Loading ...
Sorry, an error occurred while loading the content.

Mac viruses

Expand Messages
  • John Rethorst
    http://news.bbc.co.uk/2/hi/technology/8096822.stm Security experts have discovered two novel forms of Mac OS X malware. OSX/Tored-A - an updated version of the
    Message 1 of 11 , Jun 12, 2009
    • 0 Attachment
      http://news.bbc.co.uk/2/hi/technology/8096822.stm

      Security experts have discovered two novel forms of Mac OS X malware.

      OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan called OSX/Jahlav-C were both found on popular pornographic websites.

      Users logging on to these sites are asked to download a "missing Video ActiveX Object" but are sent a virus payload instead.

      While most viruses target PC users, there has been rise in the number of attacks on Mac systems.

      Graham Cluley, a security expert with anti-virus firm Sophos, told the BBC that the small number of Mac viruses had made some users complacent.

      "There is a lot less malware on Mac than for Windows, so Mac users sometimes feel invincible.

      "Apple have marketed their system on the line of 'you won't suffer spyware like you would on Windows' and that has reinforced people's attitudes.

      "And one thing we do know is that you are less likely to be running anti-virus software on a Mac than on a PC," he said.

      Sophos says that the OSX/Jahlav-C is an update to a previous version of Jahlav; it runs a script that "uses http to communicate with a remote website and download code supplied by the attacker".

      Previously, the virus would download fake anti-virus software that would dupe users into buying a product that would not actually do anything and, warned Mr Cluley, would result in hackers obtaining credit card details. However, that has changed and at present the virus is not downloading any code.

      "At the moment the virus is not managing to get that [fake anti-virus software] program, but because it is going to a site controlled by hackers, they can change it to download whatever they want," he said.

      That could be keyloggers, data mining or adding the Mac to a future botnet.

      Christopher Phin - deputy editor of Mac Format magazine - told the BBC that Mac users needed to be more aware of potential threats.

      "The Apple community is guilty of peddling the line that they are removed from security issues.," he said.

      One of the reasons for this could be that while there are millions of viruses targeting the Windows operating system, it is thought there are less than 70 affecting Apple computers.

      "The most useful thing people can do is educate themselves on best practice to avoid getting infected in the first place."

      Mr Phin said that, for now, Mac users did not have the same need for anti-virus software that PC users did, although that could change in the future.

      "I suspect we will see more creative and new ways of exploiting vulnerabilities on all formats and the greater Apple profile makes it more susceptible to being targeted," he said.
    • Nancy Hyden Woodward
      I have a question about viruses. Don t know when/how to recognize them. I only have Macs. Yesterday, I received an email from a list member of an animal
      Message 2 of 11 , Jun 12, 2009
      • 0 Attachment
        I have a question about viruses. Don't know when/how to recognize
        them. I only have Macs.
        Yesterday, I received an email from a list member of an animal rights/
        welfare group. The first four paragraphs contained several lines of
        letters and numbers, not set pattern. Then it had forwarded text. I
        sent it to the list , as is, and asked if I should be concerned about
        it. The original sender wrote back that she didn't have it on her
        email when she mailed it.
        Any thoughts?
        Nancy
        On Jun 12, 2009, at 3:20 PM, John Rethorst wrote:

        >
        >
        > http://news.bbc.co.uk/2/hi/technology/8096822.stm
        >
        > Security experts have discovered two novel forms of Mac OS X malware.
        >
        > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a
        > Trojan called OSX/Jahlav-C were both found on popular pornographic
        > websites.
        >
        > Users logging on to these sites are asked to download a "missing
        > Video ActiveX Object" but are sent a virus payload instead.
        >
        > While most viruses target PC users, there has been rise in the
        > number of attacks on Mac systems.
        >
        > Graham Cluley, a security expert with anti-virus firm Sophos, told
        > the BBC that the small number of Mac viruses had made some users
        > complacent.
        >
        > "There is a lot less malware on Mac than for Windows, so Mac users
        > sometimes feel invincible.
        >
        > "Apple have marketed their system on the line of 'you won't suffer
        > spyware like you would on Windows' and that has reinforced people's
        > attitudes.
        >
        > "And one thing we do know is that you are less likely to be running
        > anti-virus software on a Mac than on a PC," he said.
        >
        > Sophos says that the OSX/Jahlav-C is an update to a previous
        > version of Jahlav; it runs a script that "uses http to communicate
        > with a remote website and download code supplied by the attacker".
        >
        > Previously, the virus would download fake anti-virus software that
        > would dupe users into buying a product that would not actually do
        > anything and, warned Mr Cluley, would result in hackers obtaining
        > credit card details. However, that has changed and at present the
        > virus is not downloading any code.
        >
        > "At the moment the virus is not managing to get that [fake anti-
        > virus software] program, but because it is going to a site
        > controlled by hackers, they can change it to download whatever they
        > want," he said.
        >
        > That could be keyloggers, data mining or adding the Mac to a future
        > botnet.
        >
        > Christopher Phin - deputy editor of Mac Format magazine - told the
        > BBC that Mac users needed to be more aware of potential threats.
        >
        > "The Apple community is guilty of peddling the line that they are
        > removed from security issues.," he said.
        >
        > One of the reasons for this could be that while there are millions
        > of viruses targeting the Windows operating system, it is thought
        > there are less than 70 affecting Apple computers.
        >
        > "The most useful thing people can do is educate themselves on best
        > practice to avoid getting infected in the first place."
        >
        > Mr Phin said that, for now, Mac users did not have the same need
        > for anti-virus software that PC users did, although that could
        > change in the future.
        >
        > "I suspect we will see more creative and new ways of exploiting
        > vulnerabilities on all formats and the greater Apple profile makes
        > it more susceptible to being targeted," he said.
        >
        >
        >



        [Non-text portions of this message have been removed]
      • Randy B. Singer
        ... These new Trojans sound exactly like the RSPlug Trojan. I wonder if they are exactly the same, only newly discovered ?
        Message 3 of 11 , Jun 12, 2009
        • 0 Attachment
          On Jun 12, 2009, at 12:20 PM, John Rethorst wrote:

          > http://news.bbc.co.uk/2/hi/technology/8096822.stm
          >
          > Security experts have discovered two novel forms of Mac OS X malware.
          >
          > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a
          > Trojan called OSX/Jahlav-C were both found on popular pornographic
          > websites.

          These "new" Trojans sound exactly like the RSPlug Trojan. I wonder
          if they are exactly the same, only newly "discovered"?
          http://www.intego.com/news/ism0808.asp

          ___________________________________________
          Randy B. Singer
          Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

          Macintosh OS X Routine Maintenance
          http://www.macattorney.com/ts.html
          ___________________________________________
        • Phillip M. Jones, C.E.T.
          Users logging on to these sites are asked to download a missing Video Active-X Object but are sent a virus payload instead. Unless the mac user less than
          Message 4 of 11 , Jun 12, 2009
          • 0 Attachment
            "Users logging on to these sites are asked to download a "missing Video
            Active-X Object" but are sent a virus payload instead."

            Unless the mac user less than thirty days using a Mac, everyone is aware
            that the OSX system has , not will, can not and will never use Active-X
            Steve Jobs and Techs at Apple have deemed Active-X, and Active -X
            controls as too dangerous to Run, as MS has its written, its absolutely
            impossible to make safe.

            90 percent of more of PC's Malware Junk is deployed Active-X Today.

            In fact in order to use Active-X in IE since version 7 it has to be
            turned on and there is a warning about the dangers.

            And Two anyone visiting Porn sites deserve anything they get.

            John Rethorst wrote:
            >
            >
            >
            > http://news.bbc.co.uk/2/hi/technology/8096822.stm
            > <http://news.bbc.co.uk/2/hi/technology/8096822.stm>
            >
            > Security experts have discovered two novel forms of Mac OS X malware.
            >
            > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan
            > called OSX/Jahlav-C were both found on popular pornographic websites.
            >
            > Users logging on to these sites are asked to download a "missing Video
            > ActiveX Object" but are sent a virus payload instead.
            >
            > While most viruses target PC users, there has been rise in the number of
            > attacks on Mac systems.
            >
            > Graham Cluley, a security expert with anti-virus firm Sophos, told the
            > BBC that the small number of Mac viruses had made some users complacent.
            >
            > "There is a lot less malware on Mac than for Windows, so Mac users
            > sometimes feel invincible.
            >
            > "Apple have marketed their system on the line of 'you won't suffer
            > spyware like you would on Windows' and that has reinforced people's
            > attitudes.
            >
            > "And one thing we do know is that you are less likely to be running
            > anti-virus software on a Mac than on a PC," he said.
            >
            > Sophos says that the OSX/Jahlav-C is an update to a previous version of
            > Jahlav; it runs a script that "uses http to communicate with a remote
            > website and download code supplied by the attacker".
            >
            > Previously, the virus would download fake anti-virus software that would
            > dupe users into buying a product that would not actually do anything
            > and, warned Mr Cluley, would result in hackers obtaining credit card
            > details. However, that has changed and at present the virus is not
            > downloading any code.
            >
            > "At the moment the virus is not managing to get that [fake anti-virus
            > software] program, but because it is going to a site controlled by
            > hackers, they can change it to download whatever they want," he said.
            >
            > That could be keyloggers, data mining or adding the Mac to a future botnet.
            >
            > Christopher Phin - deputy editor of Mac Format magazine - told the BBC
            > that Mac users needed to be more aware of potential threats.
            >
            > "The Apple community is guilty of peddling the line that they are
            > removed from security issues.," he said.
            >
            > One of the reasons for this could be that while there are millions of
            > viruses targeting the Windows operating system, it is thought there are
            > less than 70 affecting Apple computers.
            >
            > "The most useful thing people can do is educate themselves on best
            > practice to avoid getting infected in the first place."
            >
            > Mr Phin said that, for now, Mac users did not have the same need for
            > anti-virus software that PC users did, although that could change in the
            > future.
            >
            > "I suspect we will see more creative and new ways of exploiting
            > vulnerabilities on all formats and the greater Apple profile makes it
            > more susceptible to being targeted," he said.
            >
            >

            --
            Phillip M. Jones, C.E.T. "If it Ain't Broke, Don't Fix it"
            616 Liberty Street Martinsville, Va 24112-1809
            Phone: 276-632-5045 Cell: 276-732-7781 Fax: 276-632-0868
            http://www.phillipmjones.net http://www.vpea.org
            mailto:pjones1@...
          • geoffrey mendelson
            ... The problem with that is that many sites on the web are infected with links that you never see. When a friend died my wife looked her up and found an
            Message 5 of 11 , Jun 13, 2009
            • 0 Attachment
              On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
              > And Two anyone visiting Porn sites deserve anything they get.
              >


              The problem with that is that many sites on the web are infected with
              links that you never see. When a friend died my wife looked her up and
              found an article on a community news site about her with an interview
              from the year 2000. It also had several links to those sites burried
              in the web page, which did not show up if you were just looking at it.

              They did show up in search engine reference counts, and if your
              broswer did any forward caching, files from them would be on your
              computer without you knowing about it.

              They were inserted after the web pages were uploaded to the server,
              and the owner of the site, and anyone who went there had no idea they
              were there. His server company told him it was his problem. As a
              kindness, I wrote a program to scan his entire site and locate the
              links. I found that about 15% of his pages were "infected".

              Some of them pointed to links on other web pages, where pages,
              pictures and video were hidden. One of them was for an enviornmental
              group, a few church groups, and they were scattered all over the globle.

              If I were to look at your computer, I would probably find hundreds if
              not thousands of files from those sites, depending upon how much web
              browsing you do, and how well you clean you caches.

              Geoff.

              --
              geoffrey mendelson N3OWJ/4X1GM
              Jerusalem Israel geoffreymendelson@...
            • Chad Smith
              His point, though, was, according to the article, you have to go to a porn site, which tells you that you need an Active-X plugin . That s the virus, the
              Message 6 of 11 , Jun 13, 2009
              • 0 Attachment
                His point, though, was, according to the article, you have to go to a porn
                site, which tells you that you need an "Active-X plugin". That's the virus,
                the plugin. If you don't go to the website and try to install the plugin -
                you won't get the virus. Even if you visit a site that is linked to the
                porn site - you won't get it.

                I agree with the one who said anybody who uses a Mac *should* know that you
                can't use Active-X on Mac, (except under virtualized Windows).

                I also think it's insane to get worried about one virus on one site that
                requires an idiot decision by the Mac user to even work.

                Any operating system - let me repeat that - ANY operating system can be
                compromised if you fool the user into installing your software on their
                system as an administrator, (which is what you are doing whenever you type
                in your password to install software).

                - Chad Smith
                http://www.chadwsmith.com/


                On Sat, Jun 13, 2009 at 2:03 PM, geoffrey mendelson <
                geoffreymendelson@...> wrote:

                >
                >
                >
                > On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
                > > And Two anyone visiting Porn sites deserve anything they get.
                > >
                >
                > The problem with that is that many sites on the web are infected with
                > links that you never see. When a friend died my wife looked her up and
                > found an article on a community news site about her with an interview
                > from the year 2000. It also had several links to those sites burried
                > in the web page, which did not show up if you were just looking at it.
                >
                > They did show up in search engine reference counts, and if your
                > broswer did any forward caching, files from them would be on your
                > computer without you knowing about it.
                >
                > They were inserted after the web pages were uploaded to the server,
                > and the owner of the site, and anyone who went there had no idea they
                > were there. His server company told him it was his problem. As a
                > kindness, I wrote a program to scan his entire site and locate the
                > links. I found that about 15% of his pages were "infected".
                >
                > Some of them pointed to links on other web pages, where pages,
                > pictures and video were hidden. One of them was for an enviornmental
                > group, a few church groups, and they were scattered all over the globle.
                >
                > If I were to look at your computer, I would probably find hundreds if
                > not thousands of files from those sites, depending upon how much web
                > browsing you do, and how well you clean you caches.
                >
                > Geoff.
                >
                > --
                > geoffrey mendelson N3OWJ/4X1GM
                > Jerusalem Israel geoffreymendelson@...<geoffreymendelson%40gmail.com>
                >
                >
                >


                [Non-text portions of this message have been removed]
              • John Rethorst
                ... These things happen . . . :-) John R.
                Message 7 of 11 , Jun 13, 2009
                • 0 Attachment
                  --- In wordperfectmac@yahoogroups.com, Chad Smith <chad78@...> wrote:

                  > . . . requires an idiot decision by the Mac user to even work.

                  These things happen . . . :-)

                  John R.
                • John Kaufmann
                  Geoff, ... Could you expand a little on how that happens? John K.
                  Message 8 of 11 , Jun 13, 2009
                  • 0 Attachment
                    Geoff,

                    In a message dated 2009.06.13 15:03 -0500, geoffrey mendelson wrote:

                    > The problem with that is that many sites on the web are infected with
                    > links that you never see... inserted after the web pages were uploaded
                    > to the server ...

                    Could you expand a little on how that happens?

                    John K.
                  • Edward Mendelson
                    ... Start here: http://news.cnet.com/8301-1009_3-10255226-83.html It doesn t tell how the stuff actually gets on the sites, but that s presumably done through
                    Message 9 of 11 , Jun 15, 2009
                    • 0 Attachment
                      --- In wordperfectmac@yahoogroups.com, John Kaufmann <kaufmann@...> wrote:

                      > > The problem with that is that many sites on the web are infected with
                      > > links that you never see... inserted after the web pages were uploaded
                      > > to the server ...
                      >
                      > Could you expand a little on how that happens?

                      Start here:

                      http://news.cnet.com/8301-1009_3-10255226-83.html

                      It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.
                    • John Kaufmann
                      ... But of course *that* is the question, isn t it? - how that happens? John K.
                      Message 10 of 11 , Jun 15, 2009
                      • 0 Attachment
                        In a message dated 2009.06.15 10:24 -0500, Edward Mendelson wrote:

                        >>> The problem with that is that many sites on the web are infected with
                        >>> links that you never see... inserted after the web pages were uploaded
                        >>> to the server ...
                        >>
                        >> Could you expand a little on how that happens?
                        >
                        > Start here:
                        >
                        > http://news.cnet.com/8301-1009_3-10255226-83.html
                        >
                        > It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.

                        But of course *that* is the question, isn't it? - how that happens?

                        John K.
                      • geoffrey mendelson
                        ... It s pretty easy to figure out the user name of the owner of the HTML files of a web site. Once you have done that, there are plenty of lists of passwords
                        Message 11 of 11 , Jun 15, 2009
                        • 0 Attachment
                          On Jun 16, 2009, at 8:52 AM, John Kaufmann wrote:


                          > But of course *that* is the question, isn't it? - how that happens?
                          >


                          It's pretty easy to figure out the user name of the owner of the HTML
                          files of a web site. Once you have done that, there are plenty of
                          lists of passwords floating around the Internet. Probably 99% of the
                          ones in use today are on those lists. Yes, people don't think that
                          anyone would ever guess that their password is "spock".

                          Look at Sarah Palin. Someone easily guessed her password on Yahoo
                          email. They did it with a little more sophistication than a password
                          list,
                          they pretended to be her and got the lost password hint. 10 seconds on
                          Wikipedia and they were in.

                          I won't say what I use for passwords, but when it comes time for
                          security questions, I usually answer something completely "out there",
                          such as for "what is your high school" I answer "chocolate" and no, I
                          did not go to Hershey High.

                          BTW, have you ever gotten one of those "you have received an eCard"
                          emails, where there is no indication of from whom? Most of them
                          include a click here to see your eCard link which ends in .exe (a
                          windows executable file). For the heck of it, I downloaded one and
                          looked at it. It was an IRC client and a password guessing program,
                          complete with a fairly good list of passwords to try.

                          Geoff.


                          --
                          geoffrey mendelson N3OWJ/4X1GM
                          Jerusalem Israel geoffreymendelson@...
                        Your message has been successfully submitted and would be delivered to recipients shortly.