Feeds

back to article Mac Trojan uses Windows backdoor code

Miscreants have adapted a Windows Trojan in an attempt to create malware that established a backdoor on Macs, as part of an apparent bid to drum up commercial interest for their dastardly wares. MusMinim (dubbed BlackHole RAT by its nefarious author) is a variant of a strain of Windows Trojan called darkComet. Net security firm …

COMMENTS

This topic is closed for new posts.

Page:

Grenade

hahahaha

it's almost like Macs are now proper computers

36
5
Bronze badge
Pint

BWAAAAAAA

I still cant stop laughing !!!!!

Oh thank you ..........

We need a WIN icon

*have a beer on me

4
2
FAIL

@Lionel

How can it be a win? Surely a system breach of any kind that allows scumbags to access private data is a fail for all decent people, regardless of operating system? Have you heard of the phrase "have a day off you bell end"?

5
5
Bronze badge
FAIL

errr

Win icon for the comment.

*fail for obvious reasons !! :P ;)

4
1
Thumb Up

Did it hurt

when your sense of humour was surgically removed? I assume that's what happened, can't think of any other reasonable explanation for such a complete and obvious lack...

1
2
Coat

@mrweekender

"How can it be a win? Surely a system breach of any kind that allows scumbags to access private data is a fail for all decent people, regardless of operating system? Have you heard of the phrase "have a day off you bell end"?"

It's a win because it points out the need for security software for ALL operating systems, not "just Windows." Mac users have spouted (somewhat correctly) for many years that "Macs don't have viruses" and that "Antivirus software is useless" for them. Now we're approaching an era where Mac users will have to make the paradigm shift into knowing they need security products to prevent crap like this from getting on their system. The only trouble now will be re-brainwashing the fruit-bearing mass(es) into being security conscious, and then have Apple be able to explain to them why their system now runs slow and occasionally doesn't work right....

2
5
Troll

EULA

"I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. "

Sounds like Apple's standard terms and conditions to me.

76
4
Bronze badge
Jobs Halo

and it's _another_ Trojan

Once again, the limitations of malware on Macs are exposed. Almost all of the existing malware examples are Trojans. you have to actively hunt 'em down. There are Trojans which pretend to be installers for, among other things, MS Office, Adobe CS, and Apple iLife. And, oh, yes, there's the Trojan which pretends to install 'codecs' so that the twit targeted can watch particularly nasty porn. If you're not a freetard or a pornhound you're nearly 100% safe, 'cause the only way you'd get nailed by one of the existing Trojans would be if somehow it got uploaded to a legitimate site.

Wake me up when there's a real threat.

10
11
Bronze badge
Stop

Nice complacent attittude

I moved from Windows to Mac about 3 years ago and I tell you this my fine self-assured friend, the Windows security attitude never leaves you and keeps you on your toes 'cos every bastard on the planet wants your bank account/Amazon login details.

I am not paranoid, I know they're out to get me, so I err on the side of caution to be safe!

7
1
Bronze badge

it's just the facts

I was using Macs when there _was_ a real malware threat, when you _had_ to have applications like Disinfectant and Virex. It's a simple fact: there is, at this time, no significant threat. It's that simple: THERE IS, AT THIS TIME, NO SIGNIFICANT THREAT. If you don't try to liberate software in violation of the license or you don't want to view certain types of porn (which are, in any case, illegal to have in the UK...) you have very little to worry about. Some people may not like this. Tough. Facts are facts.

Now, it might be that _sometime in the future_ there may be a malware environment similar to that currently 'enjoyed' by Windows users, but _right now_ this is not the case... and this Trojan will do very little to change it, 'cause it's a _Trojan_! You must seek it out, download it, and run it, and each step requires that you take active steps to enable it! As I don't chase extreme porn and I don't do torrents or warez, the odds of my getting a Trojan are extremely low... and my sympathy for those who do get caught by 'em is even lower.

4
5
Thumb Down

That's because you used Windows

for too long! I don't understand why you moved to Mac if not for increased security.

1
2
FAIL

@the "It's a _TROJAN_" 'tards

Yes, it's a Trojan. However, you don't need to download warez or p0rn to get infected. There's plenty of sites out there that attempt to infect Windows users by landing them on a fake My Computer antivirus scan page. When you try to click on anything, or close the browser, etc, you get an auto-downloaded .exe asking if you want to run it. Unfortunately, most computer Sheeple click "yes" and then MS tries to hold their hand and ask AGAIN if they're sure they know who sent them the .exe and that they shouldn't run it otherwise, and they hit "yes" again. Boom. Infected. They now have a Trojan. Yep, a trojan. It's even classified as a trojan. Why? It poses as something it's not (AV software in this case). Not warez or p0rn; security software.

Now, apply this scenario to Apple users who get a page that, instead of blindly throwing them onto a Windows landing page, actually uses the User-Agent meta data of their GET request and lands them on a Safari-targeting page and pops up with the Mac equiv? Perhaps even a warning: "OSX has been the target of many new virus threats that the general public has been largely unware of. Clean your computer now! Click here to remove these viruses"

Apple users are Sheeple too.

5
1
Anonymous Coward

Eh?

So your point is that all systems are vulnerable to stupid users. Yes, we know this. Some systems are vulnerable to a hell of a lot more than that. Can you wrap your mind round that?

I can be trained to be very suspicious of web pages that ask me to install things, and therefore lead a more secure life. Or I can use Windows and be infected just by visiting a site. Ah, Windows, the OS that actively trains its users to click OK.

Just because I'm gonna die sometime, doesn't mean I'm gonna ride your momma bareback.

0
1
Bronze badge
Jobs Halo

we know

And we find it vastly amusing when we go to one of those sites and it pops up a _Windows_ dialogue box telling us that we may have been infected by up to 66 viruses, naming them, and several of said viruses have 'Win' in their names. And it's even more amusing when they try to download an EXE file onto the Mac... which can't run EXE files. And assuming that they figure out that it's a Mac and download a APP file instead... well, the first time it runs it _still_ has to get permission! And it can't bloody install without someone entering an _admin_ password, even if you're cruising around using an admin account! Only a complete idiot installs stuff he knows nothing about from a random site, so again I have very little sympathy for anyone who gets caught by that! It's _hard_ for malware to be installed on a Mac! You no like it? Tough.

Still smug after all these years.

0
1
Bronze badge
Troll

the hater's problem

is that they think that everyone is as stupid as they are. Some of us have Macs, which we use for many tasks they are suited for... such as cruising on the Internet. Some of us also have Windows boxes, which we keep locked up tight with lots of AV 'cause we _know_ that there's bad buys out there, and which, when we use them on the Internet, we restrict our travels to a few limited sites and never, ever, do anything anywhere near our bank accounts or credit cards with 'em 'cause we _know_ that they're bloody sieves. Some of us even have a few machines with Linux on 'em (a very few machines) which we mostly use to play around with, 'cause, well, the only thing that penguins are good for is to feed leopard seals. <http://photography.nationalgeographic.com/photography/photo-of-the-day/leopard-seal-penguin.html>

0
1
Jobs Horns

Nice try apple.

"Make sure you buy everything from the app store otherwise you might get a trojan, like this one we made earlier."

16
5
Grenade

Shop Safely

To quote the Author:

"Sophos, which has added detection for the malware, said that once fully developed the malware may be disguised as pirate software or games downloads and distributed through wares portal or torrent downloads"

Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs

I don't forsesee this being a crises at all, shop safely for your sofware and applications and you'll probably be fine.

Download from any Torrent and you'll be at risk, as Windows users have known for years..

Of course the Apple Hate Club will be lining up to take a stab at Apple over this as it's probably the best news the Anti Apple Establishment have had since "Antennagate"

No I am not a FanBoi, I am a realist...

9
19

You haven't met my kids, have you?

Fortunately, still on G4 and G5-vintage boxes, but that won't last forever. We fanbois have been lucky so far, but our luck won't last forever.

6
0
Anonymous Coward

@dr2chase

Erm... and you give your kids non-admin accounts don't you?

In which case - no worries.

2
1
Bronze badge

yes your right

Im full of giggles on this one.

you say "this is the best news for MS fanboi's since antennagate"

you make that sound like it was a long time ago. It wasn't

4
2
FAIL

@AC "Shop Safely"

"Most Mac users I've come across tend not to be application hoarders, they use their beloved Macs quite respsonibly, so: Some photo editing, some Mac Office use, synch their Jesus phones, Fondleslabs and iPods and of course to surf the Interwebs"

So, what you're saying is that "most Mac users [you've] come across" pay a huge market for cobbled hardware and do nothing more than use it as a $300 netbook?

1
1
Thumb Down

@AC "Shop Safely"

I don't mean to be rude, but you've not been anywhere near a university in a sysadmin role from what you say. And I'm not just talking about students either - there are plenty of filthy little warezmonkeys using Fruitmachines as their favoured computing platform, and they will be the ones who get caught by stuff like this.

(I'm pretty sure the software procurement team at the university I work for is aware of this, since they've made a point of ensuring we have a campus licence for Mac AV software...)

1
0
WTF?

odd message seems to be targeted at potential buyers of the malware

What, people BUY malware?

1
0

Yes, they do.

It's a very profitable business. You buy your template malware, customise it to your needs (sending credentials, card details, etc, to your own server) and then release it.

This business model allows criminally minded people with only limited technical know-how to prey on the general public.

1
0
Bronze badge
Happy

Speculate to accumulate!

$15k up front for a package and next thing you have access to a few hundred bank accounts. You get a lot more in return than your initial small investment, of course there's the threat of serious jail time, but hey-ho you can't make an omelette with breaking eggs!

2
0

Title

Don't forget the "antivirus" malware that pushes duff virus protection on you for a fee which is usually a more serious trojan than the initial infection.... you not only pay for the malware but download and install it yourself !

Also possible but unusual is the malare that blackmails you and presents you with the option of paying a free to gain acess to your comp/files again.

How the reg has educated me :)

2
0

Damn

Has this started to be distributed around? I'm fairly sure that I put in my password for something that didn't usually need one the other day...... I'm probably just being paranoid

0
1
Grenade

Paranoid?

Naw, you ARE SCREWED.

1
0
Bronze badge
Coffee/keyboard

odd screenshots

It clearly states in one of them "Do NOT use for illegal purpose"

On http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-in-beta/ at the bottom

0
0
IT Angle

Two things to consider

1. If it's not complete, the author doesn't want to risk it being caught before it's even finished.

2. The author may think a disclaimer like that will cover his ass.

0
0

No Surprises

People in the security industry have known for a long time that Macs are actually LESS secure than Windows boxes. Apple has a serious issue regarding timely patches. Since OSX is basically unix, it is affected by many holes that also affect unix. The big difference is that Apple takes months and months to patch KNOWN vulnerabilities, where other OS vendors can get this done in a matter of days, especially if it is a major hole. Heck, the first machine cracked at the last pwn2own was a mac. The days of security through obscurity better come to an end for Apple, if they want to be taken seriously.

9
7
Stop

Are you joking?

OS vendors patching in a matter of days ? Outside of regular monthly patching cycle ? That must not be Microsoft then but which other OS vendor might have that many serious vulnerabilities ?

4
1
FAIL

And yet, oddly...

...the absence of "timely" patches doesn't seem to be causing problems.

Because it is a false metric used by those trying to drum up trade - with increasing desperation.

2
0
Troll

dear sweet Jeebus...

...I hadn't even noticed that you used pose2own as "evidence".

1
0
Silver badge

pwn2own

Ummm, not to burst your bubble or anything, but I'm pretty sure that both the machines that were breached were attacked through a vuln in Adobe Flash.

But I could be wrong of course.

2
0
Anonymous Coward

Huh ?

"S!ince OSX is basically unix, it is affected by many holes that also affect unix."

Basically ? OS X is certified Unix (TM)

Which holes are you talking about ?

4
0
Troll

"Which holes are you talking about ?"

Well, if it's OS X he's probably talking about 'ass holes' that use it.

8
5
Gates Horns

What?

Said the drone with the Redmond tee-shirt and his pirated copy of Windows 7 - or Mac OS 10.1, as us adults know it.

0
3

Abort / Retry / Fail

Nice to see the Wintards out in such numbers today - Yawn

5
3

Trojans are not viruses

There isn't an OS on the planet that is secure from Trojans. As long as you can trick a user into authorizing a piece of malware, then you're off to the races. UNIX and Linux systems will want a root password to run anything that infects system files, if you enter the password then you're gullible or stupid. Viruses will infect without user authorization. Unix and Linux systems have never really been troubled by viruses because of the need for root passwords to do any damage, and later versions of Windows are also trouble free providing they're kept patched. Trojans are a problem for everyone.

5
1
FAIL

Unix never troubled by malware?

You've apparently never heard of the Morris worm, or privilege escalation bugs in the Linux kernel, among other avenues of attack that have been discovered over the (many, many) years.

2
2
Big Brother

hahahaha...

all your app's are belong to us...

1
0
Stop

Ah...

Sophos has issued it's quarterly "Oh Noes! The End of the WORLD is coming for Mac users" press release, I see.

2
0
Jobs Horns

Fucking brilliant!

We should have realized! It doesn't matter how secure the OS is! All we have to do is trick the naive, trusting users into typing their admin pw... muahahaHAHAHA

2
0
FAIL

All hail ClamXAV 2.

I have had the misfortune to use your "software". I have also had the misfortune to use that of some of your commercial rivals, both on Windows and—when checking out the options—on OS X.

Your software, without exception, did more harm to my computer's performance and usability than any bloody Trojan could hope to do. And you guys want to get *paid* for it too?

Frankly, I'd rather have the trojans.

I then tried ClamXAV 2, which is free. (ClamAV is even bundled in OS X Server). It also takes a refreshing "just do your job and shut the f*ck up" approach to its design, and eschews the tiresome "OH NO! THE SKY IS GOING TO FALL ON YOUR HEADS IF YOU DON'T BUY OUR SECURITY SOFTWARE NOW!" spamvertorials such as that covered in this very article.

(Of course, not being an ignorant computer user, I've never been hit by a virus or trojan on Windows, let alone my Mac. The last time I was hit by a virus was when "ST Format" magazine managed to slip one onto their cover disk!)

Yours,

Me.

3
0

Virus? No. Malware? Yes.

Yes, it's malware. Macs have never been free of malware. Hell, there have been trojans for the Mac since forever. It's why I run stuff like ClamX. Mainly on new downloads.

Is it, however, a self-propagating virus? Nope, it's yet another trojan. Like all trojans, it requires user intervention to install.

Call me when there's a self-propagating virus that doesn't require user intervention to install. THAT would be big news. So far, it's not news I've heard. Will we ever hear it? Oh, probably. But it will be very loud news. If nothing else, the jealous Microsoft shills will make sure everyone hears about it, since they're fighting what, tens of thousands of self-propagating viruses at the moment?

Not including the trojans.

Until then, El Reg, how about less American (or Australian) style fear mongering and yellow journalism and more staid, British stoicism, accurate reporting, and stiff upper lips. Thank you.

3
2
Silver badge
FAIL

Nice shill mate

Never mind that I haven't seen a self-propagating virus on any of the machines that I administer in the past 10 years or so. Trojans and spyware, yes. Proper viruses, no. And that includes quite a few windows boxen.

I'm tired of hearing fanbois raving about "not a virus so not a problem" all the time. Self-propagating, disk-destroying viruses are largely a thing of the past. Modern VXers are out to hoard bots, not to wipe your data, and they use trojans and social engineering. Yes, that require user interaction, even on windows (except if you can smuggle it through insecure channels like FireWire or Thunderbolt... hint hint).

Not saying that the threat level is very high on MacOS just yet, but the "it's not a virus so not a problem" attitude is just plain ridiculous.

1
0
Bronze badge
Jobs Horns

not surprising

It's not surprising there's not many viruses for Macs.

There aren't very many Macs, and even less software for them, so why should viruses be any different.

People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!". Of course, people who actually have work to do that does not involve being called 'Jeremy', having a Hoxton fin and talking about 'getting a brand to re-engage with its core demographic' choose something based on cold hard facts. If Macs were so great, how come the majority of Fortune 500 companies seem not to have come to the conclusion that they're worth basing their business on and continue to use Windows?

Securing any platform is all about setting it up correctly, administering it correctly and training users not to be idiots.

Steve Jobs with horns because there is not a picture of a fanboi with the horn looking at Steve Jobs.

1
8
FAIL

@ cap'n

"People with Macs are curiously proud of their stupidity in paying three times as much for a machine largely based on it being a bit shinier than the standard market fare. "Look how shiny and beautiful it is!"

The thing is though, it seems I am considerably richer than you.

As for Fortune 500 companies, nobody is going to sign off $100,000 of kit when you can get cheap PCs for nowt. You'd also need new staff who are trained in how to use OS X. Where are you going to find them?

By your logic, you'd have to say Rolls Royces were crap because DHL don't use them for deliveries.

0
0
Linux

All software has bugs...

Repeat after me: ALL SOFTWARE HAS BUGS!

Apple and Linux has less of a problem because it is easier to pick on Windows but that does not mean that Apple, Linux, VAX, Android or any other non Windows OS is invulnerable.

Repeat after me: MANY USERS HAVE NO IDEA!

If you don't know what you are doing - and many people clearly do not - then you can seriously get yourself into a mess.

Repeat after me: FOLLOW THE MONEY!

There is a lot of money to be made from stealing bank details, so it's hardly surprising that someone would have a go at Macs.

0
0

Page:

This topic is closed for new posts.