Loading ...
Sorry, an error occurred while loading the content.

Re: [wpmac] Mac viruses

Expand Messages
  • Phillip M. Jones, C.E.T.
    Users logging on to these sites are asked to download a missing Video Active-X Object but are sent a virus payload instead. Unless the mac user less than
    Message 1 of 11 , Jun 12, 2009
    • 0 Attachment
      "Users logging on to these sites are asked to download a "missing Video
      Active-X Object" but are sent a virus payload instead."

      Unless the mac user less than thirty days using a Mac, everyone is aware
      that the OSX system has , not will, can not and will never use Active-X
      Steve Jobs and Techs at Apple have deemed Active-X, and Active -X
      controls as too dangerous to Run, as MS has its written, its absolutely
      impossible to make safe.

      90 percent of more of PC's Malware Junk is deployed Active-X Today.

      In fact in order to use Active-X in IE since version 7 it has to be
      turned on and there is a warning about the dangers.

      And Two anyone visiting Porn sites deserve anything they get.

      John Rethorst wrote:
      >
      >
      >
      > http://news.bbc.co.uk/2/hi/technology/8096822.stm
      > <http://news.bbc.co.uk/2/hi/technology/8096822.stm>
      >
      > Security experts have discovered two novel forms of Mac OS X malware.
      >
      > OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan
      > called OSX/Jahlav-C were both found on popular pornographic websites.
      >
      > Users logging on to these sites are asked to download a "missing Video
      > ActiveX Object" but are sent a virus payload instead.
      >
      > While most viruses target PC users, there has been rise in the number of
      > attacks on Mac systems.
      >
      > Graham Cluley, a security expert with anti-virus firm Sophos, told the
      > BBC that the small number of Mac viruses had made some users complacent.
      >
      > "There is a lot less malware on Mac than for Windows, so Mac users
      > sometimes feel invincible.
      >
      > "Apple have marketed their system on the line of 'you won't suffer
      > spyware like you would on Windows' and that has reinforced people's
      > attitudes.
      >
      > "And one thing we do know is that you are less likely to be running
      > anti-virus software on a Mac than on a PC," he said.
      >
      > Sophos says that the OSX/Jahlav-C is an update to a previous version of
      > Jahlav; it runs a script that "uses http to communicate with a remote
      > website and download code supplied by the attacker".
      >
      > Previously, the virus would download fake anti-virus software that would
      > dupe users into buying a product that would not actually do anything
      > and, warned Mr Cluley, would result in hackers obtaining credit card
      > details. However, that has changed and at present the virus is not
      > downloading any code.
      >
      > "At the moment the virus is not managing to get that [fake anti-virus
      > software] program, but because it is going to a site controlled by
      > hackers, they can change it to download whatever they want," he said.
      >
      > That could be keyloggers, data mining or adding the Mac to a future botnet.
      >
      > Christopher Phin - deputy editor of Mac Format magazine - told the BBC
      > that Mac users needed to be more aware of potential threats.
      >
      > "The Apple community is guilty of peddling the line that they are
      > removed from security issues.," he said.
      >
      > One of the reasons for this could be that while there are millions of
      > viruses targeting the Windows operating system, it is thought there are
      > less than 70 affecting Apple computers.
      >
      > "The most useful thing people can do is educate themselves on best
      > practice to avoid getting infected in the first place."
      >
      > Mr Phin said that, for now, Mac users did not have the same need for
      > anti-virus software that PC users did, although that could change in the
      > future.
      >
      > "I suspect we will see more creative and new ways of exploiting
      > vulnerabilities on all formats and the greater Apple profile makes it
      > more susceptible to being targeted," he said.
      >
      >

      --
      Phillip M. Jones, C.E.T. "If it Ain't Broke, Don't Fix it"
      616 Liberty Street Martinsville, Va 24112-1809
      Phone: 276-632-5045 Cell: 276-732-7781 Fax: 276-632-0868
      http://www.phillipmjones.net http://www.vpea.org
      mailto:pjones1@...
    • geoffrey mendelson
      ... The problem with that is that many sites on the web are infected with links that you never see. When a friend died my wife looked her up and found an
      Message 2 of 11 , Jun 13, 2009
      • 0 Attachment
        On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
        > And Two anyone visiting Porn sites deserve anything they get.
        >


        The problem with that is that many sites on the web are infected with
        links that you never see. When a friend died my wife looked her up and
        found an article on a community news site about her with an interview
        from the year 2000. It also had several links to those sites burried
        in the web page, which did not show up if you were just looking at it.

        They did show up in search engine reference counts, and if your
        broswer did any forward caching, files from them would be on your
        computer without you knowing about it.

        They were inserted after the web pages were uploaded to the server,
        and the owner of the site, and anyone who went there had no idea they
        were there. His server company told him it was his problem. As a
        kindness, I wrote a program to scan his entire site and locate the
        links. I found that about 15% of his pages were "infected".

        Some of them pointed to links on other web pages, where pages,
        pictures and video were hidden. One of them was for an enviornmental
        group, a few church groups, and they were scattered all over the globle.

        If I were to look at your computer, I would probably find hundreds if
        not thousands of files from those sites, depending upon how much web
        browsing you do, and how well you clean you caches.

        Geoff.

        --
        geoffrey mendelson N3OWJ/4X1GM
        Jerusalem Israel geoffreymendelson@...
      • Chad Smith
        His point, though, was, according to the article, you have to go to a porn site, which tells you that you need an Active-X plugin . That s the virus, the
        Message 3 of 11 , Jun 13, 2009
        • 0 Attachment
          His point, though, was, according to the article, you have to go to a porn
          site, which tells you that you need an "Active-X plugin". That's the virus,
          the plugin. If you don't go to the website and try to install the plugin -
          you won't get the virus. Even if you visit a site that is linked to the
          porn site - you won't get it.

          I agree with the one who said anybody who uses a Mac *should* know that you
          can't use Active-X on Mac, (except under virtualized Windows).

          I also think it's insane to get worried about one virus on one site that
          requires an idiot decision by the Mac user to even work.

          Any operating system - let me repeat that - ANY operating system can be
          compromised if you fool the user into installing your software on their
          system as an administrator, (which is what you are doing whenever you type
          in your password to install software).

          - Chad Smith
          http://www.chadwsmith.com/


          On Sat, Jun 13, 2009 at 2:03 PM, geoffrey mendelson <
          geoffreymendelson@...> wrote:

          >
          >
          >
          > On Jun 13, 2009, at 2:37 AM, Phillip M. Jones, C.E.T. wrote:
          > > And Two anyone visiting Porn sites deserve anything they get.
          > >
          >
          > The problem with that is that many sites on the web are infected with
          > links that you never see. When a friend died my wife looked her up and
          > found an article on a community news site about her with an interview
          > from the year 2000. It also had several links to those sites burried
          > in the web page, which did not show up if you were just looking at it.
          >
          > They did show up in search engine reference counts, and if your
          > broswer did any forward caching, files from them would be on your
          > computer without you knowing about it.
          >
          > They were inserted after the web pages were uploaded to the server,
          > and the owner of the site, and anyone who went there had no idea they
          > were there. His server company told him it was his problem. As a
          > kindness, I wrote a program to scan his entire site and locate the
          > links. I found that about 15% of his pages were "infected".
          >
          > Some of them pointed to links on other web pages, where pages,
          > pictures and video were hidden. One of them was for an enviornmental
          > group, a few church groups, and they were scattered all over the globle.
          >
          > If I were to look at your computer, I would probably find hundreds if
          > not thousands of files from those sites, depending upon how much web
          > browsing you do, and how well you clean you caches.
          >
          > Geoff.
          >
          > --
          > geoffrey mendelson N3OWJ/4X1GM
          > Jerusalem Israel geoffreymendelson@...<geoffreymendelson%40gmail.com>
          >
          >
          >


          [Non-text portions of this message have been removed]
        • John Rethorst
          ... These things happen . . . :-) John R.
          Message 4 of 11 , Jun 13, 2009
          • 0 Attachment
            --- In wordperfectmac@yahoogroups.com, Chad Smith <chad78@...> wrote:

            > . . . requires an idiot decision by the Mac user to even work.

            These things happen . . . :-)

            John R.
          • John Kaufmann
            Geoff, ... Could you expand a little on how that happens? John K.
            Message 5 of 11 , Jun 13, 2009
            • 0 Attachment
              Geoff,

              In a message dated 2009.06.13 15:03 -0500, geoffrey mendelson wrote:

              > The problem with that is that many sites on the web are infected with
              > links that you never see... inserted after the web pages were uploaded
              > to the server ...

              Could you expand a little on how that happens?

              John K.
            • Edward Mendelson
              ... Start here: http://news.cnet.com/8301-1009_3-10255226-83.html It doesn t tell how the stuff actually gets on the sites, but that s presumably done through
              Message 6 of 11 , Jun 15, 2009
              • 0 Attachment
                --- In wordperfectmac@yahoogroups.com, John Kaufmann <kaufmann@...> wrote:

                > > The problem with that is that many sites on the web are infected with
                > > links that you never see... inserted after the web pages were uploaded
                > > to the server ...
                >
                > Could you expand a little on how that happens?

                Start here:

                http://news.cnet.com/8301-1009_3-10255226-83.html

                It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.
              • John Kaufmann
                ... But of course *that* is the question, isn t it? - how that happens? John K.
                Message 7 of 11 , Jun 15, 2009
                • 0 Attachment
                  In a message dated 2009.06.15 10:24 -0500, Edward Mendelson wrote:

                  >>> The problem with that is that many sites on the web are infected with
                  >>> links that you never see... inserted after the web pages were uploaded
                  >>> to the server ...
                  >>
                  >> Could you expand a little on how that happens?
                  >
                  > Start here:
                  >
                  > http://news.cnet.com/8301-1009_3-10255226-83.html
                  >
                  > It doesn't tell how the stuff actually gets on the sites, but that's presumably done through malware that already got on to the host server through other means.

                  But of course *that* is the question, isn't it? - how that happens?

                  John K.
                • geoffrey mendelson
                  ... It s pretty easy to figure out the user name of the owner of the HTML files of a web site. Once you have done that, there are plenty of lists of passwords
                  Message 8 of 11 , Jun 15, 2009
                  • 0 Attachment
                    On Jun 16, 2009, at 8:52 AM, John Kaufmann wrote:


                    > But of course *that* is the question, isn't it? - how that happens?
                    >


                    It's pretty easy to figure out the user name of the owner of the HTML
                    files of a web site. Once you have done that, there are plenty of
                    lists of passwords floating around the Internet. Probably 99% of the
                    ones in use today are on those lists. Yes, people don't think that
                    anyone would ever guess that their password is "spock".

                    Look at Sarah Palin. Someone easily guessed her password on Yahoo
                    email. They did it with a little more sophistication than a password
                    list,
                    they pretended to be her and got the lost password hint. 10 seconds on
                    Wikipedia and they were in.

                    I won't say what I use for passwords, but when it comes time for
                    security questions, I usually answer something completely "out there",
                    such as for "what is your high school" I answer "chocolate" and no, I
                    did not go to Hershey High.

                    BTW, have you ever gotten one of those "you have received an eCard"
                    emails, where there is no indication of from whom? Most of them
                    include a click here to see your eCard link which ends in .exe (a
                    windows executable file). For the heck of it, I downloaded one and
                    looked at it. It was an IRC client and a password guessing program,
                    complete with a fairly good list of passwords to try.

                    Geoff.


                    --
                    geoffrey mendelson N3OWJ/4X1GM
                    Jerusalem Israel geoffreymendelson@...
                  Your message has been successfully submitted and would be delivered to recipients shortly.