apt.
"I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant"
Sure, so why did you say in your first message:
"now that Macs are really Intel PCs, ... we'll see more and more [Mac malware]."
"Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. "
No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux.
Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !
PC stands for Personal Computer - as much as I dislike using Mac, you can't say that the machine isn't a computing machine designed for personal use.
"Sure, so why did you say in your first message: "now that Macs are really Intel PCs, ... we'll see more and more [Mac malware].""
Because the article and my post are clearly and specifically about *new* malware. It's obvious that Safari is immune to MSWord macro viri, but it doesn't make it secure.
"No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux."
The article you linked to ALSO says that. Which is a load of bullcrap anyway. Being initially, a long time ago, based on a BSD kernel doesn't make it more or less secure. All Linux distros are based on the same kernel, but some are tougher than others. Same for BSD distros. And re-read it, you will find a lot of the "Macs are more secure because there are no malware targetting them in the wild" flawed circular logic.
"Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !"
I do not know about specific felines, but I can assure you that all the OSX machines I've seen are in the single-user-with-full-admin-rights configuration. With auto-mount and auto execute for external media on. Good default settings, ain't it?
Your semantics is good, but there is an even better reason to say "Mac PC": Macs are now Intel-based PCs. Same as Dells, but with a different logo on the box. The Mac vs PC distinction is made for/by clueless people who really mean MacOS vs Windows but couldn't tell the difference between hardware and software to save their lives. Reminds me of this old lady from Morocco who despised Africans (it meant "black people" for her).
Heh, well expanded ;)
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...