Lame Mac Trojan limps into view Security researchers have uncovered a rare example of a Trojan that affects Mac PCs. Lamzev-A creates a backdoor on compromised Mac OS-X systems. The malware typically disguises itself as video codec or game on dodgy websites. Mac users hoping to watch a clip from a grumble flick get infected instead, a trick well known from …
Queue a bunch of Mac bashers shouting "see, Macs get viruses too".
Incidentally, I don't see how this malware app can be automatically launched after the .dmg is mounted since Apple added the warning prompt when opening a new application back in 2004, if I'm not mistaken.
BTW there's a good video codec here:
http://dodgy.site.net/codec/rm_minus_rf_slash.sh
"Previous examples of malware able infect Mac systems have included an Apple-variant of a scareware (fake anti-spyware) package and a Trojan, DNsChan-A, that detected whether it was attempting to infect either Windows or Mac systems before running the appropriate infection routine."
That's not quite correct; to my knowledge, no single binary file exists which detects the host platform and then 'runs the appropriate infection routine.' Instead, what happens is that the Web site hosting the malware detects the platform (by looking at the browser's user agent), then downloads either a Windows executable or a Mac/Linux shell script.
The article also does not make clear that this malware and 'the earlier RSPlug Mac Trojan' are one and the same; the malware is variously called OSX.DNSchanger.A, OSX.RSplug.A, OSX.RSplugin.A, or OSX/Zlob. It's different in structure but identical in function to the Windows Zlob malware, and almost certainly originates from the same group. The OS X version is actually a generic *nix shell script that creates a root crontab on any *nix variant, which runs every two minutes and changes the system's name servers to hostile name servers in Eastern Europe; as you may imagine, it requires that the user type in an administrator password on OS X or a root password on Linux/Unix in order to do its work.
Trend Micro seems to be playing it up as a major threat. I guess the dearth of any real threats (so far) to the Mac platform has made them rather desperate to find anyone willing to purchase their (so far) rather useless software?
@david kelly: LOL. Although shouldn't that be: sudo_rm_minus_rf_slash.sh?
A grumble flick is a form of video based entertainment that allows men to pleasure themselves without excessive use of their imagination. A blue movie or skin film in other words. Rather than relying on the Urban Dictionary, I suggest you pick up a copy of Rogers' Profanisaurus (Amazon probably stock it).
Really? That's the best malware people can do?
Why not just have them download a dodgy shell script file that changes the root password and runs some IRC bot? If people are stupid enough to run a random program from a porn site you don't really need to get clever about it. Just prompt for the admin password in the normal way and users will provide it without question.
Seems like a lot of work to find some vulnerability in the OS or Browser when you can rely on the stupidity of the user to be far more consistent (and un-patchable).
... also include, if my memory is anything to be relied on, the first computer virus. Ever.
Macs used to be somewhat spared by the malware developers because:
- no-one had a Mac (except for hackers in the Good old days of the Apple ][, but it would have been silly to aim at this target)
- it was a specific architecture
- and finally, the OS security settings by default were marginally better than on Windows
But now that the clueless crowd of yuppies jumped on Macs like frogs on a red rag, now that Macs are really Intel PCs, and now that security has been banned from the OS, we'll see more and more of that.
Now where is the "smirking BeasTux" icon when we need it?
David, I really don't see what the, erm, collection of words you linked to has anything to do with my comment. In the middle of the laughingly inaccurate load of spin, I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant. Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. *owning* a mac might be safer for now -against blind, bulk attacks at least-, but the machine itself isn't. MacOS' default security settings used to be a bit less moronic than Windows' ones, but M$ upped its game a bit and MacOS went downhill, so it's pretty much reversed now. And that's saying something. From up here, they look the same anyway. "BeasTux" is still smirking.
Dr Patrick J R Harkin, what word did you not understand? Frogs tend to jump on red rags, really. Though you might have to be from a muddy, froggy area to know that.
Red flames icon, grilled frog legs for dinner!
"I spotted a passage saying that the use of Intel CPUs wouldn't make the Macs vulnerable to specific, preexistant MS app-targetted malware, but that's both obvious and completely irrelevant"
Sure, so why did you say in your first message:
"now that Macs are really Intel PCs, ... we'll see more and more [Mac malware]."
"Repeating "Macs are safer because almost no-one cared to develop malware aimed at them" endlessly (which is what the POS you linked to does) might be factually correct for the end luser, but it's still flawed. "
No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux.
Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !
"Sure, so why did you say in your first message: "now that Macs are really Intel PCs, ... we'll see more and more [Mac malware].""
Because the article and my post are clearly and specifically about *new* malware. It's obvious that Safari is immune to MSWord macro viri, but it doesn't make it secure.
"No, the article specifically says it's harder to write OS X malware than Windows malware because of the UNIX underpinnings,, and the same applies to Linux."
The article you linked to ALSO says that. Which is a load of bullcrap anyway. Being initially, a long time ago, based on a BSD kernel doesn't make it more or less secure. All Linux distros are based on the same kernel, but some are tougher than others. Same for BSD distros. And re-read it, you will find a lot of the "Macs are more secure because there are no malware targetting them in the wild" flawed circular logic.
"Explain how OS X is gone "downhill" security wise? Leopard is more secure than Tiger !"
I do not know about specific felines, but I can assure you that all the OSX machines I've seen are in the single-user-with-full-admin-rights configuration. With auto-mount and auto execute for external media on. Good default settings, ain't it?
Your semantics is good, but there is an even better reason to say "Mac PC": Macs are now Intel-based PCs. Same as Dells, but with a different logo on the box. The Mac vs PC distinction is made for/by clueless people who really mean MacOS vs Windows but couldn't tell the difference between hardware and software to save their lives. Reminds me of this old lady from Morocco who despised Africans (it meant "black people" for her).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
