Rare Mac Trojan exploits Apple vuln

Infection process

OK, I just e-mailed a compiled script to my father's mac to see what process he had to go through to even get it on his machine.

First of all, his e-mail account blocked the attachment, so we had to tweak his settings to allow the attachment to come through at all, without resorting to compressing it and hiding it inside another file format, which would have added an additional user required step.

Once I managed to get an e-mail in his inbox containing the attachment, he couldn't just run it. The Mac made him save it to a file first, and bitched about the message containing an active program, promting a warning.

Then, running the batch, per the notes online, actually runs an installer, which prompts for a keychain password... Well, most folks in a company that use ARD have administrative rights in place to prevent application installs, and user acounts typically don't have admin permissions in the keychain anyway.

I'm sure there are a select few idiots who may have allowed this exploit to actually get on theitr machine. People in firms with clueless admins who have both a lack of knowledge and a wealth of money (ARD isn't cheap, and the need for a mac server to run it on doesn't make it any easier), are the only targets for this attack. I don't call this a virus or a trojan, I call this due reward for stupidity, aka natural selection. If you're so both innept to be able to stop it, and gullable enough to follow through with it, you DESERVE to be hacked. (I'd prefer you to not be permitted online in the first place!)

Even my father, who I had to walk through printing his address book last week, knows enough to never download a file, even from someone he knows, unless he's expecting to get it for some reason, and then any file that asks for a keychain password is something to question a second time...

When they come out with a virus that can infect a mac that is in a standard state (root not enabled, firewall on, etc) without any user action, then we'll call it insecure. Mac users fall to social hacking just as easy as anyone else, but phishing atacks and other social tricks aside, there's no real way to infect a mac that has yet been discovered. (unlike a PC, where simply connecting to the net is enough).


Back to the forum