New OS X “Trojan” In the Wild

This is something that I think is kind of worrisome. It is my opinion that the weekest link of any computer system is the end user. There is absolutely nothing to stop someone from writing a virus or trojan for Mac or Linux that runs off of no exploits. All the attacker has to do is convince the user to put their password in to the gksudo box. This is how most Windows attacks works that I’ve seen. They weren’t drive bys or worms. They where the user intentionally downloading and installing what was mailed to them or what came in the form of a pop-up. The only defence against such an attack is something like what Vista is leaning to where the OS dictates what can and cannot be installed, not the EU.

Actually, Daniel, if it installed “on the sly” like most windows malware, it wouldn’t actually be a trojan.

I think trojans are the ballziest of the malware types, because the attacker has to convince the victim that it’s a useful (or otherwise harmless) piece of software.

Still, nice try at fear-mongering; Microsoft rumor mill!

As a Windows user for a number of years, I must say that most virii are pretty simple to avoid. “Download this to get that” Whoa, this is too good to be true! I must download! Sorry, it’s just coincidence that many idiots use Windows, so many idiots get infected. As the old adage goes: There is no cure for stupid.

based on the representative sample of my parents’ computers, i would guess this is pretty much the same way that windows PCs get infected. people download things they shouldn’t because they’re manipulated by social engineering :)

I don’t quite get the quotes around “trojan”. What you have described is a trojan on a windows or mac pc.

You get a program that you think you want You install it It isn’t what you wanted, it’s a virus

That’s a trojan. Are you thinking of the word ‘worm’ and thinking it’s the same thing?

I love the “Windows Rumor Mill” vs. “Mac Spinning” debates. The fact of the matter is that viruses get installed with the end user screws up. Don’t patch Windows via auto-updates? Virus.

99% of Windows viruses come either from an e-mail attachment or from some sort of “shady” download (pirated software).

What I really find funny is that Mac ads poke fun at Windows (Vista, specifically) for asking for passwords while installing software, and then touts the same feature as being the reason they don’t get viruses. UAC only protects from viruses if the user is smart enough to know what they’re installing.

This is exactly how most windows Trojans and malware get installed. Unaware user used to being safe and clicking dialogs with out reading. Click click type your comprimised. It has little to do with system security and all to do with the number of maliscious programs. This is just the frist in what will be a growing line of Mac malware. It’s just inevitable.

I read the original story the other day and rolled my eyes. In what way does this suggest a security flaw with the O.S.? Slim odds. Anyone dumb enough to play along has got to be a windoze user. (in which case drive-by installations are required, otherwise the victim will sit for hours clicking the wrong button).

reminds me of this old joke that circulated for a while, where you are informed that “your PC is infected by a virus. please formate C to proceed” ;)

Stu, as more and more people get sucked into the *NIX world with n00b friendly Linux distros (like Ubuntu) and OSX then you will see it has nothing to do with Windows, just uninformed (and yes sometimes stupid) users.

As the population increases, the hackers will try new attack vectors. Eventually we’ll have a devastating attack; however, I have confidence that this community will react more quickly than Microsoft has to similar threats (which exist in far too many forms).

“As more and more people get sucked into the *NIX world with n00b friendly Linux distros (like Ubuntu) and OSX then you will see it has nothing to do with Windows, just uninformed (and yes sometimes stupid) users.”

So true…

When people talk about OS security they often forget to talk about the user awareness (knowledge) and the attack cleverness factors… whick should be considered serioustly.

A trojan is a trojan, no matter the OS.

There are lots of Windows users who get sucked into installing hostile software the exact same way.

I think that the threat to the OSX population might be very real, because a lot of very unskilled users are switching from Windows to Mac because they believe that ‘there’s no viruses or stuff for mac’.

Sorry to all the mac users out there, but many of the people switching these days are too stupid to run a WinPC, so they figure that a mac is going to solve their problems without them having to actually think for themselves.

I echo the comment stated earlier, there is no cure for stupid.

While it may be true that the user must install this virus, it is what it is… a virus specifically for the Mac. The trojans and viruses for Mac’s will only grow in numbers as time goes by.

just to make this correct, sudo would require the user password not the administrator password. I don’t think I’d fall for either, but the user password would be easier to get out of most users.

@ newend: Uh… maybe I’m just really ill-informed… but I believe the SU in “SUDO” is SuperUser. AKA: Root. Aka: Administrator.

Just to chime in on the ‘too stupid, has to be a windoze user thing’. It’s only last week that I came into a colleague’s office (academic and life-long mac user) only to be asked ‘which version of windows am I using?’. She was trying to install an old Canon printer that never had any Mac drivers and reading the manual’s instruction. I’ve also seen people store their documents in the trash on 7.1 because that’s how you eject a diskette. Sorry, but Mac users can be just as dumb as Win users. Afterall, isn’t it a boast of MacOS that it’s easier to use for beginners?

@newend

Must be an interesting version of the Mac OS you’re running, I’ve never seen SUDO ask for anything other than the root/admin password.

And from what I’ve seen this is a feature protecting Macs unlike the UAC in Vista, which I’ve seen pop up for properly signed software it shouldn’t have come up for. The vista UAC comes up enough that you automatically his yes to whatever, the Mac equivalent shows up rarely enough to be taken seriously and be useful.

@Foetus: “su” would require the administrator password as it elevates you to the specified user (default root) for the command). “sudo” requires the user’s password and relies on the administrator setting the limits of what each user is allowed to do in a configuration file (/etc/sudoers) before elevating you to superuser state.

Alex

@Dominik

Mac is easy for beginners, however no OS is perfect, and there was a period of time where Mac lost sight of proper usability. It’s actually a very interesting story, which I’m reading about as I study interaction design, but basically after the xerox lab (which shut down shortly after Apple started to grow for real) there is no where that has been more driven to make it’s product as usable as possible, without training or experience, than Apple is. Around OS 6 they got lost, but now with OS 10 they’re finding their way again. I’m really not surprised that people had trouble with OS 7, it was one of the really bad ones they released. Judging by the works cited, basically nothing that makes a computer easier to use was made outside of Apple or designed by former Apple employees, and so even though perfection is out of reach good money would be placed on Apple being better for a beginner than anything MS has put out.

I honestly think that some people believe you aren’t being whimsical.

@newend you must be talking about the ever-so-perfect Ubuntu, that has every user be root with only their user password… i bet my cat could brake a default install of it. Or is OSX similar ?

@Hekos: The user that is created at login is the only one that has the same password as root. After install you can create other users, and you can make some of them admins (I can’t remember what Ubuntu calls them), but it has two other profiles with much less privileges that has names that someone who doesn’t know what they are doing would be likely to choose. So the user who doesn’t know much about security is more likely to choose the less privileged profile when creating additional logins for their family or whomever.

I hope there are more viruses on the mac soon! – that way stupid mac users will realise that they are backward after all.