«

A few days old but still interesting.....

<snip>
Security experts are warning now about a new Trojan horse released in the
wild, targeting OS X Tiger and Leopard users. The malware can steal your
passwords, avoid detection, log what you type and even take your picture.

If the latest malware alert is any indication, Mac users may be forced to
re-think their relaxed approach to online security [...] Unlike previous
malware attempts that often were proof-of-concept releases, this beast
can cause real damage
</snip>

http://www.tgdaily.com/content/view/38088/108/


I thought Mac had the same "virus protection" structure as Linux, i.e
anti-virus software not really needed cos of the root/admin password and
the directory structure. I've never used a Mac so would appreciate any
further info.

Admittedly you've got to be dumb enough to download and execute this 3MB
virus but if a Mac can be infected what's stopping the mighty penguin
being targeted via the same method. The MS fans will be loving it.

(And before said fans mention it, yes I know of the supposed Linux
viruses. Fine on paper but useless in the real cyber-world)

Regards
Lodi

Lodi wrote:
>
> Admittedly you've got to be dumb enough to download and execute this 3MB
> virus
Most of my lusers at work would download and install a 3GB virus if
invited to. Thereagain most of said lusers should be euthanised. I've
had a Friday of dealing with ****wit lusers as the finale of a week
filled with being expected to cover the arses of a pack of incompetant
wankers who don't even understand their own jobs. I swear to god I'll
electrocute the next person who expects me to sort out problems of their
own making.

Lodi <> wrote:

> A few days old but still interesting.....
>
> <snip>
> Security experts are warning now about a new Trojan horse released in the
> wild, targeting OS X Tiger and Leopard users. The malware can steal your
> passwords, avoid detection, log what you type and even take your picture.
>
> If the latest malware alert is any indication, Mac users may be forced to
> re-think their relaxed approach to online security [...] Unlike previous
> malware attempts that often were proof-of-concept releases, this beast
> can cause real damage
> </snip>
>
> http://www.tgdaily.com/content/view/38088/108/
>
>
> I thought Mac had the same "virus protection" structure as Linux, i.e
> anti-virus software not really needed cos of the root/admin password and
> the directory structure. I've never used a Mac so would appreciate any
> further info.

First, this isn't a "virus". Viruses spread automatically, by making use
of remotely exploitable security holes in operating systems, and once
installed they attempt to spread to other computers. This particular
software has none of those characteristics.

The underlying problem is one particular application included on Mac OS
X which is configured to run as root (via setuid, for those who
understand Unix), and it is also scriptable via AppleScript. This means
it can be told to execute an arbitrary shell command with root
privileges.

This is a major blunder on Apple's part, and something they will
certainly be fixing in the next OS release and/or security update.

This security hole can only be exploited by something running on the
computer locally (AppleScript requires the GUI to function), so it is
not exposed to a typical "virus" distribution method.

It is exploitable by any user on the computer, not just one with
administrator privileges, so even a temporary "guest" account on the
computer with no knowledge of passwords can gain root privileges with a
one line command if they know the details.

If you don't have physical access to the computer, the only way this
problem can be exploited is via a trojan horse, where you are basically
tricking someone into installing software which does something other
than what it claims to do.

> Admittedly you've got to be dumb enough to download and execute this 3MB
> virus but if a Mac can be infected what's stopping the mighty penguin
> being targeted via the same method. The MS fans will be loving it.

Any Unix-based system could potentially be exposed to this type of
trojan horse IF there is any software on the computer which is
configured to execute with root privileges (using the setuid bit), and
it has means to execute arbitrary code or has some kind of bug like a
buffer overrun which can be exploited to execute arbitrary code.

This particular case is unique to Mac OS X, because the software in
question with the security hole is only supplied with Mac OS X, not
other Unix or Linux systems.

The problem with Windows exposure to viruses is due to a significant
number of bugs which can be exploited remotely. Even as Microsoft finds
and fixes them, there are enough computers out there which aren't being
kept up to date with the latest patches that viruses still have a good
chance of spreading widely.

This sort of issue with remote exploits is rarer on Mac/Unix/Linux
systems (compared to Windows), and on the occasions where there is a
remotely exploitable problem, the relatively low proportion of
Mac/Unix/Linux systems in the world helps to limit the potential scope
of viruses spreading.

I'm not aware of a single virus that has ever existed "in the wild" for
Mac OS X. There have been a few trojan horses, but they have mostly been
proof of concept, or don't get very far.

--
David Empson

Lodi wrote:
>
> I thought Mac had the same "virus protection" structure as Linux, i.e
> anti-virus software not really needed cos of the root/admin password and
> the directory structure. I've never used a Mac so would appreciate any
> further info.
>
Whatever gave you that idea? There are no viruses for Linux or Mac
because it is not worth targeting them. There are still relatively few.

There are a few rootkits for Unix type systems, but it generally
requires a relaxed attitude to security to get rootkitted.

Cheers,

Cliff

--

Have you ever noticed that if something is advertised as 'amusing' or
'hilarious', it usually isn't?

On Jun 27, 3:21*pm, "geoff" <ge...@nospam-paf.co.nz> wrote:

>
> Why don't virus-writers have a go at Linux - could it be cos it would be too
> easy ?
>

They do! Getting root access on a powerful Linux server is highly
prized. Only trouble is that it is beyond the capabiities of mass
production scripts, or script kiddies.

On Jun 28, 4:53*am, whoisthis <w...@am.i.spammer> wrote:

> > They do! *Getting root access on a powerful Linux server is highly
> > prized. *Only trouble is that it is beyond the capabiities of mass
> > production scripts, or script kiddies.
>
> and of course there is far more money to be made from spambots/phishing
> scams/etc on peoples home machines

Of course. The bot herder needs a decent machine to control the herd,
and that is where a captured Linux server comes into its own. Windows
servers are just not up to it. Even Microsoft relies on contracted
Linux servers to mirror its web site.

Somewhere on teh intarweb "Freesias" typed:
> On Fri, 27 Jun 2008 15:41:31 -0700, peterwn wrote:
>
>> Even Microsoft relies on contracted Linux servers to mirror its web
>> site.
>
> Shhh!
>
> Don't say that so loud - the Winders Luzers will get all indignant.
> ;op)

Sigh. <plonk>
--
Shaun.

DISCLAIMER: If you find a posting or message from me
offensive, inappropriate, or disruptive, please ignore it.
If you don't know how to ignore a posting, complain to
me and I will be only too happy to demonstrate...

thingy <> wrote:

> David Empson wrote:
> > First, this isn't a "virus". Viruses spread automatically, by making use
> > of remotely exploitable security holes in operating systems,
>
> No, viruses do not as a rule attck remotely.

Ah, right. I'm getting viruses and worms muddled.

Viruses traditionally worked by getting onto a computer using some
external transfer mechanism and then spread within the computer, and
from there were transported elsewhere. For example, floppy disk boot
sectors, attaching to executable files.

Word macro viruses are in the same realm - they spread by infecting
other Word documents, and rely on people sending infected documents
around to spread the virus further.

> The biggest issue these days is malicious code can be a blend of 2 or
> all three otherwise distinct types.

Agreed.

> > The problem with Windows exposure to viruses is due to a significant
> > number of bugs which can be exploited remotely.
>
> even locally. Not sure these even have to be bugs, but more like the
> monolithic nature of MSos means once you are into one part of the OS,
> its usually not to hard or even easy to escalate your account to Admin.

Points taken.

On Mac OS X, Unix and Linux systems, even local privilege escalations
are relatively rare. They are regarded as a security problem which
should be fixed.

The most common vector on these systems is trojan horses or similar
methods of tricking the user into authorising installation of something
which then has admin/root privileges.

--
David Empson

thingy wrote:
>
> even locally. Not sure these even have to be bugs, but more like the
> monolithic nature of MSos means once you are into one part of the OS,
> its usually not to hard or even easy to escalate your account to Admin.
>
I dispute that. Got an example of privilege escalation that did not
involve a bug?

Cheers,

Cliff

--

Have you ever noticed that if something is advertised as 'amusing' or
'hilarious', it usually isn't?