Thread: Trojans for Mac?
View Single Post
 
Old 05-02-2009, 01:05 AM
andyvand's Avatar
andyvand andyvand is offline
 
Join Date: Apr 2009
Location: Tienen
Posts: 515
Quote:
Originally Posted by naquaada View Post
A friend mailed me some information about a possible trojans which could be included in iWork '09 and Photoshop CS4 t*rrents. Take a look here. Sry, it's a Google translation.

Anyway, how big is the danger of trojans and viruses in OS X? I don't care a bit about them, but I didn't cared in Windows, too. And I had always less than 10 problematic files on my system which were harmless, only indentified as trojans from my antivirus program.
Yeah it is possible to infect an OS X binary using universal binaries...
I have examples and code that demonstrate how this can be done...
It is quite unsetteling that it is possible to infect an universal binary with a smaller trojan (being prior to the other executable) which next executes the other binary after launch...
I've tested this with a hello world app injected before zip...
It showed "Hello world!" and next the help with zip --help...
I hope Apple will figure out a way around this...
phrack.org has a full article (and old example code which can be adapted) under the article: XNU Wars a new hope...
I would recommand allways checking the binaries inside the executables with file (under Terminal)...
The extra part does show up and if one opens the 0xCAFEBABE universal binary with a hex editor one can easily see the extra links being done at the start...
Last edited by andyvand; 05-02-2009 at 01:08 AM.
Reply With Quote