AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > Support > Tech Support

Notices

Reply
 
Thread Tools
Old 2009-04-16, 21:14   Link #1
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Age: 74
Mac-based botnet uncovered

Today's Slashdot cites this important story about the discovery of a botnet running entirely on Macs using OS X.

Turns out the culprit was hidden inside pirated copies of Photoshop CS4 and iWork 09 that were widely distributed over torrents. If you're running a Mac and have an illegitimate copy of one of these programs, you should read this article and make sure your computer is not being used to launch attacks across the Internet.

Macs have a security model which is based on Unix and is in general pretty solid against remote attackers. What it can't protect against is users who install the malware themselves as occurred in this case.

Remember, boys and girls, "don't copy that floppy." Seriously, if you want a good, entirely free graphics package, use the GIMP.
SeijiSensei is offline   Reply With Quote
Old 2009-04-16, 21:37   Link #2
chikorita157
ひきこもりアイドル
*IT Support
 
 
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
Solution: don't PIRATE software... just buy legitimate copy (iWork is only $79 dollars and is cheaper than Microsoft Office and there are alternatives to Photoshop like Pixelmator, Acorn (which is a whole lot cheaper than Photoshop while being easy to use and have around the same capabilities of Photoshop)... or if you looking for open source, GIMP, Seashore and OpenOffice/NeoOffice)

Also, downloading software from unsafe sources are most likely going to attract these kinds of trojans. Also, the trojan requires the user to enter the administrator password, it's not like Windows it will execute without the user knowing it, but most people will enter the password regardless unless someone knows for sure.

It's probably a good idea to get Little Snitch which is more powerful than the built in firewall Mac OS X provides and can block applications to connecting onto the internet (although it can be naggy).
__________________

Last edited by chikorita157; 2009-04-16 at 22:23.
chikorita157 is offline   Reply With Quote
Old 2009-04-16, 22:07   Link #3
felix
sleepyhead
*Author
 
 
Join Date: Dec 2005
Location: event horizon
This is why firewalls are designed to block both incoming and outgoing connections.
__________________
felix is offline   Reply With Quote
Old 2009-04-16, 23:30   Link #4
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Age: 74
Quote:
Originally Posted by Cats
This is why firewalls are designed to block both incoming and outgoing connections.
True. but in the case of spambots for instance, the problem is that the outgoing connection is often a legitimate one. People who have off-site email often need to use SMTP to send mail to the remote server. Of course that means they're also capable of being turned into a spamming zombie connecting to port 25 on mail servers around the world. The obvious technical solution to this is a blanket denial of connections to port 25 on remote machines with a specific exemption for the IP address of the user's server. This kind of fine-grained security model is pretty tough for ordinary users to manage. In addition, most bots use common protocols like HTTP to communicate with the mother ship. No outbound filters are likely to block that.

Some commercial firewalls like ZoneAlarm can be configured to ask the user to grant a program permission to connect to a remote host. I'll bet this is one of the functions that gets turned off the quickest by people after being confronted with repeated confusing security alerts.

No operating system can protect users from themselves. At best, they can throw up a few roadblocks along the way, but a little persistence usually gets around those obstacles. My Linux boxes are pretty secure against most root exploits, particularly remote exploits, but they can't stop me from installing a script that would run with my (non-root) permissions and turn my computer into a spambot. In places where I've built the firewall, that approach wouldn't work because I follow your method and don't let the inside machines talk directly to remote hosts over SMTP (or most anything else). Normal consumers probably won't have that kind of firewalling in place either on their machines or their routers.

Unfortunately Apple seems intent on an advertising campaign that lulls its users into a false sense of security by telling them they're so much safer than people running Windows.

Quote:
Originally Posted by chikorita157 View Post
Also, the trojan requires the user to enter the administrator password
Since the users think they're installing Photoshop, it's hardly surprising that they'd grant the installer admin rights in this situation.

Last edited by SeijiSensei; 2009-04-17 at 00:42.
SeijiSensei is offline   Reply With Quote
Old 2009-04-17, 08:35   Link #5
chikorita157
ひきこもりアイドル
*IT Support
 
 
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
Quote:
Originally Posted by SeijiSensei View Post
True. but in the case of spambots for instance, the problem is that the outgoing connection is often a legitimate one. People who have off-site email often need to use SMTP to send mail to the remote server. Of course that means they're also capable of being turned into a spamming zombie connecting to port 25 on mail servers around the world. The obvious technical solution to this is a blanket denial of connections to port 25 on remote machines with a specific exemption for the IP address of the user's server. This kind of fine-grained security model is pretty tough for ordinary users to manage. In addition, most bots use common protocols like HTTP to communicate with the mother ship. No outbound filters are likely to block that.

Some commercial firewalls like ZoneAlarm can be configured to ask the user to grant a program permission to connect to a remote host. I'll bet this is one of the functions that gets turned off the quickest by people after being confronted with repeated confusing security alerts.

No operating system can protect users from themselves. At best, they can throw up a few roadblocks along the way, but a little persistence usually gets around those obstacles. My Linux boxes are pretty secure against most root exploits, particularly remote exploits, but they can't stop me from installing a script that would run with my (non-root) permissions and turn my computer into a spambot. In places where I've built the firewall, that approach wouldn't work because I follow your method and don't let the inside machines talk directly to remote hosts over SMTP (or most anything else). Normal consumers probably won't have that kind of firewalling in place either on their machines or their routers.

Unfortunately Apple seems intent on an advertising campaign that lulls its users into a false sense of security by telling them they're so much safer than people running Windows.
In theory, Mac OS X is secure because it's built on BSD, but in reality... any operating system can be exploited because operating systems are not bug free or completely free from any exploits because they can be found at any time.

Of course Mac OS X and Linux don't have any known viruses and worms right now because the lack of market share... Hackers tend to target Windows because they can spread the virus/worm/trojan more effectively and to more computers other than Mac OS X or Linux which have low market share.


Quote:
Since the users think they're installing Photoshop, it's hardly surprising that they'd grant the installer admin rights in this situation.
Like I said in a post earlier... it can be prevented by not pirating software... and you might not know if there is a piece of malware for sure since it came from a different source.
__________________
chikorita157 is offline   Reply With Quote
Old 2009-04-17, 12:30   Link #6
mechabao
Senior Member
 
Join Date: Sep 2008
Heh most users are usually the weak link in the security chain anyway.
mechabao is offline   Reply With Quote
Old 2009-04-17, 18:59   Link #7
bayoab
Senior Member
 
Join Date: Nov 2003
Quote:
Originally Posted by chikorita157 View Post
In theory, Mac OS X is secure because it's built on BSD, but in reality... any operating system can be exploited because operating systems are not bug free or completely free from any exploits because they can be found at any time.
The majority of the OSX vulnerabilities are in the programs that apple distributes with it (this includes the open source ones). Apple is incredibly slow in patching things so there are tons of open exploits for months if you can hit the appropriate process.

Quote:
Of course Mac OS X and Linux don't have any known viruses and worms right now because the lack of market share...
This is just untrue. Even with the lack of market share, there are viruses and worms.
bayoab is offline   Reply With Quote
Old 2009-04-17, 19:28   Link #8
chikorita157
ひきこもりアイドル
*IT Support
 
 
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
Quote:
Originally Posted by bayoab View Post
The majority of the OSX vulnerabilities are in the programs that apple distributes with it (this includes the open source ones). Apple is incredibly slow in patching things so there are tons of open exploits for months if you can hit the appropriate process.
Although it takes Apple a few months to patch them (mainly in a security update or a OS update (example: 10.5.x updates), the number of exploits isn't that many compared to Windows, but Windows vulnerabilities are mostly exploited because of Windows's high market share.

Also, the number of programs such as web browsers open you up to more vulnerabilities, not just the Operating system, like Firefox due to the fact that more people are using that browser. A vulnerability doesn't become a danger to computer security until it's exploited by a piece of malware, which is important for the vendor to patch it so it doesn't get exploited. Updating your software prevents these exploits which have been patch to be used (like the current Conflicker worm which can not be infected by computers which have the OS patch installed)


Quote:
This is just untrue. Even with the lack of market share, there are viruses and worms.
Then, list all viruses and worms (not trojans) that are currently made for Mac OS X or Linux then... There aren't that many compared to Windows. Even if a piece of malware can be created regardless of the operating system, hackers are not likely going to write a virus or a worm for a operating system with low market share... they are going to target the operating system with the highest market share... like Windows.

So far, Mac OS X haven't really been hit with any real worms or viruses, just trojans (which the first one discovered in 2006).
__________________
chikorita157 is offline   Reply With Quote
Old 2009-04-17, 20:01   Link #9
holyalexander
holy alexander
 
Join Date: Dec 2008
Location: vancouver
yeah Piracy Software will give you virus and it has backdoors too..
holyalexander is offline   Reply With Quote
Old 2009-04-17, 22:48   Link #10
Claies
Good-Natured Asshole.
 
 
Join Date: May 2007
Age: 34
Well, gauntlet's down. Since Macs are now popular, Macs are not safer. Apple Fanboys, amassing a larger army can cripple you to a larger threat. Take note.
Claies is offline   Reply With Quote
Old 2009-04-18, 12:11   Link #11
-KarumA-
(。☉౪ ⊙。)
*Author
 
 
Join Date: Jul 2004
Location: In Maya world, where all is 3D and everything crashes
Age: 36
Sorry but am I the only one who lolled at this
Really you Apple users didn't think you would remain safe forever XD
-KarumA- is offline   Reply With Quote
Old 2009-04-18, 12:24   Link #12
chikorita157
ひきこもりアイドル
*IT Support
 
 
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
Quote:
Originally Posted by -KarumA- View Post
Sorry but am I the only one who lolled at this
Really you Apple users didn't think you would remain safe forever XD
Actually, most Apple users don't use Anti-virus or have a Firewall on, but for me, I have a Anti-virus and a firewall installed on Mac just for extra security.

But, everyone got to remember... any operating system can get malware be it Windows, Mac OS X, or Linux and people need to use proper security procedures like upgrading the OS, having a secure password and have updated security software running.

Note: I use Mac OS X as a main operating system, but I also use Windows (without any virus protection) and Linux (which disproves myself being a Apple Fanboy because I don't defend Apple or worship them) and I haven't got a virus at all.

Edit 2: Also, it's no laughing matter, although it's funny to make fun of apple fanboys/cultists...
__________________

Last edited by chikorita157; 2009-04-18 at 17:02.
chikorita157 is offline   Reply With Quote
Old 2009-04-18, 15:28   Link #13
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 43
Quote:
Originally Posted by -KarumA- View Post
Sorry but am I the only one who lolled at this
...
I did not, since I always expected it to happen. Though, I often laugh when an Apple-addict speaks about his/her godly hard-/software as if it was next generation out of space technology thats worth all the money they spend, but thats not the topic now (and its really just this specific type of bragging apple users I am talking about here... not the normal apple users).
I really cannot feel malicious joy in security matters, especially not with bot nets. I regard every bot net as dangerous no matter which platform (that makes me rather concerned actually).
__________________
Folding@Home, Team Animesuki
Jinto is offline   Reply With Quote
Old 2009-04-18, 16:54   Link #14
felix
sleepyhead
*Author
 
 
Join Date: Dec 2005
Location: event horizon
Quote:
Originally Posted by chikorita157 View Post
and I haven't got a virus at all. It's not really that hard to keep your computer malware free if you are not doing reckless things...
"Yes you don't, you are completly safe. As long as you don't "see" anything nothings there, right?" /end sarcasm

You know, I'm sick and tired of formating my usb stick every time it gets all sorts of crap from people with the same thinking like you. And as far as rekless things go, look around, where the heck do you think you are? I reported a malware link that got though the system here not too long ago.
__________________
felix is offline   Reply With Quote
Old 2009-04-18, 17:01   Link #15
chikorita157
ひきこもりアイドル
*IT Support
 
 
Join Date: Feb 2009
Location: Pennsylvania , United States
Age: 34
Quote:
Originally Posted by Cats View Post
"Yes you don't, you are completly safe. As long as you don't "see" anything nothings there, right?" /end sarcasm

You know, I'm sick and tired of formating my usb stick every time it gets all sorts of crap from people with the same thinking like you. And as far as rekless things go, look around, where the heck do you think you are? I reported a malware link that got though the system here not too long ago.
I do apologize for that statement and sorry if I have offended you, I shouldn't have made that statement...

In most cases they are avoidable, except the USB stick viruses like you said, but people shouldn't really run with full administrative rights or have UAC off because it removes the layer of protection to prevent malware from installing.
__________________
chikorita157 is offline   Reply With Quote
Old 2009-04-18, 17:31   Link #16
felix
sleepyhead
*Author
 
 
Join Date: Dec 2005
Location: event horizon
The biggest problems I've had in recent years as far as security go were related to machines on internal networks gettting turned into zombies. As far as the owners were concern they were "working fine". Unfortunetly network resources don't work on a individual level so in a lot of cases your problem is everyone's problem.
__________________
felix is offline   Reply With Quote
Reply

Tags
botnets, computer security, iwork, mac, photoshop

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:22.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
We use Silk.