Welcome to the MacNN Forums.

Jordan · Jun 14, 2008, 10:17 AM

Had a quick look and didn't find too much about this on the forums....

Now normally people warn you about trojans but say you only get them if you are trying to find nasty pictures of Britney or hand around porn sites. However, this is not true.

Just today I did a Google search for an article on Genepax (the company that has developed a water powered vehicle). On the first page of articles was a link. Clicking on that link said that you need an active X component to view the article. It then prompted you to download a file 1023.dmg which inside contained an installer. Had I not been suspicious and checked it out a bit further or had I had a little less experience on a computer I might have been tempted to install this plug-in. Further detailed inspection showed that this is a trojan horse that from what I can tell changes DNS entries and points you towards a server that contains phishy versions of real sites.

Not sure if there is any way to protect the general public from things like this. I'd welcome any suggestions that I can pass on to my Mac friends that aren't as savvy.

Cheers,

Jordan

TETENAL · Jun 14, 2008, 10:27 AM

F-Secure Malware Information Pages: Trojan:OSX/DNSChanger

chabig · Jun 14, 2008, 10:57 AM

Considering that Active-X is a known entry point for malware, and that Active-X doesn't run on Macs, there would be no reason at all to click the link.

ghporter · Jun 14, 2008, 11:02 AM

Originally Posted by chabig

Considering that Active-X is a known entry point for malware, and that Active-X doesn't run on Macs, there would be no reason at all to click the link.

You and I know that, but does your average Joe Macuser? Probably not. While this is still not "the end of the Mac world as we know it," it does show that someone is really interested in messing with Macs. And as we're typically a very trusting lot, we probably are, as a group, going to take a hit on this.

I really wish more people took this sort of thing more seriously. Safe surfing just means not believing every link is going to give you pictures of Angelina or free software. Why would anyone who could easily SELL this sort of thing want to give it away? That's right, it's an offer that's "too good to be true," and should be treated the same way as all other such offers: ignore it.

red rocket · Jun 15, 2008, 07:29 AM

Perhaps somewhat loosely related, I was surfing for porn the other day, and some site tried to port scan me. NetBarrier’s antivandalism features blocked the attempt and put the host in a stop list, this is the first time I ever needed that feature.

Horsepoo!!! · Jun 15, 2008, 07:40 AM

Yes, that trojan horse is very real. There's practically nothing that can be done to stop a trojan horse since it's relies on social engineering. The only thing I can tell people is that you should never, ever install anything that was downloaded from a porn or warez site. Especially something that was 'pushed' to the user by being a 'recommended' or a 'mandatory' download. If OS X can't open a video file with Perian installed and with Flip4Mac installed (or otherwise typically an MPEG file or a WMV file), then you shouldn't bother with it. If QuickTime with Perian and Flip4Mac can't recognize a file, it's most likely malware.

This is what I tell everyone now: "Don't even try to find a way to open files that aren't recognized by OS X with Perian and Flip4Mac installed. And don't even bother with files that are being pushed to you by a sketchy website such as a porn site or warez site."

Ozz_man · Jun 15, 2008, 10:45 AM

I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.

Veltliner · Jun 15, 2008, 01:05 PM

Originally Posted by red rocket

Perhaps somewhat loosely related, I was surfing for porn the other day, and some site tried to port scan me. NetBarrier’s antivandalism features blocked the attempt and put the host in a stop list, this is the first time I ever needed that feature.

What's NetBarrier? Is it recommended to use with your firewall on os X?

Hal Itosis · Jun 15, 2008, 04:57 PM

Originally Posted by Jordan

Now normally people warn you about trojans but say you only get them if you are trying to find nasty pictures of Britney or hand around porn sites. However, this is not true. Just today I did a Google search for an article on Genepax (the company that has developed a water powered vehicle). On the first page of articles was a link. Clicking on that link said . . .

One of the interesting things here is not simply the trojan itself, but the way that it's "marketed."

As you indicated, you weren't hanging around the dark nether-regions of the web... but googling
for some clean technology. The black hats setup keywords to "poison" Google searches, and these
special pages they design will not load when accessed directly... but only when referred via Google.

One of the regulars over at MacFixIt did a lot of research on this, and more info is available here:

@pplejaxkz · Jun 15, 2008, 05:03 PM

Originally Posted by Ozz_man

I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.

I sadly agree, but I am going to try and do my best to be as optimistic about it as I can.

red rocket · Jun 16, 2008, 05:55 AM

Originally Posted by Veltliner

What's NetBarrier? Is it recommended to use with your firewall on os X?

It’s a commercial 3rd party firewall/data-filter/banner-filter/application-and-trojan-filtering/information-hiding application I use instead of the built-in firewall. Not entirely happy with it, the kernel extension has caused some problems in the past, but it’s the only firewall I’m aware of that can get me a ‘full stealth’ rating on those internet firewall test sites. I’m paranoid.

ghporter · Jun 16, 2008, 09:22 AM

Originally Posted by red rocket

...but it’s the only firewall I’m aware of that can get me a ‘full stealth’ rating on those internet firewall test sites. I’m paranoid.

Fully stealthed is not easy to do; I'm impressed. Can't blame you for being paranoid, either. I used to be paranoid about computer security for a living.

Big Mac · Jun 16, 2008, 06:12 PM

It would be pretty cool if Apple could use Installer.app to start blacklisting known malware installers.

jmiddel · Jun 16, 2008, 11:38 PM

It would be pretty cool also if Apple could imbed in Installer.app a malware sniffer, which could be updated as needed through Update. Or is that somehow not possible?

Big Mac · Jun 17, 2008, 12:43 AM

Originally Posted by jmiddel

It would be pretty cool also if Apple could imbed in Installer.app a malware sniffer, which could be updated as needed through Update. Or is that somehow not possible?

Correct me if I'm wrong, but isn't that essentially what I said in the post previous to yours?

ghporter · Jun 17, 2008, 07:13 AM

Originally Posted by Big Mac

Correct me if I'm wrong, but isn't that essentially what I said in the post previous to yours?

Almost, but not quite. He added a "sniffer" idea, which ain't bad. If there were enough anti-OS X malware out there to build a sniffer around, it might be a decent idea. Instead, all the installer would have to do is look for a handful of signatures (at the moment, anyway).

Oh, and this composite idea is a fair description of the Microsoft Malware Removal Tool that goes out monthly to Windows users with "automatic updates" selected. I guess they need it a lot.

Cottonsworth · Jun 18, 2008, 03:36 PM

Once a trojan has compromised a Mac, can Norton Anti-Virus pick it up? If not, how do we routinely scan our machines to make sure they have not been compromised?

ghporter · Jun 18, 2008, 06:03 PM

That would depend on whether the trojan could disable Norton, which is a favorite trick of the Windows bug writers. But the way OS X is built is so different from Windows, and the potential for malware to change an installed app is very small. This one we're discussing, is probably not even worth "scanning" for since you can flush your DNS cache with a simple command on the command line.

mkerr64 · Jun 18, 2008, 06:18 PM

so, what is the best way of removing one?

Big Mac · Jun 18, 2008, 06:28 PM

Did you run it?

jmiddel · Jun 18, 2008, 08:56 PM

Big Mac, sorry I misunderstood you, I thought you were talking about just blocking downloads from known hacker sites, not building a virus protection into installer.app. Well, great minds think alike, neh?

ghporter · Jun 18, 2008, 09:30 PM

Originally Posted by mkerr64

so, what is the best way of removing one?

Removing a trojan depends on its code. It may insert code in other places, change settings, etc. Not that this is particularly probable in OS X, but it's the major pain in getting rid of them in Windows environments. In OS X, I think it would be a matter of figuring out where it has hidden itself and trashing it.

s2mcpaul · Jun 23, 2008, 12:58 PM

Originally Posted by Ozz_man

I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.

Here's the kicker, there is no real significant increase in market share in the os market!!! Switching costs are too high for the majority of users and businesses.

Chuckit · Jun 23, 2008, 03:58 PM

Originally Posted by s2mcpaul

Here's the kicker, there is no real significant increase in market share in the os market!!! Switching costs are too high for the majority of users and businesses.

Doubling is not significant?

Big Mac · Jun 23, 2008, 06:54 PM

mcpaul must have been in a cave for the last four years, or else he is trying to troll.

Luca Rescigno · Jun 23, 2008, 07:41 PM

Nearly all malware problems, on both Windows AND OS X, are caused by clueless lusers clicking random links in search of free plasma TVs, MP3 downloads, iPods, and porn. I've been using Windows Vista for months and I haven't had any problems at all, but that's almost certainly because I'm not an idiot, not because Windows is such a secure OS.

Big Mac · Jun 23, 2008, 07:52 PM

Originally Posted by jmiddel

Big Mac, sorry I misunderstood you, I thought you were talking about just blocking downloads from known hacker sites, not building a virus protection into installer.app. Well, great minds think alike, neh?

Certainly, great minds think alike.

s2mcpaul · Jun 24, 2008, 01:47 PM

Originally Posted by Big Mac

mcpaul must have been in a cave for the last four years, or else he is trying to troll.

I don't expect most people to be well informed. You forget Microsoft doesn't make computers their focus is on software. Apple is spread too thin and have too many big competitors to deal with. Microsoft has a huge advantage in the form of switching costs. Most people do not and will not take the time to switch from windows to osx, even less businesses. Apple, I love the product but its not a great business in economic terms. Please don't try to argue this one, if you do make sure you get your facts straight first.

Applications

Source: Net Applications

share.jpg

Luca Rescigno · Jun 24, 2008, 02:09 PM

Two things:

1. What is the source of that data? That's obviously not worldwide market share, where Apple has never really made any headway. Is it US market share? US non-business market share?

2. Why is the iPhone listed as a separate OS? The iPhone is not a computer replacement. Nearly everyone who owns an iPhone is also a user of either Windows, Mac, or Linux.

Chuckit · Jun 24, 2008, 02:26 PM

Originally Posted by s2mcpaul

I don't expect most people to be well informed. You forget Microsoft doesn't make computers their focus is on software. Apple is spread too thin and have too many big competitors to deal with. Microsoft has a huge advantage in the form of switching costs. Most people do not and will not take the time to switch from windows to osx, even less businesses. Apple, I love the product but its not a great business in economic terms. Please don't try to argue this one, if you do make sure you get your facts straight first.

Are you high? There are very few tech companies that would not like to be in Apple's economic position. Its market cap is $154 billion — that's higher than Intel and way higher than, say, Dell. Where most companies are struggling to stay afloat, Apple is soaring.

Originally Posted by s2mcpaul

Applications

Source: Net Applications

That chart shows Apple's market share growing about 1/3 in a year. 2% of the entire market. In one year. That ain't shabby.

s2mcpaul · Jun 24, 2008, 03:18 PM

ugghhh.

Look economic attractiveness is not determined by the market cap, that is a consensus of emotions, rarely economic facts. The fact is that because Apple is spread out in Computer hardware, software publishing to a lesser and lesser extent, retail, etc. they have only so many resources and there are companies that can devote huge amounts to single areas like intel and microsoft. Trying to compete with many only in part does not lead to attractive returns. If you want the fundamental reason however why Apple is not an economically attractive business it is because the amount of reinvestment that they must spend each year just to stay in business is enormous. Were reinvestment to decline, so too would apple until they were either dead or bought out. So as an owner more and more money is put into the business with little to none available for you to take out. There is nothing attractive about that.

You might take $100 and earn say $10. You might then borrow another $100 and now earn $20 but there is nothing economically attractive about this.

rem · Jun 24, 2008, 03:22 PM

Any developer or script kiddie could write a program for any OS at this level of trickery (which is very low). I could write a script that deletes you entire HD in one line of code, upload it to a webserver and call its something that sounds interesting to try -- but if you have 1/2 a brain you won't trust it. There is really nothing more Apple or any OS maker can do at this level to help people who would trust such a download other than to try to educate you, which is what Leopard's warning does each time before actually running newly downloaded executables. I really don't see what more Apple could do about it short of taking away a user's right to change their own system.

Big Mac · Jun 24, 2008, 03:48 PM

Originally Posted by s2mcpaul

You might take $100 and earn say $10. You might then borrow another $100 and now earn $20 but there is nothing economically attractive about this.

Say what now? You're not even making any sense. You say there's nothing attractive about Apple's business model? You're just a troll, nothing more.

s2mcpaul · Jun 26, 2008, 08:11 PM

You don't have to agree with me. In fact you could just buy lots of stock in apple. While your at it buy some google (which I dislike for other reasons.)

Sorry to the person who started this post, I didn't mean to distract people from the questions you were trying to get answered.

Someone start a new thread and pm me if you want to continue this conversation regarding businesses.

bballe336 · Jun 26, 2008, 08:31 PM

Originally Posted by s2mcpaul

You don't have to agree with me. In fact you could just buy lots of stock in apple. While your at it buy some google (which I dislike for other reasons.)

Sorry to the person who started this post, I didn't mean to distract people from the questions you were trying to get answered.

Someone start a new thread and pm me if you want to continue this conversation regarding businesses.

You claimed there was little significant gain in apple's OS market share, then you posted a graph proving otherwise. I don't think anyone would agree that what you said makes much sense.

s2mcpaul · Jun 27, 2008, 10:00 PM

Originally Posted by bballe336

You claimed there was little significant gain in apple's OS market share, then you posted a graph proving otherwise. I don't think anyone would agree that what you said makes much sense.

hmm. please explain how the graph shows otherwise. That is unless your claim is that a 1-2% increase in market share is significant relative to a competitor that has 90%+ market share. I would then disagree with your definition of significant.

bballe336 · Jun 28, 2008, 12:16 AM

Originally Posted by s2mcpaul

hmm. please explain how the graph shows otherwise. That is unless your claim is that a 1-2% increase in market share is significant relative to a competitor that has 90%+ market share. I would then disagree with your definition of significant.

That much gain in a year is fairly significant. Yes it is only 1.83% up in overall market share, but thats a large increase in the amount of apple users. Also when you take into account how small apple's market share is that really is quite a large gain.

s2mcpaul · Jun 30, 2008, 04:24 PM

Originally Posted by bballe336

That much gain in a year is fairly significant. Yes it is only 1.83% up in overall market share, but thats a large increase in the amount of apple users. Also when you take into account how small apple's market share is that really is quite a large gain.

You have cited the central reason for all of the arguments I have made. A large gain of Apple, but not in terms of the big picture which gets back to what I said above, that they are spread over a bunch of different areas and that serves only to drive down profitability. They have made a few changes that may help them (e.g. Intel) but they are far from reaching a level that any well informed investor would label as attractive, economically.

Look I'm not negative on apple, I love apple and I, if things stay the same, would never consider changing back to windows. But the fact remains that Microsoft is not the single competitor of Apple and as far as operating systems go it is very clear that Microsoft will continue as the os of choice by the average person. While stupid, it is however understandable given human nature and other factors as discussed above.

bballe336 · Jun 30, 2008, 08:03 PM

Originally Posted by s2mcpaul

You have cited the central reason for all of the arguments I have made. A large gain of Apple, but not in terms of the big picture which gets back to what I said above, that they are spread over a bunch of different areas and that serves only to drive down profitability. They have made a few changes that may help them (e.g. Intel) but they are far from reaching a level that any well informed investor would label as attractive, economically.

Look I'm not negative on apple, I love apple and I, if things stay the same, would never consider changing back to windows. But the fact remains that Microsoft is not the single competitor of Apple and as far as operating systems go it is very clear that Microsoft will continue as the os of choice by the average person. While stupid, it is however understandable given human nature and other factors as discussed above.

Apple is making the only other non-open source OS that is really competing with windows. If apple's market share has grown 2% then microsoft's has dropped at least that much (probably more due to the increasing use of many linux distros). They are spread thin, but almost every product they release is a hit, microsoft hasn't made a product that really took off in years.

I understand that apple's business model isn't the greatest, but I'd still say they are more attractive than microsoft who continues to release products that flop over and over. Thats just how it appears to me, I don't follow the stocks all that closely.

s2mcpaul · Jul 3, 2008, 12:35 PM

Originally Posted by bballe336

Apple is making the only other non-open source OS that is really competing with windows. If apple's market share has grown 2% then microsoft's has dropped at least that much (probably more due to the increasing use of many linux distros). They are spread thin, but almost every product they release is a hit, microsoft hasn't made a product that really took off in years.

I understand that apple's business model isn't the greatest, but I'd still say they are more attractive than microsoft who continues to release products that flop over and over. Thats just how it appears to me, I don't follow the stocks all that closely.

I'm sorry but when you have 90%+ market share with captive customers in terms of the money earned on money invested, Microsoft wins. the 90%+ never learn that Apple's operating systems are superior. Its like that saying, if a tree falls...