Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old June 24, 2008, 02:18 PM
ipaine's Avatar
Hall Of Fame
Join Date: Apr 2008
Location: Edmonton, AB
Posts: 2,592

My System Specs

Default Mac's maybe not so safe from viruses

Well it looks like there is a trojan out there for Macs that has the potential to een take your picture. I don't have a Mac but figured anyone that does would want to know about this.

From the article:

And you thought you were safe from malware when you switched to a Mac. You may change your mind soon, especially now that Mac's recent market share gains appear to contribute to the growing interest of malware authors in Macs. Security experts are warning now about a new Trojan horse released in the wild, targeting OS X Tiger and Leopard users. The malware can steal your passwords, avoid detection, log what you type and even take your picture.

You can find the rest at TGDaily.com
"Nothing sucks more than that moment during an argument when you realize you're wrong."
Reply With Quote
  #2 (permalink)  
Old June 24, 2008, 03:26 PM
MacJunky's Avatar
Hall Of Fame
Join Date: May 2007
Location: Grande Cache, AB
Posts: 1,840

My System Specs


Another link:
Trojan exploiting unpatched Mac OS X vulnerability in the wild | Zero Day | ZDNet.com

This absurdly hilarious. Despite what the media and av companies say this is *not* a significant threat to most people. It is also easy to fix and you should not panic.
Now please don't misunderstand me. Having root access is significant but the chances of actually picking this sort of thing up are still considerably slim.

As someone I know recently said:
[14:31:34] <iNerd> osascript -e 'tell app "ARDAgent" to do shell script "chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"';
[14:33:11] <iNerd> but patching it with itself
[14:33:16] <iNerd> has to gain some win
Some more quoting from the MacShadows IRC channel:
[15:00:17] <Xel> I hate how one ******* vulnerability is making it sound like 500000 new trojan variants are possible.
[15:01:39] <lurkishfigure> They just keep reprinting the same incorrect information without any actual fact checking. Pathetic.
[15:02:17] <Xel> Well I mean... you can get creative with what you can do with root access.... But this is ONE issue, not 50000
[15:03:26] <Corsec> lurkishfigure: its fine as long as the sight their source, and since they are all using each other as sources, its getting a little out of hand
[15:04:27] <lurkishfigure> Yes and the anti-virus companies issuing new press releases about the same script but calling it by different names isn't helping at all either.
[15:05:41] <Corsec> Lets write a few more, and name them cool stuff, like, MacScan-Blows-Chunks
[15:05:50] <Corsec> post them to news groups, etc
[15:06:01] <Corsec> hell, we could call them PoC and they would still get picked up
[15:06:31] <lurkishfigure> :)
[15:06:34] <Xel> Hmm
[15:06:39] <lurkishfigure> You don't even have to compile them.
[15:06:42] <Xel> If you really want to get their attention....
[15:06:52] <Xel> The ones that AV vendors usually go after the most are ones that attack AV software.
[15:07:03] <Corsec> oooo, that would be fun
[15:07:09] <Xel> Something that used this exploit to search+destroy SecureMac AV or whatever it's called
[15:07:21] <Xel> That would get them to go nutts
[15:07:28] <MacJunky> that would not be hard at all
[15:07:34] <Xel> I know it wouldn't be hard.
[15:07:37] <lurkishfigure> Ooooh we should submit a press release to all the news sites about another Mac trojan and include a psuedo-code trojan!!!!!!! lol
[15:07:38] <Xel> -f
[15:07:56] <Xel> But meh, I don't really think that adding to this false panic would be a good idea.
[15:08:03] <Xel> A bunch of people are going to get worried over nothing
[15:08:12] <Xel> And security companies that exploit ignorance are going to get richer
[15:08:27] <lurkishfigure> Enh, maybe people should be aware that there is something to be worried about.
[15:08:48] <Xel> Ohh there is. But not like the media is reporting.
Personally I just did a quick little sudo rm because I do not and never will use Apple's perversion of VNC or even a regular VNC server on this system (they are cross compatible).
Anyway, of course be careful just as you would with any operating system but don't freak out about it like those "news" blogs and av companies say you should.

And no, I do not work for Apple.

Oh, for all those Mac users reading this I have to push a program that they should love like one of their own children.. "Little Snitch".
Reply With Quote
  #3 (permalink)  
Old June 24, 2008, 05:27 PM
Join Date: Apr 2007
Location: Van Isle, BC
Posts: 550

Macs were never immune to malware. However, as MacJunky said, this will not affect the majority of Mac users (or even a significant number).

The reality is that you're usually better off w/o an anti-virus on a Mac. There's just not enough of a threat to justify the performance reduction, hassles, false positives, etc.
Reply With Quote
  #4 (permalink)  
Old June 24, 2008, 06:00 PM
MacJunky's Avatar
Hall Of Fame
Join Date: May 2007
Location: Grande Cache, AB
Posts: 1,840

My System Specs


Well, Mac antivirus software still can detect Windows viruses if it was designed to so if you share files with your Windows using buddies or one of your own PCs running Windows then it is generally good to pick up a free scanner and go over that flashdrive/emails and whatnot. Yes, they *should* have their own but it really is best to at least try to help protect them from things on your drives.

Just don't use any Norton products. :P

btw, this link came up in an IRC channel not too long ago:
Apple's ARDAgent SUID hole - Storage R Us
Is it just one of my settings or is the quick edit thingy now gone?
Reply With Quote

Thread Tools
Display Modes