Mac virus ?

Discussion in 'NZ Computing' started by Lodi, Jun 27, 2008.

  1. Lodi

    Lodi Guest

    A few days old but still interesting.....

    <snip>
    Security experts are warning now about a new Trojan horse released in the
    wild, targeting OS X Tiger and Leopard users. The malware can steal your
    passwords, avoid detection, log what you type and even take your picture.

    If the latest malware alert is any indication, Mac users may be forced to
    re-think their relaxed approach to online security [...] Unlike previous
    malware attempts that often were proof-of-concept releases, this beast
    can cause real damage
    </snip>

    http://www.tgdaily.com/content/view/38088/108/


    I thought Mac had the same "virus protection" structure as Linux, i.e
    anti-virus software not really needed cos of the root/admin password and
    the directory structure. I've never used a Mac so would appreciate any
    further info.

    Admittedly you've got to be dumb enough to download and execute this 3MB
    virus but if a Mac can be infected what's stopping the mighty penguin
    being targeted via the same method. The MS fans will be loving it.

    (And before said fans mention it, yes I know of the supposed Linux
    viruses. Fine on paper but useless in the real cyber-world)

    Regards
    Lodi
    Lodi, Jun 27, 2008
    #1
    1. Advertising

  2. Lodi

    EMB Guest

    Lodi wrote:
    >
    > Admittedly you've got to be dumb enough to download and execute this 3MB
    > virus

    Most of my lusers at work would download and install a 3GB virus if
    invited to. Thereagain most of said lusers should be euthanised. I've
    had a Friday of dealing with fuckwit lusers as the finale of a week
    filled with being expected to cover the arses of a pack of incompetant
    wankers who don't even understand their own jobs. I swear to god I'll
    electrocute the next person who expects me to sort out problems of their
    own making.
    EMB, Jun 27, 2008
    #2
    1. Advertising

  3. Lodi

    David Empson Guest

    Lodi <> wrote:

    > A few days old but still interesting.....
    >
    > <snip>
    > Security experts are warning now about a new Trojan horse released in the
    > wild, targeting OS X Tiger and Leopard users. The malware can steal your
    > passwords, avoid detection, log what you type and even take your picture.
    >
    > If the latest malware alert is any indication, Mac users may be forced to
    > re-think their relaxed approach to online security [...] Unlike previous
    > malware attempts that often were proof-of-concept releases, this beast
    > can cause real damage
    > </snip>
    >
    > http://www.tgdaily.com/content/view/38088/108/
    >
    >
    > I thought Mac had the same "virus protection" structure as Linux, i.e
    > anti-virus software not really needed cos of the root/admin password and
    > the directory structure. I've never used a Mac so would appreciate any
    > further info.


    First, this isn't a "virus". Viruses spread automatically, by making use
    of remotely exploitable security holes in operating systems, and once
    installed they attempt to spread to other computers. This particular
    software has none of those characteristics.

    The underlying problem is one particular application included on Mac OS
    X which is configured to run as root (via setuid, for those who
    understand Unix), and it is also scriptable via AppleScript. This means
    it can be told to execute an arbitrary shell command with root
    privileges.

    This is a major blunder on Apple's part, and something they will
    certainly be fixing in the next OS release and/or security update.

    This security hole can only be exploited by something running on the
    computer locally (AppleScript requires the GUI to function), so it is
    not exposed to a typical "virus" distribution method.

    It is exploitable by any user on the computer, not just one with
    administrator privileges, so even a temporary "guest" account on the
    computer with no knowledge of passwords can gain root privileges with a
    one line command if they know the details.

    If you don't have physical access to the computer, the only way this
    problem can be exploited is via a trojan horse, where you are basically
    tricking someone into installing software which does something other
    than what it claims to do.

    > Admittedly you've got to be dumb enough to download and execute this 3MB
    > virus but if a Mac can be infected what's stopping the mighty penguin
    > being targeted via the same method. The MS fans will be loving it.


    Any Unix-based system could potentially be exposed to this type of
    trojan horse IF there is any software on the computer which is
    configured to execute with root privileges (using the setuid bit), and
    it has means to execute arbitrary code or has some kind of bug like a
    buffer overrun which can be exploited to execute arbitrary code.

    This particular case is unique to Mac OS X, because the software in
    question with the security hole is only supplied with Mac OS X, not
    other Unix or Linux systems.

    The problem with Windows exposure to viruses is due to a significant
    number of bugs which can be exploited remotely. Even as Microsoft finds
    and fixes them, there are enough computers out there which aren't being
    kept up to date with the latest patches that viruses still have a good
    chance of spreading widely.

    This sort of issue with remote exploits is rarer on Mac/Unix/Linux
    systems (compared to Windows), and on the occasions where there is a
    remotely exploitable problem, the relatively low proportion of
    Mac/Unix/Linux systems in the world helps to limit the potential scope
    of viruses spreading.

    I'm not aware of a single virus that has ever existed "in the wild" for
    Mac OS X. There have been a few trojan horses, but they have mostly been
    proof of concept, or don't get very far.

    --
    David Empson
    David Empson, Jun 27, 2008
    #3
  4. Lodi

    Enkidu Guest

    Lodi wrote:
    >
    > I thought Mac had the same "virus protection" structure as Linux, i.e
    > anti-virus software not really needed cos of the root/admin password and
    > the directory structure. I've never used a Mac so would appreciate any
    > further info.
    >

    Whatever gave you that idea? There are no viruses for Linux or Mac
    because it is not worth targeting them. There are still relatively few.

    There are a few rootkits for Unix type systems, but it generally
    requires a relaxed attitude to security to get rootkitted.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
    Enkidu, Jun 27, 2008
    #4
  5. Lodi

    peterwn Guest

    On Jun 27, 3:21 pm, "geoff" <> wrote:

    >
    > Why don't virus-writers have a go at Linux - could it be cos it would be too
    > easy ?
    >


    They do! Getting root access on a powerful Linux server is highly
    prized. Only trouble is that it is beyond the capabiities of mass
    production scripts, or script kiddies.
    peterwn, Jun 27, 2008
    #5
  6. Lodi

    peterwn Guest

    On Jun 28, 4:53 am, whoisthis <> wrote:

    > > They do!  Getting root access on a powerful Linux server is highly
    > > prized.  Only trouble is that it is beyond the capabiities of mass
    > > production scripts, or script kiddies.

    >
    > and of course there is far more money to be made from spambots/phishing
    > scams/etc on peoples home machines


    Of course. The bot herder needs a decent machine to control the herd,
    and that is where a captured Linux server comes into its own. Windows
    servers are just not up to it. Even Microsoft relies on contracted
    Linux servers to mirror its web site.
    peterwn, Jun 27, 2008
    #6
  7. Lodi

    ~misfit~ Guest

    Somewhere on teh intarweb "Freesias" typed:
    > On Fri, 27 Jun 2008 15:41:31 -0700, peterwn wrote:
    >
    >> Even Microsoft relies on contracted Linux servers to mirror its web
    >> site.

    >
    > Shhh!
    >
    > Don't say that so loud - the Winders Luzers will get all indignant.
    > ;op)


    Sigh. <plonk>
    --
    Shaun.

    DISCLAIMER: If you find a posting or message from me
    offensive, inappropriate, or disruptive, please ignore it.
    If you don't know how to ignore a posting, complain to
    me and I will be only too happy to demonstrate... ;-)
    ~misfit~, Jun 28, 2008
    #7
  8. Lodi

    David Empson Guest

    thingy <> wrote:

    > David Empson wrote:
    > > First, this isn't a "virus". Viruses spread automatically, by making use
    > > of remotely exploitable security holes in operating systems,

    >
    > No, viruses do not as a rule attck remotely.


    Ah, right. I'm getting viruses and worms muddled.

    Viruses traditionally worked by getting onto a computer using some
    external transfer mechanism and then spread within the computer, and
    from there were transported elsewhere. For example, floppy disk boot
    sectors, attaching to executable files.

    Word macro viruses are in the same realm - they spread by infecting
    other Word documents, and rely on people sending infected documents
    around to spread the virus further.

    > The biggest issue these days is malicious code can be a blend of 2 or
    > all three otherwise distinct types.


    Agreed.

    > > The problem with Windows exposure to viruses is due to a significant
    > > number of bugs which can be exploited remotely.

    >
    > even locally. Not sure these even have to be bugs, but more like the
    > monolithic nature of MSos means once you are into one part of the OS,
    > its usually not to hard or even easy to escalate your account to Admin.


    Points taken.

    On Mac OS X, Unix and Linux systems, even local privilege escalations
    are relatively rare. They are regarded as a security problem which
    should be fixed.

    The most common vector on these systems is trojan horses or similar
    methods of tricking the user into authorising installation of something
    which then has admin/root privileges.

    --
    David Empson
    David Empson, Jun 28, 2008
    #8
  9. Lodi

    Enkidu Guest

    thingy wrote:
    >
    > even locally. Not sure these even have to be bugs, but more like the
    > monolithic nature of MSos means once you are into one part of the OS,
    > its usually not to hard or even easy to escalate your account to Admin.
    >

    I dispute that. Got an example of privilege escalation that did not
    involve a bug?

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
    Enkidu, Jun 28, 2008
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    526
    DaveW
    Sep 22, 2003
  2. * * * Y o u r . S h e p h e r d . A q u i l a . D

    mac!! mac!!!

    * * * Y o u r . S h e p h e r d . A q u i l a . D, Jun 2, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    715
    Aquila Deus
    Jun 3, 2005
  3. Image quality on .mac (dot mac)

    , May 15, 2006, in forum: Digital Photography
    Replies:
    4
    Views:
    380
    Steffen Kluge
    May 16, 2006
  4. ab
    Replies:
    0
    Views:
    433
  5. Adam
    Replies:
    3
    Views:
    855
    George
    Nov 21, 2005
Loading...

Share This Page