Tibetan activists' Macs targeted using trojan-laden MS Office files A string of booby-trapped Microsoft Office files that plant malware in Apple Macs via rarely abused vulnerabilities have been detected in the wild. The malicious documents were uncovered in a run of spam messages sent by pro-Chinese hackers to Tibetan activists, security tools biz AlienVault reports. It said the assault was …
Nice of Apple's O/S to allow malware to be installed to the system by an application. Of course, we may not have the full story.
Usual stuff. If the users are being prompted for admin rights for the malware installation and letting it happen, then there's no story as no O/S is proof against stupidity. If, on the other hand, the O/S is allowing this to happen without complaint, then Apple would appear to have implemented some of M$s legendary failings themselves.
No O/S should rely on applications being bug-free and well behaved for security, there'd be some top-quality FAIL there, if it were the case.
"Usual stuff. If the users are being prompted for admin rights for the malware installation and letting it happen, then there's no story as no O/S is proof against stupidity. If, on the other hand, the O/S is allowing this to happen without complaint, then Apple would appear to have implemented some of M$s legendary failings themselves."
It's actually a bit of both. This particular strain of malware doesn't prompt for an administration password, but then it doesn't do anything at an OS or kernel level either; it's strictly userland stuff. As with some other Mac malware, like a Trojan that circulated a few years back that masqueraded as a bootleg copy of Microsoft Office but that was actually just an AppleScript that deleted everything in the user's home folder, there's nothing going on that would normally require authentication.
If you have the firewall turned on, that prevents the malware from opening communication with the outside world, which mitigates its effects.
"No O/S should rely on applications being bug-free and well behaved for security, there'd be some top-quality FAIL there, if it were the case."
To be fair, OS X is moving in the direction of greater hardening with each release. The next iteration notifies the user the first time an application runs that isn't digitally signed with a code-signing cert, so in that environment, this particular malware will raise a flag to the user that something hinkey is up.
That the Tibetan govt in exile would be using Libre/Open Office to reduce their exposure to these sort of shenanigans, although I suppose they'd be better off with a purposely secure *nix as well, rather than an aestheticly pleasing one.
I'd have never guessed that Microsoft Office lay on the path to enlightenment.
The link between Tibetan's and military contractors, seems a little too obvious to me. I'm sure that China grabs any intelligence opportunity that it sees, but so does every other developed country!
If another country was responsible for the attacks and wanted to implicate China, then adding Tibetans to the target list would probably be the first thing I would do.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
