Finally a virus for us Mac users!!!!

Discuss music production with Ableton Live.
Geezus
Posts: 760
Joined: Sun Oct 21, 2007 12:20 am

Post by Geezus » Wed Jan 28, 2009 8:18 am

Image

mkelly
Posts: 595
Joined: Sat Feb 24, 2007 2:32 pm
Location: Belfast

Post by mkelly » Wed Jan 28, 2009 8:30 am

Machinesworking wrote:I know of no way to run an application without installing it
Installing it only puts it into a specific location (usually /Applications) on your hard drive so that it can be run from there later on. A common way to install some Mac apps is to open a .dmg file, and drag the application icon to the Applications folder. However, you can if you wish double click the application icon from within the .dmg file to run it in many cases. You need your password to copy the app to Applications, but not usually to run it directly.

There's also installers of the .pkg/.mpkg variety - these generally put data somewhere like /Library/Application Support and that's why they're a bit more involved.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1

g1sh
Posts: 17
Joined: Sat Jan 24, 2009 2:23 pm
Location: Warsaw, PL
Contact:

Post by g1sh » Wed Jan 28, 2009 10:09 am

Angstrom wrote:even though there are only about 12 viruses/trojans available for Mac,
Last I've heard there were 33 according to the latest Kaspersky analysis ;)
[ ]

massiveheadpain
Posts: 208
Joined: Sat Jan 14, 2006 7:44 pm
Contact:

Post by massiveheadpain » Wed Jan 28, 2009 10:37 am

yes 33 is the correct number atm

paradiddle
Posts: 512
Joined: Wed Jul 14, 2004 12:21 am
Location: mtl

Post by paradiddle » Wed Jan 28, 2009 10:40 am

Shit, it's like Moore's law! 8O

Machinesworking
Posts: 11551
Joined: Wed Jun 23, 2004 9:30 pm
Location: Seattle

Post by Machinesworking » Wed Jan 28, 2009 11:14 am

mkelly wrote:
Machinesworking wrote:I know of no way to run an application without installing it
Installing it only puts it into a specific location (usually /Applications) on your hard drive so that it can be run from there later on. A common way to install some Mac apps is to open a .dmg file, and drag the application icon to the Applications folder. However, you can if you wish double click the application icon from within the .dmg file to run it in many cases. You need your password to copy the app to Applications, but not usually to run it directly.

There's also installers of the .pkg/.mpkg variety - these generally put data somewhere like /Library/Application Support and that's why they're a bit more involved.
OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.

I could be dead wrong though we'll see. IMO so far it's looking like most of the viruses you can get on OSX are ones that are embarrassing to admit you installed, and ran, since your hand is pretty much held every step of the way.

clipperer
Posts: 593
Joined: Tue Jan 11, 2005 4:24 pm

Post by clipperer » Wed Jan 28, 2009 11:21 am

"I would estimate that with a well distributed trojan about 50% of Mac users would willfully infect themselves when presented with this mail :

attachment : amazing-vid.troj"

rofll!!!!!!!!!!!!!!!!!!!11

mkelly
Posts: 595
Joined: Sat Feb 24, 2007 2:32 pm
Location: Belfast

Post by mkelly » Wed Jan 28, 2009 11:28 am

Machinesworking wrote:OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.
I'm not sure I get you here. Are you saying they should update the OS so that if you run anything other than a known data file (movie/picture), you get a warning saying it's an application from the Internet? Or are you saying it already does this (which I don't believe 10.4.11 does).

What if the .dmg was on a friend's USB key - it's not the Internet then. What if there's an exploit for Quicktime/Preview that was triggered by a movie/picture which you don't get warned about.
Machinesworking wrote:I could be dead wrong though we'll see. IMO so far it's looking like most of the viruses you can get on OSX are ones that are embarrassing to admit you installed, and ran, since your hand is pretty much held every step of the way.
I agree with this - 3 trojans in the last week all relating to downloading cracked software. IMO if you take chances, you get burnt.

However, I think the key is in education. Kids should be taught (if they aren't already) about the dangers of viruses/trojans etc. There's a lot of danger in inexperienced users installing malware which education might prevent.

We don't let inexperienced people drive cars, yet we'll let anbody play about with a computer - and while one compromised computer is small potatoes in comparison to a kid getting dragged under the car of a new driver, thousands of compromised computers hooked up in a botnet has the potential to cause massive damage.

Mo
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1

Machinesworking
Posts: 11551
Joined: Wed Jun 23, 2004 9:30 pm
Location: Seattle

Post by Machinesworking » Thu Jan 29, 2009 2:52 am

mkelly wrote:
Machinesworking wrote:OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.
I'm not sure I get you here. Are you saying they should update the OS so that if you run anything other than a known data file (movie/picture), you get a warning saying it's an application from the Internet? Or are you saying it already does this (which I don't believe 10.4.11 does).

What if the .dmg was on a friend's USB key - it's not the Internet then. What if there's an exploit for Quicktime/Preview that was triggered by a movie/picture which you don't get warned about.
USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image. This doesn't mean there isn't ways around this, but let's face it, with the amount of Windows users out there that hate Apple, if it was as easy as it is on Windows, it would be more common.
This is one thing that always blows me away about the excuse that OSX isn't as huge, so that's why there aren't as many viruses. If forums are any measure of attitude, then Apple is well hated, and would easily be a target.



I agree with this - 3 trojans in the last week all relating to downloading cracked software. IMO if you take chances, you get burnt.

However, I think the key is in education. Kids should be taught (if they aren't already) about the dangers of viruses/trojans etc. There's a lot of danger in inexperienced users installing malware which education might prevent.

We don't let inexperienced people drive cars, yet we'll let anbody play about with a computer - and while one compromised computer is small potatoes in comparison to a kid getting dragged under the car of a new driver, thousands of compromised computers hooked up in a botnet has the potential to cause massive damage.

Mo
I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.

mkelly
Posts: 595
Joined: Sat Feb 24, 2007 2:32 pm
Location: Belfast

Post by mkelly » Thu Jan 29, 2009 9:14 am

Machinesworking wrote:USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image.
Sorry, but that's not factually correct. A virus does not have to be installed to be run, certainly on 10.4.11. Example here: I just downloaded the .dmg file of PhotoPresenter from www.boinx.com/download/ - I opened the .dmg and was presented with a common method for installing apps. The app icon and a link to the Applications folder with the instructions "To install drag PhotoPresenter to the folder Applications" - I didn't though, I just double-clicked the PhotoPresenter icon, and the app just ran. It's a self contained app - it has everything it needs inside the .app package and will run from anywhere. A virus can be the same. Would be interested to see what the craic is with Leopard.
I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.
Unless they get your CC details, online banking password, or other personal information. They could use your machine as part of a botnet to send spam, which costs businesses a lot of money every year. They could also use the botnet to direct DDoS attacks on businesseds or even governmental infrastructure which could cripple a country if they found the right vulnerability.

Keeping a computer malware free is no longer a matter of personal convenience - it's a responsibility IMO.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1

Machinesworking
Posts: 11551
Joined: Wed Jun 23, 2004 9:30 pm
Location: Seattle

Post by Machinesworking » Thu Jan 29, 2009 9:42 am

mkelly wrote:
Machinesworking wrote:USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image.
Sorry, but that's not factually correct. A virus does not have to be installed to be run, certainly on 10.4.11. Example here: I just downloaded the .dmg file of PhotoPresenter from www.boinx.com/download/ - I opened the .dmg and was presented with a common method for installing apps. The app icon and a link to the Applications folder with the instructions "To install drag PhotoPresenter to the folder Applications" - I didn't though, I just double-clicked the PhotoPresenter icon, and the app just ran. It's a self contained app - it has everything it needs inside the .app package and will run from anywhere. A virus can be the same. Would be interested to see what the craic is with Leopard.


I'm not 100% certain on this, yes, but we're talking different things here. On leopard any internet file it asks you if you feel safe running it. AFAIK no quicktime movie I've ever downloaded was on a disk image. My point was that the application would either have to be downloaded, and regularly installed, in which case the OS will ask you for a password, which would be suspicious if it was in fact a quicktime movie, or it would have to run off a disk image, which would be odd if it was in fact a quicktime movie. Though you're right, there's an obvious exploit right there if someone could work it right.
I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.
Unless they get your CC details, online banking password, or other personal information. They could use your machine as part of a botnet to send spam, which costs businesses a lot of money every year. They could also use the botnet to direct DDoS attacks on businesseds or even governmental infrastructure which could cripple a country if they found the right vulnerability.

Keeping a computer malware free is no longer a matter of personal convenience - it's a responsibility IMO.
This is an area where you would have to be pretty whacked as an OS X user to get into though, to instal a botnet app on OSX would be near impossible without the user allowing it. Who keeps CC details and online banking passwords in any form on their computer?? Unless again they are able to instal an application on your computer, which is near impossible in OSX.
I'm not trying to knock Windows for fun here, but these sorts of exploits are mainly due to really glaring omissions of security in XP, that you can override the password system etc. Now I'm certain that you're going to eventually be right, but as it stands there are no bots that are on OSX machines, it's just not happening yet. Yet is the key word here, but I've been saying yet ever since OSX came out. So it's a pretty good ride that way.
Apple do recommend anti virus software now, which is a sign that they aren't as secure as they used to be, so it's all possible I suppose.

mkelly
Posts: 595
Joined: Sat Feb 24, 2007 2:32 pm
Location: Belfast

Post by mkelly » Thu Jan 29, 2009 10:01 am

Machinesworking wrote: I'm not 100% certain on this, yes, but we're talking different things here. On leopard any internet file it asks you if you feel safe running it. AFAIK no quicktime movie I've ever downloaded was on a disk image. My point was that the application would either have to be downloaded, and regularly installed, in which case the OS will ask you for a password, which would be suspicious if it was in fact a quicktime movie, or it would have to run off a disk image, which would be odd if it was in fact a quicktime movie. Though you're right, there's an obvious exploit right there if someone could work it right.
Yeah we probably are talking about different things here. I'm talking about a trojan inside a seemingly valid piece of software, inside a .dmg

I'm a savvy enough computer user. 25 years under my belt, the last 8 or 9 in a professional capacity. I got a Mac 18 months ago. I downloaded an application wrapped inside a disk image. I mounted the image, saw an app icon, and double clicked. The app ran. I couldn't understand it. I read the readme in the disk image and it said to drag the app icon to the Applications folder. Then I was prompted for my password. Was I entering that to install the app, or was I entering the password to give the app root permissions to run background processes that could do almost anything.

Even if I didn't enter the password the initial running of the app could act as a key logger, capturing my passwords and personal details as they're entered into online forms.
I'm not trying to knock Windows for fun here, but these sorts of exploits are mainly due to really glaring omissions of security in XP, that you can override the password system etc. Now I'm certain that you're going to eventually be right, but as it stands there are no bots that are on OSX machines, it's just not happening yet. Yet is the key word here, but I've been saying yet ever since OSX came out. So it's a pretty good ride that way.
From http://www.appleinsider.com/articles/09 ... rates.html
According to Intego, the rogue software connects to a remote server to notify its creator that the trojan has been installed on different Macs, and he or she can "connect to them and perform various actions remotely", including downloading additional components to the machine.

...

In an update on the matter Monday morning, Intego said Macs infected with the trojan are being pushed new code that downloads in the background, which is then being used to facilitate a DDoS (distributed denial of service) attack on certain websites.
The ability to be remotely controlled and participate in a DDoS to me constitutes a botnet.

I'm with you though - while I think it's easier to crack a Mac than many would believe, I still think it's inherently more secure than Windows. That said, I use Windows in a work capacity - 7+ years on a Windows laptop in work and I've not had one infection of malware. Nothing to do with a strict security policy at work, just being a smart user is the key. Which is why I think education of computer users is essential.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1

starving student
Posts: 7129
Joined: Thu Dec 09, 2004 6:13 pm
Location: right here

Post by starving student » Thu Jan 29, 2009 11:04 am

i infected my stereo with a spice girls cd once

hoffman2k
Posts: 14718
Joined: Tue Jun 15, 2004 6:40 pm
Location: Belgium
Contact:

Post by hoffman2k » Thu Jan 29, 2009 12:03 pm

:lol:

Mac users have the best virus protection system ever!
We use PC users for protection.

Its fairly simple. As soon as a virus or trojan gets discovered (usually by the same guy), its big news on all mac forums and news sites. The news will even make it to my local paper.
Since some PC users can't wait to point and laugh, you're more likely to run into a user like that first than the actual virus/trojan.

So its virtually impossible for a Mac user to run into a virus unknowingly.
And how long is this knowledge relevant? 2 or 3 security fixes later and its time to find a new trojan.
I'm not under the illusion that the mac is invulnerable. It isn't. And if hackers really wanted to, they'd shut us down.
But as it stands now, writing a virus or a trojan for mac is better than writing a resume for Apple. People can still brag about finding Mac exploits and use it to advance their career.

So by the time you actually posted about this. Its already old news and the fixes have been released. http://www.macrumors.com/2009/01/22/iwo ... -x-trojan/

Post Reply