Loading ...
Sorry, an error occurred while loading the content.

Re: [wpmac] Mac viruses

Expand Messages
  • Nancy Hyden Woodward
    I have a question about viruses. Don t know when/how to recognize them. I only have Macs. Yesterday, I received an email from a list member of an animal
    Message 1 of 11 , Jun 12, 2009
    • 0 Attachment
      I have a question about viruses. Don't know when/how to recognize
      them. I only have Macs.
      Yesterday, I received an email from a list member of an animal rights/
      welfare group. The first four paragraphs contained several lines of
      letters and numbers, not set pattern. Then it had forwarded text. I
      sent it to the list , as is, and asked if I should be concerned about
      it. The original sender wrote back that she didn't have it on her
      email when she mailed it.
      Any thoughts?
      Nancy
      On Jun 12, 2009, at 3:20 PM, John Rethorst wrote:

      >
      >
      > http://news.bbc.co.uk/2/hi/technology/8096822.stm
      >
      > Security experts have discovered two novel forms of Mac OS X malware.
      >
      > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a
      > Trojan called OSX/Jahlav-C were both found on popular pornographic
      > websites.
      >
      > Users logging on to these sites are asked to download a "missing
      > Video ActiveX Object" but are sent a virus payload instead.
      >
      > While most viruses target PC users, there has been rise in the
      > number of attacks on Mac systems.
      >
      > Graham Cluley, a security expert with anti-virus firm Sophos, told
      > the BBC that the small number of Mac viruses had made some users
      > complacent.
      >
      > "There is a lot less malware on Mac than for Windows, so Mac users
      > sometimes feel invincible.
      >
      > "Apple have marketed their system on the line of 'you won't suffer
      > spyware like you would on Windows' and that has reinforced people's
      > attitudes.
      >
      > "And one thing we do know is that you are less likely to be running
      > anti-virus software on a Mac than on a PC," he said.
      >
      > Sophos says that the OSX/Jahlav-C is an update to a previous
      > version of Jahlav; it runs a script that "uses http to communicate
      > with a remote website and download code supplied by the attacker".
      >
      > Previously, the virus would download fake anti-virus software that
      > would dupe users into buying a product that would not actually do
      > anything and, warned Mr Cluley, would result in hackers obtaining
      > credit card details. However, that has changed and at present the
      > virus is not downloading any code.
      >
      > "At the moment the virus is not managing to get that [fake anti-
      > virus software] program, but because it is going to a site
      > controlled by hackers, they can change it to download whatever they
      > want," he said.
      >
      > That could be keyloggers, data mining or adding the Mac to a future
      > botnet.
      >
      > Christopher Phin - deputy editor of Mac Format magazine - told the
      > BBC that Mac users needed to be more aware of potential threats.
      >
      > "The Apple community is guilty of peddling the line that they are
      > removed from security issues.," he said.
      >
      > One of the reasons for this could be that while there are millions
      > of viruses targeting the Windows operating system, it is thought
      > there are less than 70 affecting Apple computers.
      >
      > "The most useful thing people can do is educate themselves on best
      > practice to avoid getting infected in the first place."
      >
      > Mr Phin said that, for now, Mac users did not have the same need
      > for anti-virus software that PC users did, although that could
      > change in the future.
      >
      > "I suspect we will see more creative and new ways of exploiting
      > vulnerabilities on all formats and the greater Apple profile makes
      > it more susceptible to being targeted," he said.
      >
      >
      >



      [Non-text portions of this message have been removed]
    • Randy B. Singer
      ... These new Trojans sound exactly like the RSPlug Trojan. I wonder if they are exactly the same, only newly discovered ?
      Message 2 of 11 , Jun 12, 2009
      • 0 Attachment
        On Jun 12, 2009, at 12:20 PM, John Rethorst wrote:

        > http://news.bbc.co.uk/2/hi/technology/8096822.stm
        >
        > Security experts have discovered two novel forms of Mac OS X malware.
        >
        > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a
        > Trojan called OSX/Jahlav-C were both found on popular pornographic
        > websites.

        These "new" Trojans sound exactly like the RSPlug Trojan. I wonder
        if they are exactly the same, only newly "discovered"?
        http://www.intego.com/news/ism0808.asp

        ___________________________________________
        Randy B. Singer
        Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

        Macintosh OS X Routine Maintenance
        http://www.macattorney.com/ts.html
        ___________________________________________
      • Phillip M. Jones, C.E.T.
        Users logging on to these sites are asked to download a missing Video Active-X Object but are sent a virus payload instead. Unless the mac user less than
        Message 3 of 11 , Jun 12, 2009
        • 0 Attachment
          "Users logging on to these sites are asked to download a "missing Video
          Active-X Object" but are sent a virus payload instead."

          Unless the mac user less than thirty days using a Mac, everyone is aware
          that the OSX system has , not will, can not and will never use Active-X
          Steve Jobs and Techs at Apple have deemed Active-X, and Active -X
          controls as too dangerous to Run, as MS has its written, its absolutely
          impossible to make safe.

          90 percent of more of PC's Malware Junk is deployed Active-X Today.

          In fact in order to use Active-X in IE since version 7 it has to be
          turned on and there is a warning about the dangers.

          And Two anyone visiting Porn sites deserve anything they get.

          John Rethorst wrote:
          >
          >
          >
          > http://news.bbc.co.uk/2/hi/technology/8096822.stm
          > <http://news.bbc.co.uk/2/hi/technology/8096822.stm>
          >
          > Security experts have discovered two novel forms of Mac OS X malware.
          >
          > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan
          > called OSX/Jahlav-C were both found on popular pornographic websites.
          >
          > Users logging on to these sites are asked to download a "missing Video
          > ActiveX Object" but are sent a virus payload instead.
          >
          > While most viruses target PC users, there has been rise in the number of
          > attacks on Mac systems.
          >
          > Graham Cluley, a security expert with anti-virus firm Sophos, told the
          > BBC that the small number of Mac viruses had made some users complacent.
          >
          > "There is a lot less malware on Mac than for Windows, so Mac users
          > sometimes feel invincible.
          >
          > "Apple have marketed their system on the line of 'you won't suffer
          > spyware like you would on Windows' and that has reinforced people's
          > attitudes.
          >
          > "And one thing we do know is that you are less likely to be running
          > anti-virus software on a Mac than on a PC," he said.
          >
          > Sophos says that the OSX/Jahlav-C is an update to a previous version of
          > Jahlav; it runs a script that "uses http to communicate with a remote
          > website and download code supplied by the attacker".
          >
          > Previously, the virus would download fake anti-virus software that would
          > dupe users into buying a product that would not actually do anything
          > and, warned Mr Cluley, would result in hackers obtaining credit card
          > details. However, that has changed and at present the virus is not
          > downloading any code.
          >
          > "At the moment the virus is not managing to get that [fake anti-virus
          > software] program, but because it is going to a site controlled by
          > hackers, they can change it to download whatever they want," he said.
          >
          > That could be keyloggers, data mining or adding the Mac to a future botnet.
          >
          > Christopher Phin - deputy editor of Mac Format magazine - told the BBC
          > that Mac users needed to be more aware of potential threats.
          >
          > "The Apple community is guilty of peddling the line that they are
          > removed from security issues.," he said.
          >
          > One of the reasons for this could be that while there are millions of
          > viruses targeting the Windows operating system, it is thought there are
          > less than 70 affecting Apple computers.
          >
          > "The most useful thing people can do is educate themselves on best
          > practice to avoid getting infected in the first place."
          >
          > Mr Phin said that, for now, Mac users did not have the same need for
          > anti-virus software that PC users did, although that could change in the
          > future.
          >
          > "I suspect we will see more creative and new ways of exploiting
          > vulnerabilities on all formats and the greater Apple profile makes it
          > more susceptible to being targeted," he said.
          >
          >

          --
          Phillip M. Jones, C.E.T. "If it Ain't Broke, Don't Fix it"
          616 Liberty Street Martinsville, Va 24112-1809
          Phone: 276-632-5045 Cell: 276-732-7781 Fax: 276-632-0868
          http://www.phillipmjones.net http://www.vpea.org
          mailto:pjones1@...
        • geoffrey mendelson
          ... The problem with that is that many sites on the web are infected with links that you never see. When a friend died my wife looked her up and found an
          Message 4 of 11 , Jun 13, 2009
          • 0 Attachment
            On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
            > And Two anyone visiting Porn sites deserve anything they get.
            >


            The problem with that is that many sites on the web are infected with
            links that you never see. When a friend died my wife looked her up and
            found an article on a community news site about her with an interview
            from the year 2000. It also had several links to those sites burried
            in the web page, which did not show up if you were just looking at it.

            They did show up in search engine reference counts, and if your
            broswer did any forward caching, files from them would be on your
            computer without you knowing about it.

            They were inserted after the web pages were uploaded to the server,
            and the owner of the site, and anyone who went there had no idea they
            were there. His server company told him it was his problem. As a
            kindness, I wrote a program to scan his entire site and locate the
            links. I found that about 15% of his pages were "infected".

            Some of them pointed to links on other web pages, where pages,
            pictures and video were hidden. One of them was for an enviornmental
            group, a few church groups, and they were scattered all over the globle.

            If I were to look at your computer, I would probably find hundreds if
            not thousands of files from those sites, depending upon how much web
            browsing you do, and how well you clean you caches.

            Geoff.

            --
            geoffrey mendelson N3OWJ/4X1GM
            Jerusalem Israel geoffreymendelson@...
          • Chad Smith
            His point, though, was, according to the article, you have to go to a porn site, which tells you that you need an Active-X plugin . That s the virus, the
            Message 5 of 11 , Jun 13, 2009
            • 0 Attachment
              His point, though, was, according to the article, you have to go to a porn
              site, which tells you that you need an "Active-X plugin". That's the virus,
              the plugin. If you don't go to the website and try to install the plugin -
              you won't get the virus. Even if you visit a site that is linked to the
              porn site - you won't get it.

              I agree with the one who said anybody who uses a Mac *should* know that you
              can't use Active-X on Mac, (except under virtualized Windows).

              I also think it's insane to get worried about one virus on one site that
              requires an idiot decision by the Mac user to even work.

              Any operating system - let me repeat that - ANY operating system can be
              compromised if you fool the user into installing your software on their
              system as an administrator, (which is what you are doing whenever you type
              in your password to install software).

              - Chad Smith
              http://www.chadwsmith.com/


              On Sat, Jun 13, 2009 at 2:03 PM, geoffrey mendelson <
              geoffreymendelson@...> wrote:

              >
              >
              >
              > On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
              > > And Two anyone visiting Porn sites deserve anything they get.
              > >
              >
              > The problem with that is that many sites on the web are infected with
              > links that you never see. When a friend died my wife looked her up and
              > found an article on a community news site about her with an interview
              > from the year 2000. It also had several links to those sites burried
              > in the web page, which did not show up if you were just looking at it.
              >
              > They did show up in search engine reference counts, and if your
              > broswer did any forward caching, files from them would be on your
              > computer without you knowing about it.
              >
              > They were inserted after the web pages were uploaded to the server,
              > and the owner of the site, and anyone who went there had no idea they
              > were there. His server company told him it was his problem. As a
              > kindness, I wrote a program to scan his entire site and locate the
              > links. I found that about 15% of his pages were "infected".
              >
              > Some of them pointed to links on other web pages, where pages,
              > pictures and video were hidden. One of them was for an enviornmental
              > group, a few church groups, and they were scattered all over the globle.
              >
              > If I were to look at your computer, I would probably find hundreds if
              > not thousands of files from those sites, depending upon how much web
              > browsing you do, and how well you clean you caches.
              >
              > Geoff.
              >
              > --
              > geoffrey mendelson N3OWJ/4X1GM
              > Jerusalem Israel geoffreymendelson@...<geoffreymendelson%40gmail.com>
              >
              >
              >


              [Non-text portions of this message have been removed]
            • John Rethorst
              ... These things happen . . . :-) John R.
              Message 6 of 11 , Jun 13, 2009
              • 0 Attachment
                --- In wordperfectmac@yahoogroups.com, Chad Smith <chad78@...> wrote:

                > . . . requires an idiot decision by the Mac user to even work.

                These things happen . . . :-)

                John R.
              • John Kaufmann
                Geoff, ... Could you expand a little on how that happens? John K.
                Message 7 of 11 , Jun 13, 2009
                • 0 Attachment
                  Geoff,

                  In a message dated 2009.06.13 15:03 -0500, geoffrey mendelson wrote:

                  > The problem with that is that many sites on the web are infected with
                  > links that you never see... inserted after the web pages were uploaded
                  > to the server ...

                  Could you expand a little on how that happens?

                  John K.
                • Edward Mendelson
                  ... Start here: http://news.cnet.com/8301-1009_3-10255226-83.html It doesn t tell how the stuff actually gets on the sites, but that s presumably done through
                  Message 8 of 11 , Jun 15, 2009
                  • 0 Attachment
                    --- In wordperfectmac@yahoogroups.com, John Kaufmann <kaufmann@...> wrote:

                    > > The problem with that is that many sites on the web are infected with
                    > > links that you never see... inserted after the web pages were uploaded
                    > > to the server ...
                    >
                    > Could you expand a little on how that happens?

                    Start here:

                    http://news.cnet.com/8301-1009_3-10255226-83.html

                    It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.
                  • John Kaufmann
                    ... But of course *that* is the question, isn t it? - how that happens? John K.
                    Message 9 of 11 , Jun 15, 2009
                    • 0 Attachment
                      In a message dated 2009.06.15 10:24 -0500, Edward Mendelson wrote:

                      >>> The problem with that is that many sites on the web are infected with
                      >>> links that you never see... inserted after the web pages were uploaded
                      >>> to the server ...
                      >>
                      >> Could you expand a little on how that happens?
                      >
                      > Start here:
                      >
                      > http://news.cnet.com/8301-1009_3-10255226-83.html
                      >
                      > It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.

                      But of course *that* is the question, isn't it? - how that happens?

                      John K.
                    • geoffrey mendelson
                      ... It s pretty easy to figure out the user name of the owner of the HTML files of a web site. Once you have done that, there are plenty of lists of passwords
                      Message 10 of 11 , Jun 15, 2009
                      • 0 Attachment
                        On Jun 16, 2009, at 8:52 AM, John Kaufmann wrote:


                        > But of course *that* is the question, isn't it? - how that happens?
                        >


                        It's pretty easy to figure out the user name of the owner of the HTML
                        files of a web site. Once you have done that, there are plenty of
                        lists of passwords floating around the Internet. Probably 99% of the
                        ones in use today are on those lists. Yes, people don't think that
                        anyone would ever guess that their password is "spock".

                        Look at Sarah Palin. Someone easily guessed her password on Yahoo
                        email. They did it with a little more sophistication than a password
                        list,
                        they pretended to be her and got the lost password hint. 10 seconds on
                        Wikipedia and they were in.

                        I won't say what I use for passwords, but when it comes time for
                        security questions, I usually answer something completely "out there",
                        such as for "what is your high school" I answer "chocolate" and no, I
                        did not go to Hershey High.

                        BTW, have you ever gotten one of those "you have received an eCard"
                        emails, where there is no indication of from whom? Most of them
                        include a click here to see your eCard link which ends in .exe (a
                        windows executable file). For the heck of it, I downloaded one and
                        looked at it. It was an IRC client and a password guessing program,
                        complete with a fairly good list of passwords to try.

                        Geoff.


                        --
                        geoffrey mendelson N3OWJ/4X1GM
                        Jerusalem Israel geoffreymendelson@...
                      Your message has been successfully submitted and would be delivered to recipients shortly.