MacDailyNews - Where Mac news comes first

Jan 26, 09 - 04:39 pm Comment from: HMCIV

This is really going to reck my plans for National Talk Like a Pirate Day.

AAAARRRGH!

Jan 26, 09 - 04:39 pm Comment from: Jimithy

As secure as Mac OS X inherently is, the only surefire way to guard against social engineering is to exercise common sense.

Jan 26, 09 - 04:40 pm Comment from: Metryq

Interesting that this one was "found" by Intego, too...

I have downloaded SEVERAL different copies of pirated Photoshop CS4 and iWork. So far, none have any of the trojans being discusses.

I actually think the anti-virus company Intego is trying to make a name for themselves by coming in and saving the day from alleged disaster, but it is a myth. Sad that a company would stoop so low. Who owns them - Microsoft?

Intego had to make this crap up because SecureMac scooped them on the iWork trojan news - 2 companies that belong together - in jail.

Jan 26, 09 - 04:42 pm Comment from: Mac Daddy

This is sad -- all the hackers bois can do against OS X is put up trojan-laced warez. Pussies.

Silly Apple, when will you learn not to give full system access to a simple application install?

It's only a matter of time before a application exploit utilizes an applications ability to request a admin password from the user.

There should be several passwords.

1: Full system access (aka "root" aka "Superuser" aka "sudo") password. For OS updates and very high level OS modifications ONLY by Apple approved third party software. Use at your own risk.

2: Admin password, for everything a admin level needs to do. App installs, create users, admin stuff. App installs that doesn't need to alter the OS itself should be here.

3: User level password. Same as now. Can't do diddly squat with a admin password. However, if a admin password is given, will grant user temporary admin powers like it is now.

Amend line above to read

"Can't do diddly squat without a admin password."

Intego should be investigated, personally I think they are responsible for these pieces of software terrorism.

Intego (Incredi-boy) should change their name to Syndrome.

Good idea, Jim, using the terms "Intego" and "terrorism" in the same run-on sentence.. maybe now we can enjoy US homeland security bringing Intego to justice (limb by limb). God Bless America and what it has done to us.

Jan 26, 09 - 05:00 pm Comment from: Bob

I want to know why Intego is constantly downloading pirated software. Someone should report these guys to the SPA.

Jan 26, 09 - 05:07 pm Comment from: DLMeyer

I mistrust the guys who claim to "protect" you then manage to "find" things you never heard of. But, Mac Trooper is asking way too much of your typical user if he thinks they should be expected to set three levels of passwords! It can be hard enough to get a new user to create an Admin Account as well as a User Account on a new system ... THREE? And how will they remember three passwords? Tape them on the side of the monitor, as usual.
I can be tough about the two (or more) account system, the Admin Account almost never used, but three? Too hard to enforce.

That's what you get for stealing, feel the same about a kid that gets shot in the face car-jacking...... one less ID10T on the planet.... or one less with out data. Sounds like the best form of copy protection to me. Buy what you use... don't give me the idiotic " I'm trying be fore I buy" or Monopoly B>S. Karma is a Beyotch..... hmm

You said:

"God Bless America and what it has done to us."

Since you use "to" rather than "for," I assume that was sarcasm. Which also means you are a complete idiot and tool. Go f*ck yourself.
Kate

You know, this is a good virus.

Jan 26, 09 - 05:24 pm Comment from: ericdano

This is all crap. Virus company posts story about iWork, see spike in traffic and interest.....possibly a couple of sales.....then they come out with this one as well.

I haven't seen this on the 2 copies of iWork I tried out off bittorrent.

Jan 26, 09 - 05:25 pm Comment from: Brau

Whatever the root cause, those who steal software deserve what they get, but one thing bothers me. - These trojans are apparently fairly benign when they could have done a lot of damage, which makes me wonder what would motivate someone to do this. It seems more like an attempt by interested parties (Security software vendors and perhaps Apple too?) to thwart illegal downloads by creating a scare without any real teeth.

Sometimes people are too hard on the AV companies. Who else should be reporting discovery of these things? That's pretty much what they are there for right?

Here's an idea that would render this trojan powerless....

STOP DOWNLOADING STOLEN SOFTWARE.... idiots.

Who looks the hardest for OS X viruses/trojans??

AVG?

NO maybe

McAfee?

No Avast?

NO maybe

Antivir?

Maybe Intego?

So I'm just trying to think of what percent of the world's Macs this actually affects. They have to download and install specific illegally acquired software...is this a disaster of phenomenal proportions?

Any of you know if you have a keylogger installed on your Mac from a stealth I-Frame injection from browsing the net. They just have to read your browser headers and they know to load a microsoft based keylogger or a Unix based OS X keylogger. It is that simple.


It is no longer 2007!!!

Jan 26, 09 - 05:55 pm Comment from: Predrag

There is a very clear and obvious message in the last two reports of Mac malware. Today, they are being delivered via illegal pirated software downloads. However, tomorrow, they will arrive just like any other commonplace trojan ("Paris Hilton home sex video"; "A Special E-Card Just For You"; "George Bush kissing Karl Rove"...). These were a proof of concept and it is clear that they worked. Apparently, several thousand were downloaded. This only means that anyone with a criminal mind and need for plenty of bots can now count on fresh new Mac bots. This may be a major change in the way we live life in the world of Mac.

That is if you are in an Admin account which most of you are not??

Why are they able to claim these are trojans? It seems to me they are actual chosen programs that the user wanted to install. Thereby they actually wanted the result they got. Anyone that would go to a Torrent site and expect to download what the file has been named actually deserves the consequences. It speaks volumes about the trolls that use such services and expect it is the file is legit in any way. This isn't like a virus for windows that simply happens to your computer one day. These people have chosen what they got. OSX even asks if you are sure you want to install a program you downloaded from the internet as a warning that it could be suspect.

... It can be hard enough to get a new user to create an Admin Account as well as a User Account on a new system ... THREE? And how will they remember three passwords?...

Apple needs to do what the military and other secret agencies do, set up compartmentalized security.

Apple can do this in a very user friendly way as not to make it quite a chore.

For instance, when setting up a new machine, the user will need to create at least two passwords and be advised to write them own and place them in a very secure location.

Password #1: For OS updates and OS file level changes only.
Password #2: For Administration and application installs.

Password #3, 4 and more: For user(s) level access.

Password #3 are optional, it doesn't have to be used if the person doesn't care if others can gain access to their computer/files.

However! If some sort of change is going to occur to one's machine then the degree of change and it's potential risk, needs to be conveyed to the user.

If a user is installing a app and that app needs the OS X "SuperUser" (Password #1) there should be a warning window from Apple and a "Report to Apple" and/or a verification process. To let the user understand the risk of OS level changes.

This will reduce the amount of changes and OS update hang-ups from third party software making changes to OS X.

95% of exploits are in third party software!!

http://www.auditmypc.com/internal-ip.html

Jan 26, 09 - 06:33 pm Comment from: Macfabulous

"Comment from: creative pro
Here's an idea that would render this trojan powerless....

STOP DOWNLOADING STOLEN SOFTWARE.... idiots."

I couldn´t agree more!!!...

STOP DOWNLOADING STOLEN SOFTWARE.... idiots
STOP DOWNLOADING STOLEN SOFTWARE.... idiots
STOP DOWNLOADING STOLEN SOFTWARE.... idiots

Well... I couldn´t say it better my self.

Support Apple by bying their products. Not by stealing them!!! You wouldn´t steal a iMac... would you???

IDIOTS!

Jan 26, 09 - 06:39 pm Comment from: UltraVisitor

Was Zune Tang just speaking out of character?

Jan 26, 09 - 07:36 pm Comment from: Predrag

It seems to me that nobody here understands what these two trojans mean.

What is it that prevents original authors of these trojans from putting them into some file or application that would be interesting by the mainstream audience? As I said, e-cards, "amazing" PowerPoint slideshows of all kind, short funny videos, like the stuff that circulates through the web every day. What happens if the trojan is attached to some of those?

How soon until a trojan such as this one is attached to a 'E-greeting For You' or a 'Pamela Andreson home video'?

Only an educated user (on any platform) can tell the difference between a real application and a trojan. There are very, very few educated users. Fortunately for us in the Mac universe, there weren't any trojans yet. As it stands now, things may change very, very soon.

Jan 26, 09 - 08:00 pm Comment from: eyerhyme

@ Mac Trooper

Your 3 password thing does squat to protect us... if you actually read how this thing works you would understand that a trojan is still installed regardless of a password. Very SIMPLE solution... BUY THE SOFTWARE AND SUPPORT THE DEVELOPERS!

Jan 26, 09 - 08:15 pm Comment from: eMax

Anyone think this is developer rooted? It would certainly be a great idea to stop/slow pirated software.

If i was going to get torrented software this would certainly stop me.

Jan 26, 09 - 09:16 pm Comment from: ken1w

If this is the only halfway effective method that hackers have found to exploit Macs, they are in for an uphill climb to get enough Macs to do anything worth doing.

This is good news. If this is the best the hackers can do against Mac OS X (infect one Mac at a time by getting users to intentionally install stolen software), I feel safer already. I don't use pirated software.

Jan 26, 09 - 09:40 pm Comment from: Ampar

Wow. The usual suspects. Cheers guys.

Jan 26, 09 - 09:52 pm Comment from: Predrag

Let me put it in a way anyone can understand.

Most Windows trojans arrive in e-mail these days. They are, for the most part, something a recipient would be interested/curious to open (an electronic greeting purportedly coming from a friend, a salacious video of a celebrity, or some spectacular PowerPoint slide show. And as usual, they do open it, and that installs a piece of malware that immediately phones home and sends itself to everyone in the address book. Obviously, with Mac users, they couldn't do that by masquerading as a PowerPoint or a video, since neither of these types of files would normally ask for user's permission in order to be viewed. Unfortunately, many Mac users won't understand why they are being asked for a password to run an application, so they would probably provide one anyway.

Bottom line is, Macs have much more meaningful warnings when downloaded programme is first executed. On XP, there are none; on Vista, warnings are everywhere, so users ignore them. However, even so, many would consider an attachment sent by a friend a safe file and execute it without concern.

Mac antivirus companies are very excited over this new development. It looks like we'll be needing that protection very soon, after all...

Jan 26, 09 - 10:38 pm Comment from: Predrag

Ampar,

Were you away? Haven't seen your contributions in a long while. Good to see you back!

Jan 26, 09 - 10:55 pm Comment from: Micro Me

Yo Ampar, good to see you back.

Way to sell that anti-virus software Intego.

What nobody in the media has pointed out yet is that 20,000 people downloading the tracker is NOT 20,000 infected machines.

Stupid, idiotic sensationalistic reporting by the anti-virus company AND the media.

Jan 27, 09 - 04:29 am Comment from: hagar57

The simile with malware hidden in content (vid clips, pics) is wrong. If when opening a vid clip a user is asked to type in an admin password, he or she will likely be alert enough to decline.
If however somebody installs pirated software, he expects to be asked for his admin password, since this is what software installation requires. Thus, by not downloading commercial software from unauthorized sources, you can protect yourself against these trojans.

"This is good news. If this is the best the hackers can do against Mac OS X (infect one Mac at a time by getting users to intentionally install stolen software), I feel safer already. I don't use pirated software"

No you can just insert code into a web page. That way all the Mac user has to do is visit the site and they get Hacked. No admin password needed. All you need is to look up the list of "arbitrary code execution" vulnerabilities in WebKit that Apple hasn't patched yet. Easy but probably not worth doing.

Hey, a way to track pirated software.

Jan 27, 09 - 09:53 am Comment from: Predrag

Hagar57:

My point was precisely the opposite: vast majority of inexperienced Mac users won't be alert enough to decline. Most switchers have been taught that Macs are immune to malware. Therefore, there is no danger in allowing something to execute if it's on a Mac. You and I will know that's not quite the case, but most others won't know the difference between an application, picture or a movie. For them, it is an icon which you double-click to open. If it asks you for a password, you enter password. People who switched from Vista will actually find this quite normal (Vista asks for password pretty much on EVERY action).

The main point of this new development is that someone built a trojan that can be attached to any other executable code and can install itself on a Mac, open up ports, talk back to the mother ship and eventually do bad things.

I'm telling you, guys, this is a defining event. It is just a matter of time (and not long time anymore) when someone attaches this type of trojan to a file that an average user would want to open.

Intengo! find a trojan in my balls!!!!!

@UltraVisitor

every once is a while I must get serious, though my brown Zune Tang is so soft and moist like velvet. Intego will never get it. I repeat:

I have downloaded SEVERAL different copies of pirated Photoshop CS4 and iWork. So far, none have any of the trojans being discusses.

I actually think the anti-virus company Intego is trying to make a name for themselves by coming in and saving the day from alleged disaster, but it is a myth. Sad that a company would stoop so low. Who owns them - Microsoft?

Intego had to make this crap up because SecureMac scooped them on the iWork trojan news - 2 companies that belong together - in jail.