Feeds

back to article Tibetan activists' Macs targeted using trojan-laden MS Office files

A string of booby-trapped Microsoft Office files that plant malware in Apple Macs via rarely abused vulnerabilities have been detected in the wild. The malicious documents were uncovered in a run of spam messages sent by pro-Chinese hackers to Tibetan activists, security tools biz AlienVault reports. It said the assault was much …

COMMENTS

This topic is closed for new posts.
Silver badge
FAIL

Nice of Microsoft...

To bring their own brand of security failings to the Apple platform.

Will they be doing the same for us *nix users?

2
3
Gold badge
FAIL

Re: Nice of Microsoft...

Nice of Apple's O/S to allow malware to be installed to the system by an application. Of course, we may not have the full story.

Usual stuff. If the users are being prompted for admin rights for the malware installation and letting it happen, then there's no story as no O/S is proof against stupidity. If, on the other hand, the O/S is allowing this to happen without complaint, then Apple would appear to have implemented some of M$s legendary failings themselves.

No O/S should rely on applications being bug-free and well behaved for security, there'd be some top-quality FAIL there, if it were the case.

2
0
Unhappy

Re: Nice of Microsoft...

The Mac OS is *nix underneath the GUI veneer.

The backdoor apparently operates in userland, not in root.

Unless you make the user confirm every time a new port is opened for network access, it will be hard to prevent this kind of backdoor.

0
0

Re: Nice of Microsoft...

"Usual stuff. If the users are being prompted for admin rights for the malware installation and letting it happen, then there's no story as no O/S is proof against stupidity. If, on the other hand, the O/S is allowing this to happen without complaint, then Apple would appear to have implemented some of M$s legendary failings themselves."

It's actually a bit of both. This particular strain of malware doesn't prompt for an administration password, but then it doesn't do anything at an OS or kernel level either; it's strictly userland stuff. As with some other Mac malware, like a Trojan that circulated a few years back that masqueraded as a bootleg copy of Microsoft Office but that was actually just an AppleScript that deleted everything in the user's home folder, there's nothing going on that would normally require authentication.

If you have the firewall turned on, that prevents the malware from opening communication with the outside world, which mitigates its effects.

"No O/S should rely on applications being bug-free and well behaved for security, there'd be some top-quality FAIL there, if it were the case."

To be fair, OS X is moving in the direction of greater hardening with each release. The next iteration notifies the user the first time an application runs that isn't digitally signed with a code-signing cert, so in that environment, this particular malware will raise a flag to the user that something hinkey is up.

0
0
Bronze badge
Meh

You would expect

That the Tibetan govt in exile would be using Libre/Open Office to reduce their exposure to these sort of shenanigans, although I suppose they'd be better off with a purposely secure *nix as well, rather than an aestheticly pleasing one.

I'd have never guessed that Microsoft Office lay on the path to enlightenment.

1
0

Who'd have thunk it

Microsoft Word, buggy pile of [insert favourite expletive here], has an unpatched exploit dating back to 2009. Some might even suggest it is deliberate.

0
5
Anonymous Coward

Re: Who'd have thunk it

"an unpatched exploit dating back to 2009"

Two clicks to find the security update dated June 2009. It's not that difficult, do try to keep up.

6
0

Just shows

That if the motivation exists to target a platform, it will be targeted no matter what os you favour...

0
0

The link between Tibetan's and military contractors, seems a little too obvious to me. I'm sure that China grabs any intelligence opportunity that it sees, but so does every other developed country!

If another country was responsible for the attacks and wanted to implicate China, then adding Tibetans to the target list would probably be the first thing I would do.

1
1
Silver badge
Big Brother

@ Greg 16

Yes, but Occam's Rhazor would indicate that somebody in the Chinese Intelligence services is involved. That's probably true, but this could be a false flag operation.

0
0
This topic is closed for new posts.