Mac trojan update

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following this thread

Start following this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this feed

reddit

Tweet

Ray7

Apr 15, 2012 at 5:56 AM

Well, the recent mess with Java exploit has taught Apple a valuable lesson: don't wait for something to happen before dealing with it. Still, their response (late as it was) seemed to be the right one: a Java fix; a tool to detect and remove the trojan; a tool to detect and remove the trojan if you don't have Java(?); and getting the trojan hosting sites closed down.
It's a pity that one of those trojan sites turned out to be a test site belonging to Dr Web, the company that brought the problem to everyone's attention ... Honest mistake, guv'ner ... :-/
And Kaspersky didn't exactly cover themselves with glory either. They beat Apple to the punch by rushing out a tool to detect and remove the trojan. The tool was then withdrawn days later when Mac users found it was locking them out of their accounts. If they were hoping that this event was going to get them a way into the Mac market then I'm afraid they may have just blown it. The lesson there is to wait for the official response from your vendor, and not to go hunting around the internet for any dodgy bit of code that will probably make the problem worse (or introduce a problem where you didn't have one before).
In reporting the 600,000 case of the trojan, I should have mentioned that both Dr Web and Kaspersky said that it was 'most likely' that they were looking at 600,000 Macs because the method they use to identify the machines is not 100% reliable.
01001001

Apr 15, 2012 at 9:07 AM

http://support.apple.com/kb/HT5244
So Apple patched this by updating their JVM. Your system update should have patched this a while ago.
How does Kapersky lab fit into this at all?
BTW: Apple doesn't ship OS X with Java anymore, and Java apps are banned from the OS X app store. I can't say I agree with that, but that's how it is.
Jsoh :::Windows 8 Style UI :::

Apr 15, 2012 at 9:25 AM

@1001001: I certainly wouldn't want to pay for something on the App Store and discover that it was a Java app. Or at least it should have some kind of warning. Who knows how long Java will even be tolerated on MacOS.
-Josh
01001001

Apr 15, 2012 at 9:52 AM

Well, if you had a Java app, you probably had to re-code it with Objective C and Cocoa touch anyway for iOS, so porting it over to the desktop probably isn't too much of a stretch.
01001001

Apr 15, 2012 at 10:08 AM

If I could change one thing about Apple it would be the whole secrecy thing.
Every single thing they send developers has some crazy disclaimer saying that if you so much as release the build number of an update or any so much as meta information about what they are doing, they'll send a SWAT team to descend upon you and destroy your world.
It's like an extension of Steve Jobs's paranoia.
I'm sure even telling people that this exists is some kind of bad sh1t in their opinion.
Ray7

Apr 15, 2012 at 10:08 AM

53 minutes ago, 01001001 wrote
http://support.apple.com/kb/HT5244
So Apple patched this by updating their JVM. Your system update should have patched this a while ago.
Yep, I had two separate patches downloaded for the JVM and then another removal tool, downloaded, installed then vanished.
How does Kapersky lab fit into this at all?
With the PC market slowing down, the virus houses have been dying to get some sort of traction on the Mac platform, which is still growing. Kaspersky released a flashback detection tool and let folk download it for free. I reckon they were hoping that it would encourage interest in their anti-virus suite. Unfortunately, they coded it wrong.
BTW: Apple doesn't ship OS X with Java anymore, and Java apps are banned from the OS X app store.
Yup, I know. Apple has a rather unique approach to security: don't let 'em run anything. I imagine that it can't be too difficult to code malicious apps in ObjC
01001001

Apr 15, 2012 at 10:18 AM

@Ray7:
I reckon they were hoping that it would encourage interest in their anti-virus suite
I bet AV companies write half the viruses they protect against, or fund groups that do through 3rd parties to keep themselves rich.
As far as Apple developer stuff, I'm almost sure there's a digital watermark in their stuff, that's not visible and very hard to detect, so I wouldn't push it. Who ever is supplying the blogs with those Mountain Lion builds is probably getting tracked.
Ray7

Apr 15, 2012 at 12:49 PM

2 hours ago, 01001001 wrote
@Ray7:
*snip*
I bet AV companies write half the viruses they protect against, or fund groups that do through 3rd parties to keep themselves rich.
Well, I don't know about that, but I used to know a fella who used to study viruses in his spare time. He reckoned that most of them are pretty benign and a lot less harmless than half the anti-virus products out there.
01001001

Apr 15, 2012 at 1:14 PM

@Ray7:
Most viruses are benign for a reason. They are silent because they use the machine as a botnet in financial fraud scams.
The machines are used to send emails to random people and businesses to purchase goods with stolen credit card numbers in the US and Europe.
If and when any forensic exams are performed the trace ends on the botnet'ed machine.
The goods purchased are sent to drop boxes as safe houses and sold on eBay and on the black market to get the credit card money back.
That's the whole scam. The point is not wipe out a person or business's machine. There's no money in that. Besides teenagers, who the hell is going to waste their good time writing malware for no financial gain?
They're not stupid people with far too much time on their hands. A lot of them are funded directly by huge illegal drug cartels.
I was mostly talking about the kinds of zero day vulnerabilities that are magically solved by Kapersky et al. before a system update is released. Those may be funded by anti-virus corps clandestinely. The real botnet scammers would not leak those so blatantly.
evildictaitor I'll live forever, or die trying!

Apr 15, 2012 at 4:10 PM

5 hours ago, 01001001 wrote
I bet AV companies write half the viruses they protect against, or fund groups that do through 3rd parties to keep themselves rich.
Uh-huh. Sounds like how bankers did 9/11 in order to steal oil from the illuminati in order to fund their evil liberal medicaid program.
3 hours ago, Ray7 wrote
*snip*
Well, I don't know about that, but I used to know a fella who used to study viruses in his spare time. He reckoned that most of them are pretty benign and a lot less harmless than half the anti-virus products out there.
That might have been true 20 years ago. It sure as hell isn't true now.
Jsoh :::Windows 8 Style UI :::

Apr 15, 2012 at 5:17 PM

1 hour ago, evildictaitor wrote
That might have been true 20 years ago. It sure as hell isn't true now.
20 Years ago, there was no profit motive, or internet -- as we know it--, or ebay to auction off stolen goods. But there were people selling AV-ware.
-Josh
01001001

Apr 15, 2012 at 5:46 PM

@JoshRoss:
or ebay to auction off stolen goods.
The goods aren't stolen in a typical case. They are good purchased with stolen credit cards. The credit cards numbers are bought and sold in clandestine IRC chatrooms on private servers.
Some times it can be as simple as a store with a hacked magnetic reader and a hacked pin keypad.
20 Years ago, there was no profit motive, or internet
America Online was available on dial up 20 years ago.
http://en.wikipedia.org/wiki/Kevin_Mitnick#Computer_hacking
20 years ago people such as Kevin Mitnick were already using social and computer hacking online.
evildictaitor I'll live forever, or die trying!

Apr 15, 2012 at 6:05 PM

17 minutes ago, 01001001 wrote
Some times it can be as simple as a store with a hacked magnetic reader and a hacked pin keypad.
But mainly it's all of those machines with viruses on which just put down a keylogger and steal your login creds when you try online banking - which is the real way that most viruses make money.
Jsoh :::Windows 8 Style UI :::

Apr 15, 2012 at 6:52 PM

The goods aren't stolen in a typical case. They are good purchased with stolen credit cards. The credit cards numbers are bought and sold in clandestine IRC chatrooms on private servers.
Call them what you will, in the end of the day, the Tin Man's * is still made of sheet metal. And Kevin was not writing software to hack AOL users with the end-goal of obtaining credit cards to purchase goods, to deliver to phony addresses, to auction them off via an auctioning system that did not exist, so he could some how finance drug dealers in Chicago.
-Josh
Ray7

Apr 16, 2012 at 12:36 AM

8 hours ago, evildictaitor wrote
That might have been true 20 years ago. It sure as hell isn't true now.
Not so sure. Most viruses turn out to be harmless pranks and most trojans can be avoided by a little bit of common sense and/or the vendor taking a proactive stance to securing their OS. I reckon most of the Flashback infections were caused by visits to the ... mmmm ... what's the polite word here? Exotic. Yes, visits to the more 'exotic' parts of the web.
And, I didn't say all antivirus packages were bad, but I know that a lot of them (yeah, about half) really do suck.
There's an old favourite on the Mac platform called MacKeeper, which advertises more than just about any other Mac app I've ever seen.
https://discussions.apple.com/docs/DOC-3022
Many Mac users who have unfortunately installed this piece of junk do agree that it's worse than anything they could of caught off wazojugs.com, and the Kaspersky foulup hasn't done much to change my mind.
There are very few anti virus packages I would be happy to install on any platform. On Windows, Sophos, on the Mac, ClamXav is very good.
Your best defence is always common sense.
Ray7

Apr 16, 2012 at 12:43 AM

7 hours ago, JoshRoss wrote
*snip*
20 Years ago, there was no profit motive, or internet -- as we know it--, or ebay to auction off stolen goods. But there were people selling AV-ware.
-Josh
But then we had viruses that came on disks or attached to Word documents, and most of them didn't do much.
The profit motive came much later.
As OS/browser security has gotten better, the AV vendors are finding it much harder to find new customers.
evildictaitor I'll live forever, or die trying!

Apr 16, 2012 at 5:20 AM

4 hours ago, Ray7 wrote
Not so sure. Most viruses turn out to be harmless pranks and most trojans can be avoided by a little bit of common sense and/or the vendor taking a proactive stance to securing their OS. I reckon most of the Flashback infections were caused by visits to the ... mmmm ... what's the polite word here? Exotic. Yes, visits to the more 'exotic' parts of the web.
That's simply not true anymore. Yes, 50% of virus infections come from double clicking EXEs, but the other 50% come almost exclusively from attacking un-updated browsers and plugins - all you need to do is visit the exploit pack's website. If the exploit pack's author has bought a whole load of advertising space on hotmail, or the register, then visiting "good" websites can still install malware on your machine if you're not patched.
Malware is not poops-and-giggles-soft anymore - it's cold-hearted commercial criminiality. The majority of new viruses put in a backdoor and they "sell" installs to your machine to other criminal gangs, Those criminal gangs now have a presence on your machine and can sell installs to other criminal gangs, and pretty soon you've got Zeus on your machine and you're wondering where all the money in your account is.
Your best defence is always common sense.
Common sense is necessary but it is not sufficient. You must also keep your machine up-to-date, and that means your browser, your OS, your adobe flash (on all browsers), adobe reader and java.
If you're not very technical and can't manage all of that yourself, or wouldn't know what to do when you discover a virus on your machine, I'd strongly recommend you buy an antivirus product to help.
Ray7

Apr 16, 2012 at 7:44 AM

2 hours ago, evildictaitor wrote
*snip*
That's simply not true anymore. Yes, 50% of virus infections come from double clicking EXEs,
Yup.
but the other 50% come almost exclusively from attacking un-updated browsers and plugins
And there's common sense rule number 1: keep your browser updated.
- all you need to do is visit the exploit pack's website.
Common sense is necessary but it is not sufficient. You must also keep your machine up-to-date, and that means your browser, your OS, your adobe flash (on all browsers), adobe reader and java.
If you're not very technical and can't manage all of that yourself, or wouldn't know what to do when you discover a virus on your machine, I'd strongly recommend you buy an antivirus product to help.
As I've just said. Keeping your browser updated is part and parcel of common sense. These days you have to work harder NOT to update your browser/OS so even Mom and Pop can do it (well, mine can). If a person cannot manage that then it's a waste of time installing an antivirus because they need updating too.
And besides which, I didn't say that anti-viruses were useless, I said that half of them are so crap I'd rather run without. And I still wouldn't recommend any anti-virus over common sense, especially the crap half.

Thread Closed

This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

Mac trojan update

What does this mean?

What does this mean?

Thread Closed