PDA

View Full Version : Mac Threat Alert...



lyndens
21st April 2009, 03:45 PM
Hey,

I just received an email from PC Tools saying the following.


Mac Threat Alert
Know anyone that's a Mac User?

Then let them know that malware researchers have discovered what appears to be the first Mac OSX botnet, aka MacBot or iBotnet and its receiving a substantial amount of industry and media interest.

Early estimates suggest that thousands of people have unknowingly downloaded the infected files. Don't let yourself be one of them...

In a nutshell the botnet is launching a number of malware variants inside pirated copies of popular Mac based software in order to take control of the infected Mac machine.




Has anyone else heard anything about this?

And can anyone recommend any freeware anti-virus software, i am running leopard 10.5.5, on my macbook.

cheers

MightyAtom
21st April 2009, 04:01 PM
This sounds like the original pirated version of iWork 09 that was infected with a trojan, it appears to be creating a botnet.

If you haven't pirated iWork 09 you should be safe.

pengu
21st April 2009, 04:16 PM
I believe the trojan was also included in pirate versions of Photoshop CS4.

Brains
21st April 2009, 05:20 PM
It's very real. (http://www.symantec.com/security_response/writeup.jsp?docid=2009-012216-4245-99)

timmytomtam
21st April 2009, 05:23 PM
post deleted.

doesnt matter..

kyte
21st April 2009, 05:50 PM
And can anyone recommend any freeware anti-virus software, i am running leopard 10.5.5, on my macbook.

cheers

iAntiVirus - Free AntiVirus for Mac (http://www.iantivirus.com/) (free, but there is a commercial version as well)

and

ClamXav (http://www.clamxav.com/) which is pretty darned good, and has been around for ages

forgie
21st April 2009, 06:53 PM
Interesting, a genuine trojan. (which is _not_ a virus just for the record)

Anyone know what the payload actually gives access to? Does it open up SSH access or something like that? I wonder if it can make use of uPNP or something similar to open up holes in a typical home NAT router?

rtc on the road
21st April 2009, 08:13 PM
i smell the makings of an anti-piracy campaign in disguise, leveraging scare tactics off the back of the legitimate iwork09 trojan

Snow Leopard
21st April 2009, 08:22 PM
ok, how would you get the virus?
what do you have to do? because i certainly don't want it.

all i know is that i found a serial number for iwork09 on youtube. am i safe?

Brains
21st April 2009, 08:38 PM
Anyone know what the payload actually gives access to?

It seems to be quite the clever little bundle. It delivers a P2P engine and IRC client and installs itself and runs as root, and is capable of running payloads as root. It also uses its own SSH.

Phase
21st April 2009, 08:42 PM
http://img.skitch.com/20090421-ugpsgcqe3us3nshjmtc2ngim6.gif

MrJesseRoss
21st April 2009, 08:44 PM
ok, how would you get the virus?
what do you have to do? because i certainly don't want it.

all i know is that i found a serial number for iwork09 on youtube. am i safe?

Don't download pirated software from P2P/Torrent sites, and you should be safe.

You can't get a trojan from a serial number on youtube. You need to download an infected version of iWork 09.

Snow Leopard
21st April 2009, 08:46 PM
Don't download pirated software from P2P/Torrent sites, and you should be safe.

You can't get a trojan from a serial number on youtube. You need to download an infected version of iWork 09.

thanks. i'm safe!!! no more worring!!!:D:D:D

ClockWork
21st April 2009, 09:22 PM
This is Mac OS 10.5.x only, right?

takamine
21st April 2009, 10:06 PM
If I need to download something through P2P, I'll use a PC. I certainly don't download any pirated Mac software. I try to test the stuff I download in a VM first before putting it on my main system.

gikku
21st April 2009, 10:46 PM
the best bit, i reckon, is that iWork is a free download from Apple.
Quite why anyone would download the .dmg/installer via a torrent is really beyond me.
How big can a serial number be?

lyndens
22nd April 2009, 08:23 AM
Thanks ppl.

i think i'm in the clear, but i'm definately getting anti-virus software anyway.

Just wondering.... are there actually no viruses for macs, except for this one??

Do hackers just not really care for macs?

n20nine
22nd April 2009, 02:28 PM
just download the iwork 09 installer from apple's site, you should be safe and if u like it, just pay for it, its not expensive.

there is something called as the "iservices trojan removal tool" that scans and removes the trojan. its a free download. if you cant find it, let me know, i have it and dont mind uploading it.

dotnet
22nd April 2009, 03:32 PM
there is something called as the "iservices trojan removal tool" that scans and removes the trojan. its a free download. if you cant find it, let me know, i have it and dont mind uploading it.

Thanks very much, so we download software from someone we don't know because it's free and sounds like something we want, and then go and run it on our Macs, supplying the admin password when asked.

No offense, but isn't this the sort of mentality that created the problem in the first place?

Cheers
Steffen.

Snow Leopard
22nd April 2009, 04:04 PM
How big can a serial number be?

It's just copy & paste text :cool:

Snow Leopard
22nd April 2009, 04:11 PM
what would the trojan do to your mac, anyway?

takamine
22nd April 2009, 05:41 PM
I'm not too familiar with viruses but I'm guessing they could probably take control of your computer and who knows what they'll do from there. Also possibly sell your information, details etc to marketing companies so they can send you spam. That's what I heard anyways, not sure if that's exactly what happens and I wouldn't want to find out the hard way!

rtc on the road
22nd April 2009, 08:12 PM
spot the difference

virus = an annoying installation that chews up your computer's power running itself in the background, downloading and installing things, filling your hard drive full of junk, and disabling critical files preventing you from using them

anti virus software = an annoying installation that chews up your computer's power running itself in the background, downloading and installing things, filling your hard drive full of junk, and disabling critical files preventing you from using them

cosmichobo
22nd April 2009, 08:55 PM
Young chap at work (who loves his 1st gen iPhone, but disses Macs) showed me the talk about this macbot on his iPhone today... saying naa naa Macs aren't virus free any more.

I pointed out that it's only a problem if you pirate software, to which he agreed - that's where most PC ones come from as well... especially Adobe files...

n20nine
22nd April 2009, 09:54 PM
Thanks very much, so we download software from someone we don't know because it's free and sounds like something we want, and then go and run it on our Macs, supplying the admin password when asked.

No offense, but isn't this the sort of mentality that created the problem in the first place?

Cheers
Steffen.

Here you go: Macintosh Security Site - Security for Mac Platform MacOS X Security Firewalls Desktop Network Security secure mac os x Virus Encrpytion PGP macosx (http://www.securemac.com/) straight from the site.

timothy
22nd April 2009, 11:39 PM
I know that between our family and friends we never worry about this sort of junk on Mac OSX.

The known minimal security breach is not anywhere near Spyware and Malware which truly annoys the user with pop ups or total slow downs on PC's. This trojan is actually not hindering the small amount of users that installed it from enjoying the computer and from what I heard it is clearly identified and moved to the trash if accidentally installed.

The Trojan is over hyped and could make millions for the Anti-Virus profiteers. If only they could give Mac OSX something really nasty, we could pay them to protect us and purchase more of their war on terror merchandise.

Apple have the resources to supply a haven of software within the Apple Downloads site and they would find it interesting that somebody achieved this recent feat |fēt|
noun
an achievement that requires great courage, skill, or strength : the new printing presses were considerable feats of engineering.
ORIGIN late Middle English (in the general sense [action or deed] ): from Old French fait, from Latin factum (see fact )..

People have tried to hack or infect Mac's for years and the Mac OSX is very user demanding and will need permission to perform crazy tasks...

I still think the current Mac OSX is very safe to the end user. The iPhone shows how simple it can be to keep an app from sending heaps of spam to your contacts etc,,.