InfiniteMac OSx86  
  #1  
Old 04-18-2009, 06:35 PM
naquaada's Avatar
naquaada naquaada is offline
 
Join Date: Jan 2008
Location: Germany
Posts: 1,216
Trojans for Mac?

A friend mailed me some information about a possible trojans which could be included in iWork '09 and Photoshop CS4 t*rrents. Take a look here. Sry, it's a Google translation.

Anyway, how big is the danger of trojans and viruses in OS X? I don't care a bit about them, but I didn't cared in Windows, too. And I had always less than 10 problematic files on my system which were harmless, only indentified as trojans from my antivirus program.

2 Opteron systems: OSx86 10.5.8, Andy's 9.8.0 kernel, Asus A8N-SLI Premium, Opteron 185 o'clocked @ 2 x 2,95 GHz (2nd system 2.6 GHz), ATI Radeon HD2600XT 256MB Dual-Monitor 2x HP L2035, 4 GB RAM, Griffin FireWave as main audio device, Marvell + nForce LAN, Asus U3S6 USB3/SATA6 card, 5,5 TB harddisk, Firewire 800 card, Apple Remote + eHome IR receiver, 2x Wacom serial graphics tablet, Canon Pixma iP4700, Logitech Internet Navigator wireless keyboard/mouse combination.

My Audio stuff: M-Audio Transit USB (default audio), M-Audio ProFire 610, M-Audio ProFire Lightbridge (34 channels) using Creamware A16 ADAT converter MIDI: M-Audio Midiman 4x MIDI interfaceBehringer Audio Mixers: Xenyx 1002, Xenyx 1002FX, Xenyx 1202FX, Eurorack UB1002FX, Eurorack MX1804FX, Eurorack MX262A • FX devices: Lexicon MPX100 DSP, Behringer DSP-1000 Virtualizer, Behringer MiniFEX 800 DSP, Behringer Multicom Pro MDX4400 compressor RETRO: MSSIAH midi/sequencer/synthesizer cardridge for the C64 (Dual-SID), Steinberg M.S.I. MIDI Interface for C64
Reply With Quote
  #2  
Old 04-18-2009, 08:06 PM
Taisto's Avatar
Taisto Taisto is offline
 
Join Date: Jan 2008
Location: TriCity, Poland
Posts: 517
Here`s some more info about this :

http://www.appleinsider.com/articles...e_pirates.html

Seems like this is the first malicious software for mac spread on mass scale. I wonder what will Apple do about this.


www.ultimae.com
Panoramic music, for panoramic people.

AMD Phenom II X6 3.5Ghz
AMD 990FX Chipset
Kingston HyperX 16GB 1600Mhz
AMD Radeon HD6850 X2 CrossFire
Seagate Barracuda Green 2TB
Reply With Quote
  #3  
Old 04-19-2009, 12:12 AM
nfoav8or's Avatar
nfoav8or nfoav8or is offline
 
Join Date: Jan 2008
Location: WA, USA
Posts: 933
Here's another look at the same problem:
http://www.macnn.com/articles/09/04/...botnet.active/

iServices is apparently reaching out to infest Macs with monitoring software and the ability to later gain access to your files through backdoor openers.

I'm hoping Apple can help close up these doors but in the meantime don't download this stuff. use reputable sources or buy it for real

Reply With Quote
  #4  
Old 04-19-2009, 12:50 PM
Dies Dies is offline
Jaguar
 
Join Date: Sep 2008
Posts: 89
Quote:
Originally Posted by Taisto View Post
I wonder what will Apple do about this.
Quote:
Originally Posted by nfoav8or View Post
I'm hoping Apple can help close up these doors...

There is absolutely nothing they can practically do about it. No viable OS can or should stop it's owner from doing something stupid if they choose to.

Other than taking control away from the user, the only thing they can do is launch some type of campaign to try to educate their users.
Reply With Quote
  #5  
Old 04-20-2009, 05:12 PM
MoC's Avatar
MoC MoC is offline
Jaguar
 
Join Date: Feb 2009
Location: New York City
Posts: 67
I really wouldn't worry about the Mac trojans anyway, they are pretty hard to get infected with, even if you'd try. The worst you can do is shellcode, IMO.

Lenovo D20 8 Core Thinkstation:
[Intel 5520 Motherboard | Two Intel Xeon E5504 @ 2GHz | 4GB DDR3 RAM | Mac OS X Snow Leopard 10.6.3 (running in full LP64!) | nVidia Quadro FX 580 Dual HDMI + DVI 512 MB| DVD +RW DL]

iBook G4:

[14" Mid 2005 | 1 GB RAM | 80 GB HDD | SuperDrive | Mac OS X Leopard 10.5.5]

Reply With Quote
  #6  
Old 04-20-2009, 07:47 PM
erick2red's Avatar
erick2red erick2red is offline
Tiger
 
Join Date: Dec 2008
Location: Santiago de Cuba, Cuba
Posts: 303
i think it's too easy to get rid of them, so why to worry about?

CPU: Intel Pentium Dual E2140 1.6 GHz. Graphics: Intel(R) 82945G (128 MB). Board: Asus P5GC-TVM/S Chipset: Intel Lakeport-G i945GC. HDD: 232 Gb S-ATA Samsung
Version 10.6.2 32bit. Kernel: Vanilla. Audio: VoodooHDA 0.2.2 with prefpane. Video: Stock GMA. PS2 fix: VoodooPS2
USB 2 not working

Acer Aspire 4530-6823
CPU: AMD Athlon™ X2 QL-62 2.0GHz. Graphics: Integrated GeForce® 9100M G. Chipset: nForce® MCP77MH.
Reply With Quote
  #7  
Old 04-21-2009, 01:50 AM
Dies Dies is offline
Jaguar
 
Join Date: Sep 2008
Posts: 89
Quote:
Originally Posted by MoC View Post
The worst you can do is shellcode, IMO.
Yeah, it's not like a simple shell script could wipe out your entire drive on the next restart.... oh, wait...

Aside from the fact that you're completely wrong and anyone can install anything they please once they get someone to type in their root pass.
Reply With Quote
  #8  
Old 04-21-2009, 08:59 PM
MoC's Avatar
MoC MoC is offline
Jaguar
 
Join Date: Feb 2009
Location: New York City
Posts: 67
Quote:
Originally Posted by Dies View Post
Yeah, it's not like a simple shell script could wipe out your entire drive on the next restart.... oh, wait...

Aside from the fact that you're completely wrong and anyone can install anything they please once they get someone to type in their root pass.
I was talking from a damage-to-the-system perspective (if I make sense) because even the Mac trojans that are out there really don't do much damage anyway... But yes, authentification is required to run scripts that require administrative access.

Most people don't know for what they type their passwords in half of the time (remember, the general Apple consumer is not that tech savvy if at all) and just do it automatically.

Lenovo D20 8 Core Thinkstation:
[Intel 5520 Motherboard | Two Intel Xeon E5504 @ 2GHz | 4GB DDR3 RAM | Mac OS X Snow Leopard 10.6.3 (running in full LP64!) | nVidia Quadro FX 580 Dual HDMI + DVI 512 MB| DVD +RW DL]

iBook G4:

[14" Mid 2005 | 1 GB RAM | 80 GB HDD | SuperDrive | Mac OS X Leopard 10.5.5]

Reply With Quote
  #9  
Old 04-21-2009, 09:27 PM
naquaada's Avatar
naquaada naquaada is offline
 
Join Date: Jan 2008
Location: Germany
Posts: 1,216
If a trojan is hidden in an installer package you can't do anything against it. It could happen very easy in the OSx86 scene: Hey, here's the driver package for the nVidia GeForce 280GTX! Oh yeah, lets install... you have to type your password and you're lost. I think especcially in the scene we should exactly know which package is made from which person. Maybe someone should create a fully new installer only for OSx86 packages, so that we're independent to the Apple installer.

I think viruses which damage the software or the harddisk contents only are rather uncommon today, mostly they want to connect to the net. For this a personal firewall could be handy, I'm using Little Snitch. I'm blocking nearly every program which wants to eatablish an internet connection, even only for updates or something else. Even Quicktime Player and VLC aren't allowed to access the net. Of course, this is no total safety, but it's better than nothing. I have a shell script which is hidden in a .jpg file and can establish system access. But it doesen't any ham, it was an example from Heise Security, a german newspage.

2 Opteron systems: OSx86 10.5.8, Andy's 9.8.0 kernel, Asus A8N-SLI Premium, Opteron 185 o'clocked @ 2 x 2,95 GHz (2nd system 2.6 GHz), ATI Radeon HD2600XT 256MB Dual-Monitor 2x HP L2035, 4 GB RAM, Griffin FireWave as main audio device, Marvell + nForce LAN, Asus U3S6 USB3/SATA6 card, 5,5 TB harddisk, Firewire 800 card, Apple Remote + eHome IR receiver, 2x Wacom serial graphics tablet, Canon Pixma iP4700, Logitech Internet Navigator wireless keyboard/mouse combination.

My Audio stuff: M-Audio Transit USB (default audio), M-Audio ProFire 610, M-Audio ProFire Lightbridge (34 channels) using Creamware A16 ADAT converter MIDI: M-Audio Midiman 4x MIDI interfaceBehringer Audio Mixers: Xenyx 1002, Xenyx 1002FX, Xenyx 1202FX, Eurorack UB1002FX, Eurorack MX1804FX, Eurorack MX262A • FX devices: Lexicon MPX100 DSP, Behringer DSP-1000 Virtualizer, Behringer MiniFEX 800 DSP, Behringer Multicom Pro MDX4400 compressor RETRO: MSSIAH midi/sequencer/synthesizer cardridge for the C64 (Dual-SID), Steinberg M.S.I. MIDI Interface for C64
Reply With Quote
  #10  
Old 04-21-2009, 09:56 PM
erick2red's Avatar
erick2red erick2red is offline
Tiger
 
Join Date: Dec 2008
Location: Santiago de Cuba, Cuba
Posts: 303
Quote:
If a trojan is hidden in an installer package you can't do anything against it.
We can open the package with Pacifist and look into it? dont we?
Then if there's a threat, we can act in consequence.



💡 Deploy cloud instances seamlessly on DigitalOcean. Free credits ($100) for InfMac readers.


CPU: Intel Pentium Dual E2140 1.6 GHz. Graphics: Intel(R) 82945G (128 MB). Board: Asus P5GC-TVM/S Chipset: Intel Lakeport-G i945GC. HDD: 232 Gb S-ATA Samsung
Version 10.6.2 32bit. Kernel: Vanilla. Audio: VoodooHDA 0.2.2 with prefpane. Video: Stock GMA. PS2 fix: VoodooPS2
USB 2 not working

Acer Aspire 4530-6823
CPU: AMD Athlon™ X2 QL-62 2.0GHz. Graphics: Integrated GeForce® 9100M G. Chipset: nForce® MCP77MH.
Reply With Quote
Reply
Thread Tools
Display Modes