[Peaches]

iWork '09 Trojan horse turning Macs into zombies?
The botnet stems from a Trojan horse embedded in a trial version of iWork '09
By Dan Moren
"April 17, 2009 (Macworld)

"Over the years, Mac users have been lucky enough that the word "zombie" only conjures up the shambling brain-craving hordes of the undead in movies like Shaun of the Dead. But Windows users have long been dealing with the menace of zombie botnets--networks of PCs corrupted by malware into vectors for malicious attacks.

Now, two researchers who claim to have discovered the first Mac zombie botnet in existence have published a paper in Virus Bulletin (subscription required).


The botnet stems from a Trojan horse embedded in an iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.

Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines. They also conclude that the author of the malware was not the same person using it to launch the denial-of-service (DoS) attacks on Web sites, including according to the Washington Post's Brian Krebs, a site called "dollarcardmarketing.com." The infected package has apparently been downloaded several thousand times, though it also needs to be installed in order to do its dirty work."

Computerworld for full article: http://tinyurl.com/cokrag

[hitest]

Peaches, on Apr 18 2009, 08:02 PM, said:

The botnet stems from a Trojan horse embedded in an iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.

If you're stupid enough to install untrusted software from a file sharing network onto your system then you deserve to get rooted. I'm sure that a boxed version of iWorks 09 is just fine.

[mewi]

Why are people so surpised when Apple OS' get viruses? Their OS is highly insecure... the myth that they are more secure than Windows is highly inaccurate.

[isteve]

I think people are surprised because there are no viruses for Mac in the wild. There have been proof of concept trojans and a DNS changer. Most, like this new trojan has to be downloaded and installed by user with a admin password.

I believe this trojan can also be found in pirated copies of iLife 09 and Photoshop. And Hitest is correct the box version is fine.

[mewi]

isteve, on Apr 20 2009, 03:18 PM, said:

I think people are surprised because there are no viruses for Mac in the wild. There have been proof of concept trojans and a DNS changer. Most, like this new trojan has to be downloaded and installed by user with a admin password.

I believe this trojan can also be found in pirated copies of iLife 09 and Photoshop. And Hitest is correct the box version is fine.

Something like 99.9999% of viruses/trojans/spyware/adware/worms/etc require user interaction...

[jcl]

mewi, on Apr 20 2009, 12:41 PM, said:

Something like 99.9999% of viruses/trojans/spyware/adware/worms/etc require user interaction...

Viruses and worms are pretty much self-propagating by definition.

[mewi]

jcl, on Apr 20 2009, 03:49 PM, said:

mewi, on Apr 20 2009, 12:41 PM, said:

Something like 99.9999% of viruses/trojans/spyware/adware/worms/etc require user interaction...

Viruses and worms are pretty much self-propagating by definition.

Not sure what your "Self-Propagating" was refering too, the user's "self" or the Virus's "self"?

[jcl]

mewi, on Apr 20 2009, 01:08 PM, said:

Not sure what your "Self-Propagating" was refering too, the user's "self" or the Virus's "self"?

The virus's.

[mewi]

jcl, on Apr 20 2009, 04:16 PM, said:

mewi, on Apr 20 2009, 01:08 PM, said:

Not sure what your "Self-Propagating" was refering too, the user's "self" or the Virus's "self"?

The virus's.

They still require user interaction of some sort ;3

[Peaches]

So for those in the Mac community who believe the Mac is invulnerable, there's this simple message: You're living in the past.

Researchers: Macs are less secure than Windows PCs[/b]

"For years, Apple fans have claimed that Macs are invulnerable to attack, while belittling Windows as being full of security holes. Now the tables are turned --- not only has a Trojan infected Macs and created a botnet, but several well-known researchers warn that Mac OS X is less secure than either Windows or Linux.

In the last few days, there's been a great deal of publicity about the discovery of the world's first Mac botnet. When Mac users downloaded a pirated copy of iLife, their machines were taken over by a Trojan. At that point, according to Symantec experts Andy Cianciotto and Angela Thigpen:

When the Trojanized installer is executed, it also runs the malicious program iworkservices. The Trojan, OSX.Iservice, targets the Mac OS and is compiled as a Mach-O multi-architecture binary. This allows the Trojan to run natively on both PowerPC and x86 architectures.
...
The Trojan acts as a back door and opens a port on the local host for connections. It then attempts to connect to the following remote hosts:
69.92.177.146:59201
qwfojzlk.freehostia.com:1024. "

Computerworld for full article: http://tinyurl.com/dcgdsr



>>>>>>>>>>>>>>


[b]
Mac/PC/Linux? It doesn't matter, and here's why...
Submitted by Mike91163 on April 18, 2009 - 8:41 A.M.

Y'all are missing the BIGGER point: The HUMAN factor, and it applies across the board, regardless of the OS. Us "geeks" see the world through our "tech-colored" glasses, with tunnel vision, and we miss the whole picture.

Software of any kind, be it an operating system or an application, is written by HUMANS. Humans make mistakes; humans miss seeing things; that's what makes us who we are. Humans also tend to be a trusting bunch, and that's what gets us into trouble as well. Social engineering has been going on for millenia; you don't believe me, look up the definition of "Trojan horse".

Whether OSX's latest security breach requires human interaction doesn't matter; the fact that it exists shoots a huge hole into the Mac fanboi's argument that "Macs don't get viruses." Whatever your opinion of Windows and Microsoft is, the superiority complex of the Mac brigade is annoying and getting quite old. And, the *Nix boys aren't that far off from their Mac conterparts either; sure, you are constantly hassled for a root password, but what IF an "amateur" downloads and installs a Linux Trojan (and, before you say they don't exist, it's not a question of IF, but rather WHEN), and they type that root pwd, it's GAME OVER. That's what I mean by the human factor.

Until such time as we humans become perfect(which you'll be waiting a LOOOOONG time), these issues will crop up.

Skynet anyone????

computerworld - http://tinyurl.com/dcgdsr

[hitest]

Quote

When Mac users downloaded a pirated copy of iLife, their machines were taken over by a Trojan. At that point, according to Symantec experts Andy Cianciotto and Angela Thigpen:

I'm not saying that there are no mac viruses out there. You still need to install this virus to get it to activate on a mac. My initial point still stands. If you are a complete moron who is willing to install a pirated version of software that you've downloaded from a file sharing site you deserve to get owned. To activate this mac virus you need to give the installer root access to your system. So you are installing the virus. That isn't exactly on par with the drive by shootings that occur with windows.
It is a good practice to only install software from a trusted source.

[mewi]

hitest, on Apr 20 2009, 10:36 PM, said:

Quote

When Mac users downloaded a pirated copy of iLife, their machines were taken over by a Trojan. At that point, according to Symantec experts Andy Cianciotto and Angela Thigpen:

I'm not saying that there are no mac viruses out there. You still need to install this virus to get it to activate on a mac. My initial point still stands. If you are a complete moron who is willing to install a pirated version of software that you've downloaded from a file sharing site you deserve to get owned. To activate this mac virus you need to give the installer root access to your system. So you are installing the virus. That isn't exactly on par with the drive by shootings that occur with windows.
It is a good practice to only install software from a trusted source.

That point isn't really valid, considering you'd have to be a novice to get any type of virus/worm/trojan etc. Generally when I get such things I know the risk involved before I click the link, or initiate the file.

A virus is without question something that requires a user to initiate, like most any other malicious intended programs. But I suggest you read the month of the apple bugs website before making claims that the Apple OS is secure.

We all know it has very little viruses, but this isn't due to good programming by Apple, this is due to it not being an appropriate target by hackers. Speaking from my personal views on apple, apple products are overpriced and suck...

This post has been edited by mewi: 20 April 2009 - 10:04 PM

[hitest]

mewi, on Apr 20 2009, 08:03 PM, said:

But I suggest you read the month of the apple bugs website before making claims that the Apple OS is secure.

I don't think I claimed that Apple OS is secure. No operating system is perfectly secure. Some hardened versions of BSD like OpenBSD are quite secure. I do like the way that OS X functions. I enjoy administering my daughter's macbook.

[mewi]

hitest, on Apr 20 2009, 11:14 PM, said:

mewi, on Apr 20 2009, 08:03 PM, said:

But I suggest you read the month of the apple bugs website before making claims that the Apple OS is secure.

No operating system is perfectly secure. Some hardened versions of BSD like OpenBSD are quite secure.

Lets say we reversed the popularity of windows and OSX, something tells me, OSX would have far more viruses than windows XP does in reality today.

But who knows, you also have to calculate the difference in income, of course more money = more staff. So maybe, maybe not. But as it stands, there is no possible way that OSX is more secure than windows XP

and I do love Windows XP ( nlited of course ;3 )

[hitest]

mewi, on Apr 20 2009, 08:17 PM, said:

But as it stands, there is no possible way that OSX is more secure than windows XP

You are entitled to your opinion, of course. We will agree to disagree on that.