Barbarians at the Gate
12:11 pm, June 20th, 2008, Lonnie Lazar
For years, one of the more compelling arguments in the debate between PC and Mac users held that Macs are more secure. With hackers worldwide dreaming up viruses and Trojan horse programs designed to crash hard drives and compromise personal data, Microsoft and security software manufacturers struggled to keep PC users safe by constantly releasing software updates and security patches for Windows operating systems.
Mac users surfed happily along the Internet’s boundless realms, content in the knowledge that Apple’s tiny OS market share was little incentive for hackers and malicious social engineers. As the universe of Mac users continues to grow, however, that sense of security may begin to prove false.
Jim Dalrymple writes for Macworld.com that SecureMac claims to have discovered a Trojan horse “in the wild” targeting OS X 10.4 and 10.5 users. Granted, you must willingly download the program, install it on your Mac and provide your keychain password for it to take effect, but the folks at SecureMac perceive a change in the security landscape nonetheless.
In a Security Alert labeled “critical,” the company describes multiple variants of a compiled AppleScript, called ASthtv05 (60 KB), and an application bundle called AStht_v06 (3.1 MB) that theoretically allows a malicious user complete remote access to the system, with the ability to transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging. Additionally, the company said this Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.
Another security software developer, Intego confirms the critical nature of the stealth root access Trojan, and posted a separate, low-risk notice of a Trojan horse masquerading as a program for Mac OS X called “PokerGame”. The Trojan in question is a shell script encapsulated in an application, and is distributed in a 65 KB Zip archive; unzipped, it is 180 KB.
Running PokerGame.app activates ssh, then sends the user name and password hash, along with the IP address of the Mac on which it is running, to a server. It asks for an administrator’s password after displaying a dialog saying, “A corrupt preference file has been detected and must be repaired.” After gaining ssh access to a Mac, malicious users can attempt to take control of them, delete files, damage the operating system, and more.
Comments on the Macworld piece point to the fact that these kinds of security threats should only affect the most unaware users who might be duped into installing unknown software on their machines, and willingly providing their administrative passwords. Not a few of them express skepticism regarding SecureMac and Intego’s financial incentive for discovering and reporting on these Trojan horses “in the wild.”
As Apple’s desktop OS market share continues to grow, however, and the tens of millions of iPhone’s mobile OS targets hit the market, the lure for hackers and malicious program developers gets larger, increasing the likelihood of security turbulence for Mac users on the road ahead.
free viagra
buy viagra online
generic viagra
how does viagra work
cheap viagra
buy viagra
buy viagra online inurl
viagra 6 free samples
viagra online
viagra for women
viagra side effects
female viagra
natural viagra
online viagra
cheapest viagra prices
herbal viagra
alternative to viagra
buy generic viagra
purchase viagra online
free viagra without prescription
viagra attorneys
free viagra samples before buying
buy generic viagra cheap
viagra uk
generic viagra online
try viagra for free
generic viagra from india
fda approves viagra
free viagra sample
what is better viagra or levitra
discount generic viagra online
viagra cialis levitra
viagra dosage
viagra cheap
viagra on line
best price for viagra
free sample pack of viagra
viagra generic
viagra without prescription
discount viagra
gay viagra
mail order viagra
viagra inurl
generic viagra online paypal
generic viagra overnight
generic viagra online pharmacy
generic viagra uk
buy cheap viagra online uk
suppliers of viagra
how long does viagra last
viagra sex
generic viagra soft tabs
generic viagra 100mg
buy viagra onli
generic viagra online without prescription
viagra energy drink
cheapest uk supplier viagra
viagra cialis
generic viagra safe
viagra professional
viagra sales
viagra free trial pack
viagra lawyers
over the counter viagra
best price for generic viagra
viagra jokes
buying viagra
viagra samples
viagra sample
cialis
generic cialis
cheapest cialis
buy cialis online
buying generic cialis
cialis for order
what are the side effects of cialis
buy generic cialis
what is the generic name for cialis
cheap cialis
cialis online
buy cialis
cialis side effects
how long does cialis last
cialis forum
cialis lawyer ohio
cialis attorneys
cialis attorney columbus
cialis injury lawyer ohio
cialis injury attorney ohio
cialis injury lawyer columbus
prices cialis
cialis lawyers
viagra cialis levitra
cialis lawyer columbus
online generic cialis
daily cialis
cialis injury attorney columbus
cialis attorney ohio
cialis cost
cialis professional
cialis super active
how does cialis work
what does cialis look like
cialis drug
viagra cialis
cialis to buy new zealand
cialis without prescription
free cialis
cialis soft tabs
discount cialis
cialis generic
generic cialis from india
cheap cialis sale online
cialis daily
cialis reviews
cialis generico
how can i take cialis
cheap cialis si
cialis vs viagra
levitra
generic levitra
levitra attorneys
what is better viagra or levitra
viagra cialis levitra
levitra side effects
buy levitra
levitra online
levitra dangers
how does levitra work
levitra lawyers
what is the difference between levitra and viagra
levitra versus viagra
which works better viagra or levitra
buy levitra and overnight shipping
levitra vs viagra
canidan pharmacies levitra
how long does levitra last
viagra cialis levitra
levitra acheter
comprare levitra
levitra ohne rezept
levitra 20mg
levitra senza ricetta
cheapest generic levitra
levitra compra
cheap levitra
levitra overnight
levitra generika
levitra kaufen
Posted by Lonnie Lazar in Macintosh, Macworld, Software | Comment on this article
This is why I’ve always been against Mac growth. The more people who convert to Mac, the bigger the crosshair will become.
Hopefully Apple will keep plugging any holes in OS X though and make it as hard as possible for these f***wits to hack things.
Jamie McFarlane, on June 20th, 2008 at 12:32 pm
Not the “security through obscurity” argument again. Dear oh dear. That one was put to bed years ago.
John Keogh, on June 21st, 2008 at 8:47 am
As I understand it, one of the great design decisions of OS X was to have a separate “machine” system - the UNIX base, and desktop OS - what most of us think of as OS X. It effectively works as a firewall to keep ne’er-do-wells from trashing your computer. While there may be a few instances of attacking Quicktime or some other programs, this design essentially quarantines the attack. Without specific Admin permission, multiple permissions in fact, it keeps catastrophic damage at bay. The user still needs to be a willing participant in making any virus/trojan/attack work.
Is my impression correct? If so, I think that makes the user base a relative non-factor, except in attracting more attempts. And has their ever been any buzz about someone with even an inkling of how they’d do it?
imajoebob, on June 21st, 2008 at 2:35 pm
I come from an era where we’d have to use a ‘Disinfect Bath’ Mac to clean any floppies or drives coming into the design lab at university.
Today’s threats to OS X just don’t compare with how things were back in System 7.
Don’t forget the market share back then was still approximately the same as it is today.
So far, all these nasties rely on the user taking to install and run.
The social engineering aspect is what these things depend on.
So really, as always, the user is still the weakest link in the chain.
Alex, on June 21st, 2008 at 3:13 pm
@imajoebob
It all falls down when you can escalate yourself to the “machine” (AKA root) account through security holes you could drive a fleet of buses through.
http://www.rixstep.com/1/20080620,00.shtml
SC, on June 21st, 2008 at 9:19 pm
I’ve always suspected the ‘virus scan people’ to be behind the problem, at least to some extent. What better way to sell product and justify their existence than to create the problem and create the need. check out my blog: http://mdoncall.blogspot.com
Doctor S, on June 23rd, 2008 at 4:35 am
@SC,
Thanks for the link. And the reassurance that I may have saved more than $129 staying on 10.4 (G4 helps in that decision, too).
As best I can understand this blog,
1) You have to be running Remote Desktop, so if you’re not one of the 50 or so using it you’re safe (okay, slight exaggeration on the users),
2) You have to run the script - or at least allow it to run, and
3) if it’s as easy to do as Rix is saying, he’s untrustworthy for publishing the scripts - even if they appear elsewhere, which makes what he says untrustworthy, which makes his scripts untr- ooh, I’m getting dizzy.
Acknowledging my limited ability to understand code, this appears to be more of the stuff aimed at cooperative naîfs.
Or maybe I’m just an uncooperative naîf.
imajoebob, on June 23rd, 2008 at 8:41 am
[...] course, I knew from chatter over the summer and from more recent conversation that the days of Macs being impervious to viruses and malware are [...]
Macs’ Virus Immunity is Reaching Its Expiration Date | Cult of Mac, on December 1st, 2008 at 10:40 pm
[...] course, I knew from chatter over the summer and from more recent conversation that the days of Macs being impervious to viruses and malware are [...]
Macs’ Virus Immunity is Reaching Its Expiration Date (- InftekHosting.Com) | mySBSteam Blog, on December 3rd, 2008 at 12:12 am