AnimeSuki.com Forum

AnimeSuki Forum (http://forums.animesuki.com/index.php)
-   Tech Support (http://forums.animesuki.com/forumdisplay.php?f=24)
-   -   Mac-based botnet uncovered (http://forums.animesuki.com/showthread.php?t=80631)

SeijiSensei 2009-04-16 21:14

Mac-based botnet uncovered
 
Today's Slashdot cites this important story about the discovery of a botnet running entirely on Macs using OS X.

Turns out the culprit was hidden inside pirated copies of Photoshop CS4 and iWork 09 that were widely distributed over torrents. If you're running a Mac and have an illegitimate copy of one of these programs, you should read this article and make sure your computer is not being used to launch attacks across the Internet.

Macs have a security model which is based on Unix and is in general pretty solid against remote attackers. What it can't protect against is users who install the malware themselves as occurred in this case.

Remember, boys and girls, "don't copy that floppy." Seriously, if you want a good, entirely free graphics package, use the GIMP.

chikorita157 2009-04-16 21:37

Solution: don't PIRATE software... just buy legitimate copy (iWork is only $79 dollars and is cheaper than Microsoft Office and there are alternatives to Photoshop like Pixelmator, Acorn (which is a whole lot cheaper than Photoshop while being easy to use and have around the same capabilities of Photoshop)... or if you looking for open source, GIMP, Seashore and OpenOffice/NeoOffice)

Also, downloading software from unsafe sources are most likely going to attract these kinds of trojans. Also, the trojan requires the user to enter the administrator password, it's not like Windows it will execute without the user knowing it, but most people will enter the password regardless unless someone knows for sure.

It's probably a good idea to get Little Snitch which is more powerful than the built in firewall Mac OS X provides and can block applications to connecting onto the internet (although it can be naggy).

felix 2009-04-16 22:07

This is why firewalls are designed to block both incoming and outgoing connections.

SeijiSensei 2009-04-16 23:30

Quote:

Originally Posted by Cats
This is why firewalls are designed to block both incoming and outgoing connections.

True. but in the case of spambots for instance, the problem is that the outgoing connection is often a legitimate one. People who have off-site email often need to use SMTP to send mail to the remote server. Of course that means they're also capable of being turned into a spamming zombie connecting to port 25 on mail servers around the world. The obvious technical solution to this is a blanket denial of connections to port 25 on remote machines with a specific exemption for the IP address of the user's server. This kind of fine-grained security model is pretty tough for ordinary users to manage. In addition, most bots use common protocols like HTTP to communicate with the mother ship. No outbound filters are likely to block that.

Some commercial firewalls like ZoneAlarm can be configured to ask the user to grant a program permission to connect to a remote host. I'll bet this is one of the functions that gets turned off the quickest by people after being confronted with repeated confusing security alerts.

No operating system can protect users from themselves. At best, they can throw up a few roadblocks along the way, but a little persistence usually gets around those obstacles. My Linux boxes are pretty secure against most root exploits, particularly remote exploits, but they can't stop me from installing a script that would run with my (non-root) permissions and turn my computer into a spambot. In places where I've built the firewall, that approach wouldn't work because I follow your method and don't let the inside machines talk directly to remote hosts over SMTP (or most anything else). Normal consumers probably won't have that kind of firewalling in place either on their machines or their routers.

Unfortunately Apple seems intent on an advertising campaign that lulls its users into a false sense of security by telling them they're so much safer than people running Windows.

Quote:

Originally Posted by chikorita157 (Post 2345714)
Also, the trojan requires the user to enter the administrator password

Since the users think they're installing Photoshop, it's hardly surprising that they'd grant the installer admin rights in this situation.

chikorita157 2009-04-17 08:35

Quote:

Originally Posted by SeijiSensei (Post 2345837)
True. but in the case of spambots for instance, the problem is that the outgoing connection is often a legitimate one. People who have off-site email often need to use SMTP to send mail to the remote server. Of course that means they're also capable of being turned into a spamming zombie connecting to port 25 on mail servers around the world. The obvious technical solution to this is a blanket denial of connections to port 25 on remote machines with a specific exemption for the IP address of the user's server. This kind of fine-grained security model is pretty tough for ordinary users to manage. In addition, most bots use common protocols like HTTP to communicate with the mother ship. No outbound filters are likely to block that.

Some commercial firewalls like ZoneAlarm can be configured to ask the user to grant a program permission to connect to a remote host. I'll bet this is one of the functions that gets turned off the quickest by people after being confronted with repeated confusing security alerts.

No operating system can protect users from themselves. At best, they can throw up a few roadblocks along the way, but a little persistence usually gets around those obstacles. My Linux boxes are pretty secure against most root exploits, particularly remote exploits, but they can't stop me from installing a script that would run with my (non-root) permissions and turn my computer into a spambot. In places where I've built the firewall, that approach wouldn't work because I follow your method and don't let the inside machines talk directly to remote hosts over SMTP (or most anything else). Normal consumers probably won't have that kind of firewalling in place either on their machines or their routers.

Unfortunately Apple seems intent on an advertising campaign that lulls its users into a false sense of security by telling them they're so much safer than people running Windows.

In theory, Mac OS X is secure because it's built on BSD, but in reality... any operating system can be exploited because operating systems are not bug free or completely free from any exploits because they can be found at any time.

Of course Mac OS X and Linux don't have any known viruses and worms right now because the lack of market share... Hackers tend to target Windows because they can spread the virus/worm/trojan more effectively and to more computers other than Mac OS X or Linux which have low market share.


Quote:

Since the users think they're installing Photoshop, it's hardly surprising that they'd grant the installer admin rights in this situation.
Like I said in a post earlier... it can be prevented by not pirating software... and you might not know if there is a piece of malware for sure since it came from a different source.

mechabao 2009-04-17 12:30

Heh most users are usually the weak link in the security chain anyway. :D

bayoab 2009-04-17 18:59

Quote:

Originally Posted by chikorita157 (Post 2346405)
In theory, Mac OS X is secure because it's built on BSD, but in reality... any operating system can be exploited because operating systems are not bug free or completely free from any exploits because they can be found at any time.

The majority of the OSX vulnerabilities are in the programs that apple distributes with it (this includes the open source ones). Apple is incredibly slow in patching things so there are tons of open exploits for months if you can hit the appropriate process.

Quote:

Of course Mac OS X and Linux don't have any known viruses and worms right now because the lack of market share...
This is just untrue. Even with the lack of market share, there are viruses and worms.

chikorita157 2009-04-17 19:28

Quote:

Originally Posted by bayoab (Post 2347360)
The majority of the OSX vulnerabilities are in the programs that apple distributes with it (this includes the open source ones). Apple is incredibly slow in patching things so there are tons of open exploits for months if you can hit the appropriate process.

Although it takes Apple a few months to patch them (mainly in a security update or a OS update (example: 10.5.x updates), the number of exploits isn't that many compared to Windows, but Windows vulnerabilities are mostly exploited because of Windows's high market share.

Also, the number of programs such as web browsers open you up to more vulnerabilities, not just the Operating system, like Firefox due to the fact that more people are using that browser. A vulnerability doesn't become a danger to computer security until it's exploited by a piece of malware, which is important for the vendor to patch it so it doesn't get exploited. Updating your software prevents these exploits which have been patch to be used (like the current Conflicker worm which can not be infected by computers which have the OS patch installed)


Quote:

This is just untrue. Even with the lack of market share, there are viruses and worms.
Then, list all viruses and worms (not trojans) that are currently made for Mac OS X or Linux then... There aren't that many compared to Windows. Even if a piece of malware can be created regardless of the operating system, hackers are not likely going to write a virus or a worm for a operating system with low market share... they are going to target the operating system with the highest market share... like Windows.

So far, Mac OS X haven't really been hit with any real worms or viruses, just trojans (which the first one discovered in 2006).

holyalexander 2009-04-17 20:01

yeah Piracy Software will give you virus and it has backdoors too..

Claies 2009-04-17 22:48

Well, gauntlet's down. Since Macs are now popular, Macs are not safer. Apple Fanboys, amassing a larger army can cripple you to a larger threat. Take note.

-KarumA- 2009-04-18 12:11

Sorry but am I the only one who lolled at this :heh:
Really you Apple users didn't think you would remain safe forever XD

chikorita157 2009-04-18 12:24

Quote:

Originally Posted by -KarumA- (Post 2348596)
Sorry but am I the only one who lolled at this :heh:
Really you Apple users didn't think you would remain safe forever XD

Actually, most Apple users don't use Anti-virus or have a Firewall on, but for me, I have a Anti-virus and a firewall installed on Mac just for extra security.

But, everyone got to remember... any operating system can get malware be it Windows, Mac OS X, or Linux and people need to use proper security procedures like upgrading the OS, having a secure password and have updated security software running.

Note: I use Mac OS X as a main operating system, but I also use Windows (without any virus protection) and Linux (which disproves myself being a Apple Fanboy because I don't defend Apple or worship them) and I haven't got a virus at all.

Edit 2: Also, it's no laughing matter, although it's funny to make fun of apple fanboys/cultists...

Jinto 2009-04-18 15:28

Quote:

Originally Posted by -KarumA- (Post 2348596)
Sorry but am I the only one who lolled at this :heh:
...

I did not, since I always expected it to happen. Though, I often laugh when an Apple-addict speaks about his/her godly hard-/software as if it was next generation out of space technology thats worth all the money they spend, but thats not the topic now (and its really just this specific type of bragging apple users I am talking about here... not the normal apple users).
I really cannot feel malicious joy in security matters, especially not with bot nets. I regard every bot net as dangerous no matter which platform (that makes me rather concerned actually).

felix 2009-04-18 16:54

Quote:

Originally Posted by chikorita157 (Post 2348616)
and I haven't got a virus at all. It's not really that hard to keep your computer malware free if you are not doing reckless things...

"Yes you don't, you are completly safe. As long as you don't "see" anything nothings there, right?" /end sarcasm

You know, I'm sick and tired of formating my usb stick every time it gets all sorts of crap from people with the same thinking like you. And as far as rekless things go, look around, where the heck do you think you are? I reported a malware link that got though the system here not too long ago.

chikorita157 2009-04-18 17:01

Quote:

Originally Posted by Cats (Post 2349000)
"Yes you don't, you are completly safe. As long as you don't "see" anything nothings there, right?" /end sarcasm

You know, I'm sick and tired of formating my usb stick every time it gets all sorts of crap from people with the same thinking like you. And as far as rekless things go, look around, where the heck do you think you are? I reported a malware link that got though the system here not too long ago.

I do apologize for that statement and sorry if I have offended you, I shouldn't have made that statement...

In most cases they are avoidable, except the USB stick viruses like you said, but people shouldn't really run with full administrative rights or have UAC off because it removes the layer of protection to prevent malware from installing.

felix 2009-04-18 17:31

The biggest problems I've had in recent years as far as security go were related to machines on internal networks gettting turned into zombies. As far as the owners were concern they were "working fine". Unfortunetly network resources don't work on a individual level so in a lot of cases your problem is everyone's problem.


All times are GMT -5. The time now is 21:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.