Feeds

back to article Mac malware uses Windows-style PDF camouflage ruse

Mac malware creators are adopting Windows malware camouflage trickery in a bid to trick users into running their malicious creations. Boobytrapped PDF files have long been a problem for Windows users. The OSX/Revir-B Trojan reapplies this approach towards Mac fans, who may be less familiar with the ruse. The malware payload is …

COMMENTS

This topic is closed for new posts.
FAIL

writes new custom malware

then submits it to virustotal... MAJOR FAIL.. duh..

6
0
Silver badge
Facepalm

Even worse...

"Mistakes in the code means that the malware fails to execute"

Guess he needs a job at HP, Yahoo! or Nokia...

5
1
Anonymous Coward

"the malware fails to execute"

Perhaps they wanted someone to fix it for them?

4
0
FAIL

It's not really malware if it doesn't work

0
0
Linux

OK, so it tricks the user into running it, pretends to show a document and then tries ( and fails) to install a back door... What do you call this? other than a steaming pile of fail???

Linux because a) i use it and b) because it wouldnt suffer from such a vulnerability (executables downloaded from the internet have to be marked as executable but the user; any attempts to run it otherwise warns the user that it is infact a program, and refuses to run)

0
5
WTF?

Fails to execute?

This malware is broken, and was submitted to virustotal... So who says it was really malicious? It may simply be someone testing.

0
0

I still belive

That the first major virus to screw over major swaths of linux and Mac computers will be due to an adobe product .

7
0
Silver badge

"over major swaths of linux"

Well on my OpenSuse installations neither Firefox or Thunderbird will allow executables to run by just clicking and even if you save the file it's set as non-executable so you really have to have a death wish to run an unknown binary. It doesn't matter at all what the extension is.

It is possible to have FF etc set to run interpreted files if you really, really want to.

1
0
FAIL

to the above...

executable bits and such won't apply to an Adobe vulnerability

0
0
Boffin

No fan of adobe but

Its a long time since PDF was an adobe product

Its been a free spec for ver 10 years and an open standard since 2008

0
0
Silver badge

"executable bits and such won't apply to an Adobe vulnerability"

They will on my system 'cos there's no Adobe.

0
0

I presume that when you try to open this 'PDF' the Mac will put up the standard 'this is is a program you have downloaded from the internet - you are abouttorunit for the first time - are you sure you want to run it?' alert.

4
0
Facepalm

It probably does, but then so has Windows for ages now and it still doesn't stop people from clicking Yes.

4
0
Bronze badge

You presume correctly

...and when asked this question, I always tell MacOS, basically, "yes, go ahead; I downloaded this on purpose, I know what it is and have LittleSnitch running in case it tries to pull any funky shit."

So far, no problems. LittleSnitch is my friend.

0
0

I've run into similar before on Mac...

And what happens is that before it runs, MacOS detects the application and put up its standard warning of "[xxxx] is an application that was downloaded from the Internet. Are you sure you want to run it?" Easy way out? click "no"

0
0
Linux

I still prefer the linux way. The user has to deliberately mark the file as executable, and instead of giving you the option in a dialogue box, you have to go into the properties section of the file to set it to execute. People click yes without thinking, this gives the user more time for thought

2
3
FAIL

Yes, but...

Another reason the lay computer user can't/won't use Linux. If they download their lovely Chrome installer, how are they going to know they have to go into the properties and mark the file as executable? Perhaps have a helping info page "You're running Linux! Let me show you how you can run this program. Oh, you're running XFCE? Here's the instructions. Oh, Gnome, here's the OTHER instructions. Unity? Bah, open a terminal window (if you know how, or hit ctrl+alt+F2), and do a chmod u+x on the file (if you know where it is, likely somewhere in your ~ folder), then open it."

More secure? Sure. It just saves people from themselves because it doesn't hold their hand while walking them into an oncoming train.... But only 25% of /actual computer users/ would even be able to use it to a decent degree.

I do give Apple credit at making a *nix box that is at least usable by the masses. I just don't like their "culture."

5
2

True

And it's much more secure that way.

It's also one of the reasons Linux is perceived to be less user-friendly. Can't have it both ways!

2
0
Bronze badge
Mushroom

re: Yes, but...

"Another reason the lay computer user can't/won't use Linux. If they download their lovely Chrome installer, how are they going to know they have to go into the properties and mark the file as executable? Perhaps have a helping info page 'You're running Linux! Let me show you how you can run this program. Oh, you're running XFCE? Here's the instructions. Oh, Gnome, here's the OTHER instructions. Unity? Bah, open a terminal window (if you know how, or hit ctrl+alt+F2), and do a chmod u+x on the file (if you know where it is, likely somewhere in your ~ folder), then open it.'"

We're strictly a Mac house here, but when reinstalling a proper licensed copy of Photoshop on my wife's MacBook after she had the hard drive restored, I got pissed off at Adobe's Internet-based product activation bullshit -- I was able to work around it, but it still pissed me off -- and downloaded a copy of Gimp for her to use instead. However, I'd forgotten that being originally a Linux app, it needed to run in an emulated environment (X10) on the Mac. So, a little while later, the wife calls me downstairs, all flustered, asking me "What's this 'X10' thing that starts up every time I go to use Gimp?" After a moment's pondering, I remember what the deal is with X10, and comment "Gimp is open-source, originally for Linux, so it needs to be sandboxed; that's why it needs to run inside X10." My wife's head damn' near exploded when I said that. "Sandboxed? What the hell are you... shit, give me my Photoshop back!"

So, yeah, you do make a point about Linux being more secure, not to mention having all sorts of other awesomeness, but, still... it's not quite ready for my wife, who, unlike me, doesn't enjoy checking out weird apps or mucking about under the hood of her OS or self-educating about computers and networks at all, and just wants her computer to run so she can get her goddamn' work done.

As far as "Apple culture" goes... yeah, I'm down with you on that. I've been using Macs since '85, because of the way they simplified everything I could do with a computer, and made my work -- graphic design and illustration -- much less a pain in the ass than it was when I first started out with cold type galleys, hot wax, Rapidographs and razor blades... but even back in the day, I had to deal with that effete yuppie snob attitude that oozed so heavily out of so many Mac users that at user group meetings, I always wound up hanging out with all the old Apple II geeks.

Nuclear blast icon, to illustrate what my wife's head did when I tried to explain "sandboxing" and "emulation" to her.

0
0
Silver badge
Linux

Oh the humanity.

The idea that clicking on a checkbox is such a horrible burden for the poor user is why Windows became such a mess.

Hopefully MacOS is less stupid about this sort of thing.

0
2
WTF?

Uncommon on Linux

Of course, on most (all?) Linux distros you don't tend to download executables via a web browser. The vast majority of software is installed via the fairly secure apt-get mechanism (or equivalent), in a similar manner to the walled-garden app stores now becoming so popular elsewhere. So actually most new users are very unlikely to end up having problems not being able to run stuff they've just downloaded via a web browser, because they simply don't need to in the first place.

1
1
Silver badge
Devil

Scary Nonsense

> So, a little while later, the wife calls

> me downstairs, all flustered, asking

> me "What's this 'X10' thing that starts

> up every time I go to use Gimp?" After

> a moment's pondering,

...you say something kind of stupid.

Some suggested alternatives:

1) Don't worry about it dear.

2) Gimp needs it to run

3) This is one of those "Unix" things. MacOS is a Unix remember?

0
0
Silver badge
Linux

How are they going to know

> how are they going to know

I dunno. Mebbe they use that mouse pointer thing to poke around the system and try to see if there's anything useful they can find.

If you aren't going to expect the users to discover and learn things on their really isn't any point to shiny happy user interfaces at all.

0
0

This post has been deleted by a moderator

Anonymous Coward

Ivan Idea

No execution allowed by the GUI shell of anything under a user directory unless its under ~/bin or ~/Applications or "~/Program Files" (stupid name with space).

"Open" and "run" are too close to each other in concept in GUI. Download a pdf, click, yes of course I want it open..

Better to bring up either an associated application or an "open-with..." dialogue if it is outside one of these directories. This only needs to apply to files under a user directory. So, to execute something you have to move it to your local executables directory first.

Oh yes, and *always* display the full file name. Doesn't even windows have Read and Execute permissions these days? It's time to ditch DOS.

0
0
Bronze badge

Luckily for me...

...I read the Reg regularly, and am up on all the malware social-engineering and other shams, having first seen them pulled on Windows users. Also, I've been using Macs almost exclusively since 1985, and can remember when the first viruses were spotted in the wild -- running on MacOS. So, this shit ain't exactly big news to me.

1
2

This post has been deleted by a moderator

time to wake up

For years Mac users have been smug with the knowledge that their chosen platform doesn't suffer the problems their fellow Microsoft cousins have.

But this has all changed, they now have to face reality and accept that there's malware that could possibly, maybe, at best target their system, but provided only that they were stupid enough and if the malware had been written properly.

Game over man, game over!

1
1

In my experience Mac users are dumb enough to the point it amazes me they even know how to turn them on. For example that 'Mac Defender' thing that went around. Don't you think if Apple had released some new software, particularly something like security software they would have made a big deal to make sure they got max sales out of it? It would make sense as security is a big thing these days.

I have a friend who works on Apples Tech support in Newcastle and he said that the amount of calls they got from people about that was unreal. People actually thought Apple was responsible and actually expected Apple to compensate them for THEIR stupid mistake.

1 word comes to mind - IDIOTS!

1
0
This topic is closed for new posts.