Mac owners are beginning to discover the downside of becoming more popular:
Two pieces of malicious software affecting Apple’s Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker’s choice, and a hacker tool for creating backdoors, according to security vendors.
The Trojan — called ‘OSX.RSPlug.D’ by Intego, the Mac security specialist that discovered the threat — is a variant on an older piece of malicious code but with a new installer, Intego said.
"It is a downloader, and it contacts a remote server to download the files it installs," Intego said in an advisory. "This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs."
In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user’s internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements.
Ironically, they’re able to use tricks that the Windows ecosystem had to learn to deal with years ago. Windows users were being assaulted by “poisoned” Windows Media files back in late 2004 and early 2005, and most malware today is installed by users who are tricked by social engineering techniques to run a program that does something unpleasant.
So what are Mac users seeing today?
The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.
The very first entry in the 10 immutable laws of security is this one: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
That’s true even if there’s an Apple logo on it.
Ed Bott 
One word …
PEBKAC
When folks move from Windows to Mac (as they seem to do nowadays) because they believe that OS X will be easier to look after, they carry forward the single most destructive element to their systems … their own bad habits.
No OS is immune from human gullibility.
Interesting to see how many people are affected by this… I bet this is another non-issue (again).
Again this is TROJAN peice of malware that takes considerable amount of user interaction. Its not like you plug-in a new computer without antivirus protection and its compromised in 5 minutes.
http://blogs.chron.com/techblog/archives/2008/07/average_time_to_infection_4_minutes_1.html
Following excerpt from:
http://www.insanely-great.com/news.php?id=9913
“When executed, OSX_LAMZEV.A prompts users to select an application and a port above 1024. These are Internet Assigned Numbers Authority (IANA) registered ports and are used by vendors for proprietary applications.”
Hey, AN, are you deliberately being a dumbass? Did you actually read the article you cite first, which actually quotes me at the end of it explaining why this is pretty much a non-issue? The “five minutes to infection” quote applies to an unpatched Windows XP system with no service packs. Not many of those actually exist in the real world.
Sheesh.
Update: I responded to it in some detail here:
http://www.edbott.com/weblog/?p=2071
Ed, do you remember about when that “10 immutable laws…” article first appeared? Anyway, thanks for that post.
OH NO! I’VE GOT A MAC VIRUS! EVERYTHING I TYPE IS IN CAPITALS! Oh, wait. My caps lock was on. Sorry!
I’m currently more concerned with
http://support.microsoft.com/kb/958644
“The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code.”
(October 23rd 2008)
Trojans are everyday events for most OSes. Worms are far more dangerous. No Worm in my Apple …. yet.
Its always been a challenge for Apple to respond to security threats, their Mac Update has been shadowed by Microsoft Update, which by the latest research that was done, Linux and Apple offer poor service in that area, if hackers started to seriously do damage on the Mac OS like Windows, i bet Apple will feel more pressure to deal with security issues compared to Microsoft, though im still critical of Microsoft delivering updates once a month.
What cracked me up today was watching a tech show called Click from BBC, i dont know if you guys get it in the states.
According to Steve Wozniak, he says that before they started with Steve Jobs, he says that they were both “Hackers” and he went on to say and agree that people can do what they like if people downloaded Apps outside the Apple store for the iPhone, Wozniak continued to say that hackers who have modified the iPhone firmware were not causing harm or looking to gain money on that project.
The Interviewer, Spencer Kelly, even asked Wozniak if his comments wont worry Steve Jobs. Steve Jobs earlier this year said they are playing “Cat and Mouse games” with hackers.
No doubt that cracked me up and had a good laugh.
Anyway i dont even use Apple products or for future purposes, but i would like to see as more people use Macs if it will remain the top secure OS or not.
Mozilla Firefox claimed to have the best secure browser but in the end as it got more popular the number of attacks were even more than Internet Explorer at some stage…….
Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult. Here are some available antivirus utilities…
http://support.apple.com/kb/HT2550
Eventually by 2012 you’ll see Mac viruses every week. Even though UAC in Vista helped the problem in PC’s 90% of the users always clicked yes without looking first.
Dan, the 10 Immutable Laws of Security article was firwst published back in 2000, if my memory serves.
“Its always been a challenge for Apple to respond to security threats, their Mac Update has been shadowed by Microsoft Update, which by the latest research that was done, Linux and Apple offer poor service in that area, if hackers started to seriously do damage on the Mac OS like Windows, i bet Apple will feel more pressure to deal with security issues compared to Microsoft, though im still critical of Microsoft delivering updates once a month.”
How exactly do you & they come to that conclusion when Windows is a completely closed OS? You only know what MS tells you.
It’s definitely kinda worrying how easily this sort of threat can be spread through something as simple and convincing as a codec.
I recently switched to a Mac because -amongst other things – it seems so muchmore secure from virus and malware threats. Hopefully Apple can get on top of this before it becomes too much of a problem.
Thankfully, I don’t visit the porn sites necessary to get this particular virus though!
Actually it is. For now.
To all the Mac and Linux fans … Vista is a secure OS and if you are Standard User then the risk of being attacked is very less. I have been using Vista since Aug 2007 and I don’t see any problem with it.
But, use with what success rate–and, against what removal rate–on OS X, as compared with on Windows? If the malware’s removal rate exceeds its infection rate, then all the “tricks” in the world won’t help them.
Still are, AFAIK.
I for one consider end-users being trained by the OS itself to “click OK on everything just to Make It Work” to be a form of social engineering.
Or a Microsoft logo on the program.
Adrian Kingsley-Hughes wrote:
Remind me again: did these bad habits spring forth fully formed, out of nowhere, or did users acquire them somehow, from somewhere? If the latter, then exactly how and from where did they acquire them? And, who benefits?
I for one find it very telling indeed that malware writers appear to have decided the user is the weakest link in OS X’s security, as distinct from–let’s say–the vendor’s own factory-default policy decisions being the weakest link in Windows’ security. I also find it an interesting commentary that, in order to become more secure, Windows increasingly (albeit belatedly and glacially) is adopting specific features of Unix-and-alikes — which provokes one to wonder why the vendor didn’t simply do that in the first place.
Serdar Yegulalp wrote:
However, there are greater and lesser degrees of immunity.
Giesbert Damaschke wrote:
So then, why not take advantage of that for as long as it lasts?
If I were the owner of a Mac, I would certainly:
– disable JavaScript and “Open ‘safe’ files after downloading” in Safari (or just install Firefox + NoScript);
– set the browser’s cache folder to deny execute permission;
– point the browser’s downloads folder away from the desktop, and then set that folder to deny execute permission;
– set Mail.app to render e-mail in plaintext only;
– double-check that Mail.app’s storage folders were set to deny execute permission (I believe this is the default under Unix-and-alikes);
– double-check that /tmp/ and /var/tmp/ are mounted noexec;
– disable ARDAgent.