|
|
Nasty trojan written for Mac OS X
|
|
|
|
Dedicated MacNNer
Join Date: Jun 2001
Location: Paris, France
Status:
Offline
|
|
Had a quick look and didn't find too much about this on the forums....
Now normally people warn you about trojans but say you only get them if you are trying to find nasty pictures of Britney or hand around porn sites. However, this is not true.
Just today I did a Google search for an article on Genepax (the company that has developed a water powered vehicle). On the first page of articles was a link. Clicking on that link said that you need an active X component to view the article. It then prompted you to download a file 1023.dmg which inside contained an installer. Had I not been suspicious and checked it out a bit further or had I had a little less experience on a computer I might have been tempted to install this plug-in. Further detailed inspection showed that this is a trojan horse that from what I can tell changes DNS entries and points you towards a server that contains phishy versions of real sites.
Not sure if there is any way to protect the general public from things like this. I'd welcome any suggestions that I can pass on to my Mac friends that aren't as savvy.
Cheers,
Jordan
|
iPod Photo 60GB + 1Gb iPod Shuffle + iPod/3G/15GB + iPod Mini (Silver)
24" iMac 2.8Ghz/2GB/SuperDrive
Mac mini 1.66Ghz Intel Core Duo/1GB/SuperDrive + iPod Nano (Black)
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status:
Offline
|
|
Considering that Active-X is a known entry point for malware, and that Active-X doesn't run on Macs, there would be no reason at all to click the link.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by chabig
Considering that Active-X is a known entry point for malware, and that Active-X doesn't run on Macs, there would be no reason at all to click the link.
You and I know that, but does your average Joe Macuser? Probably not. While this is still not "the end of the Mac world as we know it," it does show that someone is really interested in messing with Macs. And as we're typically a very trusting lot, we probably are, as a group, going to take a hit on this.
I really wish more people took this sort of thing more seriously. Safe surfing just means not believing every link is going to give you pictures of Angelina or free software. Why would anyone who could easily SELL this sort of thing want to give it away? That's right, it's an offer that's "too good to be true," and should be treated the same way as all other such offers: ignore it.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2002
Status:
Offline
|
|
Perhaps somewhat loosely related, I was surfing for porn the other day, and some site tried to port scan me. NetBarrier’s antivandalism features blocked the attempt and put the host in a stop list, this is the first time I ever needed that feature.
|
|
|
|
|
|
|
|
|
Banned
Join Date: Jun 2003
Status:
Offline
|
|
Yes, that trojan horse is very real. There's practically nothing that can be done to stop a trojan horse since it's relies on social engineering. The only thing I can tell people is that you should never, ever install anything that was downloaded from a porn or warez site. Especially something that was 'pushed' to the user by being a 'recommended' or a 'mandatory' download. If OS X can't open a video file with Perian installed and with Flip4Mac installed (or otherwise typically an MPEG file or a WMV file), then you shouldn't bother with it. If QuickTime with Perian and Flip4Mac can't recognize a file, it's most likely malware.
This is what I tell everyone now: "Don't even try to find a way to open files that aren't recognized by OS X with Perian and Flip4Mac installed. And don't even bother with files that are being pushed to you by a sketchy website such as a porn site or warez site."
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Location: Land between the Lakes!
Status:
Offline
|
|
I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2006
Location: here
Status:
Offline
|
|
Originally Posted by red rocket
Perhaps somewhat loosely related, I was surfing for porn the other day, and some site tried to port scan me. NetBarrier’s antivandalism features blocked the attempt and put the host in a stop list, this is the first time I ever needed that feature.
What's NetBarrier? Is it recommended to use with your firewall on os X?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2004
Status:
Offline
|
|
Originally Posted by Jordan
Now normally people warn you about trojans but say you only get them if you are trying to find nasty pictures of Britney or hand around porn sites. However, this is not true. Just today I did a Google search for an article on Genepax (the company that has developed a water powered vehicle). On the first page of articles was a link. Clicking on that link said . . .
Â
One of the interesting things here is not simply the trojan itself, but the way that it's "marketed."
As you indicated, you weren't hanging around the dark nether-regions of the web... but googling
for some clean technology. The black hats setup keywords to "poison" Google searches, and these
special pages they design will not load when accessed directly... but only when referred via Google.
One of the regulars over at MacFixIt did a lot of research on this, and more info is available here:
|
-HI-
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2007
Location: NY
Status:
Offline
|
|
Originally Posted by Ozz_man
I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.
I sadly agree, but I am going to try and do my best to be as optimistic about it as I can.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2002
Status:
Offline
|
|
Originally Posted by Veltliner
What's NetBarrier? Is it recommended to use with your firewall on os X?
It’s a commercial 3rd party firewall/data-filter/banner-filter/application-and-trojan-filtering/information-hiding application I use instead of the built-in firewall. Not entirely happy with it, the kernel extension has caused some problems in the past, but it’s the only firewall I’m aware of that can get me a ‘full stealth’ rating on those internet firewall test sites. I’m paranoid.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by red rocket
...but it’s the only firewall I’m aware of that can get me a ‘full stealth’ rating on those internet firewall test sites. I’m paranoid.
Fully stealthed is not easy to do; I'm impressed. Can't blame you for being paranoid, either. I used to be paranoid about computer security for a living.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
It would be pretty cool if Apple could use Installer.app to start blacklisting known malware installers.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Dec 2001
Location: Land of Enchantment
Status:
Offline
|
|
It would be pretty cool also if Apple could imbed in Installer.app a malware sniffer, which could be updated as needed through Update. Or is that somehow not possible?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally Posted by jmiddel
It would be pretty cool also if Apple could imbed in Installer.app a malware sniffer, which could be updated as needed through Update. Or is that somehow not possible?
Correct me if I'm wrong, but isn't that essentially what I said in the post previous to yours?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by Big Mac
Correct me if I'm wrong, but isn't that essentially what I said in the post previous to yours?
Almost, but not quite. He added a "sniffer" idea, which ain't bad. If there were enough anti-OS X malware out there to build a sniffer around, it might be a decent idea. Instead, all the installer would have to do is look for a handful of signatures (at the moment, anyway).
Oh, and this composite idea is a fair description of the Microsoft Malware Removal Tool that goes out monthly to Windows users with "automatic updates" selected. I guess they need it a lot.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Oct 2006
Location: Los Angeles
Status:
Offline
|
|
Once a trojan has compromised a Mac, can Norton Anti-Virus pick it up? If not, how do we routinely scan our machines to make sure they have not been compromised?
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
That would depend on whether the trojan could disable Norton, which is a favorite trick of the Windows bug writers. But the way OS X is built is so different from Windows, and the potential for malware to change an installed app is very small. This one we're discussing, is probably not even worth "scanning" for since you can flush your DNS cache with a simple command on the command line.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Senior User
Join Date: Aug 2006
Location: Toronto, Ontario
Status:
Offline
|
|
so, what is the best way of removing one?
|
R.I.P Steve Jobs
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Dec 2001
Location: Land of Enchantment
Status:
Offline
|
|
Big Mac, sorry I misunderstood you, I thought you were talking about just blocking downloads from known hacker sites, not building a virus protection into installer.app. Well, great minds think alike, neh?
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by mkerr64
so, what is the best way of removing one?
Removing a trojan depends on its code. It may insert code in other places, change settings, etc. Not that this is particularly probable in OS X, but it's the major pain in getting rid of them in Windows environments. In OS X, I think it would be a matter of figuring out where it has hidden itself and trashing it.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
Originally Posted by Ozz_man
I only expected it to get worse as Apple grows in market share. With the iPhone and other kewl yadas they are making, Apple will be targets a bit more now I presume.
Here's the kicker, there is no real significant increase in market share in the os market!!! Switching costs are too high for the majority of users and businesses.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by s2mcpaul
Here's the kicker, there is no real significant increase in market share in the os market!!! Switching costs are too high for the majority of users and businesses.
Doubling is not significant?
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
mcpaul must have been in a cave for the last four years, or else he is trying to troll.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2002
Location: Minneapolis, MN
Status:
Offline
|
|
Nearly all malware problems, on both Windows AND OS X, are caused by clueless lusers clicking random links in search of free plasma TVs, MP3 downloads, iPods, and porn. I've been using Windows Vista for months and I haven't had any problems at all, but that's almost certainly because I'm not an idiot, not because Windows is such a secure OS.
|
"That's Mama Luigi to you, Mario!" *wheeze*
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally Posted by jmiddel
Big Mac, sorry I misunderstood you, I thought you were talking about just blocking downloads from known hacker sites, not building a virus protection into installer.app. Well, great minds think alike, neh?
Certainly, great minds think alike.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
Originally Posted by Big Mac
mcpaul must have been in a cave for the last four years, or else he is trying to troll.
I don't expect most people to be well informed. You forget Microsoft doesn't make computers their focus is on software. Apple is spread too thin and have too many big competitors to deal with. Microsoft has a huge advantage in the form of switching costs. Most people do not and will not take the time to switch from windows to osx, even less businesses. Apple, I love the product but its not a great business in economic terms. Please don't try to argue this one, if you do make sure you get your facts straight first.
Applications
Source: Net Applications
share.jpg
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2002
Location: Minneapolis, MN
Status:
Offline
|
|
Two things:
1. What is the source of that data? That's obviously not worldwide market share, where Apple has never really made any headway. Is it US market share? US non-business market share?
2. Why is the iPhone listed as a separate OS? The iPhone is not a computer replacement. Nearly everyone who owns an iPhone is also a user of either Windows, Mac, or Linux.
|
"That's Mama Luigi to you, Mario!" *wheeze*
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by s2mcpaul
I don't expect most people to be well informed. You forget Microsoft doesn't make computers their focus is on software. Apple is spread too thin and have too many big competitors to deal with. Microsoft has a huge advantage in the form of switching costs. Most people do not and will not take the time to switch from windows to osx, even less businesses. Apple, I love the product but its not a great business in economic terms. Please don't try to argue this one, if you do make sure you get your facts straight first.
Are you high? There are very few tech companies that would not like to be in Apple's economic position. Its market cap is $154 billion — that's higher than Intel and way higher than, say, Dell. Where most companies are struggling to stay afloat, Apple is soaring.
Originally Posted by s2mcpaul
Applications
Source: Net Applications
That chart shows Apple's market share growing about 1/3 in a year. 2% of the entire market. In one year. That ain't shabby.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
ugghhh.
Look economic attractiveness is not determined by the market cap, that is a consensus of emotions, rarely economic facts. The fact is that because Apple is spread out in Computer hardware, software publishing to a lesser and lesser extent, retail, etc. they have only so many resources and there are companies that can devote huge amounts to single areas like intel and microsoft. Trying to compete with many only in part does not lead to attractive returns. If you want the fundamental reason however why Apple is not an economically attractive business it is because the amount of reinvestment that they must spend each year just to stay in business is enormous. Were reinvestment to decline, so too would apple until they were either dead or bought out. So as an owner more and more money is put into the business with little to none available for you to take out. There is nothing attractive about that.
You might take $100 and earn say $10. You might then borrow another $100 and now earn $20 but there is nothing economically attractive about this.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Dec 2005
Status:
Offline
|
|
Any developer or script kiddie could write a program for any OS at this level of trickery (which is very low). I could write a script that deletes you entire HD in one line of code, upload it to a webserver and call its something that sounds interesting to try -- but if you have 1/2 a brain you won't trust it. There is really nothing more Apple or any OS maker can do at this level to help people who would trust such a download other than to try to educate you, which is what Leopard's warning does each time before actually running newly downloaded executables. I really don't see what more Apple could do about it short of taking away a user's right to change their own system.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally Posted by s2mcpaul
You might take $100 and earn say $10. You might then borrow another $100 and now earn $20 but there is nothing economically attractive about this.
Say what now? You're not even making any sense. You say there's nothing attractive about Apple's business model? You're just a troll, nothing more.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
You don't have to agree with me. In fact you could just buy lots of stock in apple. While your at it buy some google (which I dislike for other reasons.)
Sorry to the person who started this post, I didn't mean to distract people from the questions you were trying to get answered.
Someone start a new thread and pm me if you want to continue this conversation regarding businesses.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jul 2006
Location: MA
Status:
Offline
|
|
Originally Posted by s2mcpaul
You don't have to agree with me. In fact you could just buy lots of stock in apple. While your at it buy some google (which I dislike for other reasons.)
Sorry to the person who started this post, I didn't mean to distract people from the questions you were trying to get answered.
Someone start a new thread and pm me if you want to continue this conversation regarding businesses.
You claimed there was little significant gain in apple's OS market share, then you posted a graph proving otherwise. I don't think anyone would agree that what you said makes much sense.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
Originally Posted by bballe336
You claimed there was little significant gain in apple's OS market share, then you posted a graph proving otherwise. I don't think anyone would agree that what you said makes much sense.
hmm. please explain how the graph shows otherwise. That is unless your claim is that a 1-2% increase in market share is significant relative to a competitor that has 90%+ market share. I would then disagree with your definition of significant.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jul 2006
Location: MA
Status:
Offline
|
|
Originally Posted by s2mcpaul
hmm. please explain how the graph shows otherwise. That is unless your claim is that a 1-2% increase in market share is significant relative to a competitor that has 90%+ market share. I would then disagree with your definition of significant.
That much gain in a year is fairly significant. Yes it is only 1.83% up in overall market share, but thats a large increase in the amount of apple users. Also when you take into account how small apple's market share is that really is quite a large gain.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
Originally Posted by bballe336
That much gain in a year is fairly significant. Yes it is only 1.83% up in overall market share, but thats a large increase in the amount of apple users. Also when you take into account how small apple's market share is that really is quite a large gain.
You have cited the central reason for all of the arguments I have made. A large gain of Apple, but not in terms of the big picture which gets back to what I said above, that they are spread over a bunch of different areas and that serves only to drive down profitability. They have made a few changes that may help them (e.g. Intel) but they are far from reaching a level that any well informed investor would label as attractive, economically.
Look I'm not negative on apple, I love apple and I, if things stay the same, would never consider changing back to windows. But the fact remains that Microsoft is not the single competitor of Apple and as far as operating systems go it is very clear that Microsoft will continue as the os of choice by the average person. While stupid, it is however understandable given human nature and other factors as discussed above.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jul 2006
Location: MA
Status:
Offline
|
|
Originally Posted by s2mcpaul
You have cited the central reason for all of the arguments I have made. A large gain of Apple, but not in terms of the big picture which gets back to what I said above, that they are spread over a bunch of different areas and that serves only to drive down profitability. They have made a few changes that may help them (e.g. Intel) but they are far from reaching a level that any well informed investor would label as attractive, economically.
Look I'm not negative on apple, I love apple and I, if things stay the same, would never consider changing back to windows. But the fact remains that Microsoft is not the single competitor of Apple and as far as operating systems go it is very clear that Microsoft will continue as the os of choice by the average person. While stupid, it is however understandable given human nature and other factors as discussed above.
Apple is making the only other non-open source OS that is really competing with windows. If apple's market share has grown 2% then microsoft's has dropped at least that much (probably more due to the increasing use of many linux distros). They are spread thin, but almost every product they release is a hit, microsoft hasn't made a product that really took off in years.
I understand that apple's business model isn't the greatest, but I'd still say they are more attractive than microsoft who continues to release products that flop over and over. Thats just how it appears to me, I don't follow the stocks all that closely.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2008
Status:
Offline
|
|
Originally Posted by bballe336
Apple is making the only other non-open source OS that is really competing with windows. If apple's market share has grown 2% then microsoft's has dropped at least that much (probably more due to the increasing use of many linux distros). They are spread thin, but almost every product they release is a hit, microsoft hasn't made a product that really took off in years.
I understand that apple's business model isn't the greatest, but I'd still say they are more attractive than microsoft who continues to release products that flop over and over. Thats just how it appears to me, I don't follow the stocks all that closely.
I'm sorry but when you have 90%+ market share with captive customers in terms of the money earned on money invested, Microsoft wins. the 90%+ never learn that Apple's operating systems are superior. Its like that saying, if a tree falls...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|