Mac OS X malware posing as fake video codec discovered

Source: ZDnet

Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object found at a bogus Macintosh PortTube site.

The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.



Read more: http://blogs.zdnet.com/security/?p=3575&tag=nl.e550

---

AS Mac gains in popularity I'll wager we see much more of this.

Hey Mac you're looking kinda sick, you okay?

I think I caught a virus. Hey, stop laughing at me!

No... wait... get a PC!

NO OS is safe. Just because no one has exploited a given OS yet(ha) doesn't mean it's invulnerable or superior.

OS X has no flaws. Its several hundred megabyte patch bundles are merely extra icing on the cake that is OS X. Ignore the security patches behind the curtain.

And if you really feel like it, click your heels 3 times and say, "There's no place like Cupertino".

Nowadays, honest to goodness real viruses are few and far between. Most rely on social engineering. And when you get rid of variants, self-mutating viruses, etc, you're left with a very small number of real viruses indeed. A good article:
http://www.cknow.com/cms/vtutor/number-of-viruses.html

And another great site:
http://www.wildlist.org/faq.htm

• It's very intuitive, compared to windows.

• It's very common in my line of work.


Not having to worry AS MUCH about viruses is nice, but they still do exist.

http://www.prweb.com/releases/apple-Acknowledges/malware-macscan-protects/prweb2521784.htm

Apple has finally acknowledged that spyware and viruses are a threat for Mac OS X (http://www.apple.com/macosx/what-is-macosx/security.html), as well as the latest operating system in the works, Snow Leopard. Snow Leopard will be adding new technology to help prevent against attacks such as sandboxing and anti-phishing features in Safari. This, however, is not a 100% solution to protect against malware.

SecureMac applauds Apple for recognizing that Macs are not immune to malware, as it contradicts their TV commercials which attack their counter-parts by implying Macs are completely secure. However, it is important to recognize that these new technologies in the operating system will not protect against all threats.

From Apple's website: "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection."

lol

Macs turn to the dark side was foretold.

...on a threat that is prone to become a daily routine in the long term...?"

Apple generally lets the anti-virus software companies that discover these new malware variants (and probably write them) generate the security awareness.

Just like they did the last time the same kind of trojan appeared over a year and a half ago.

http://news.cnet.com/8301-13579_3-9808489-37.html

Solution: Don't be an idiot and download stuff when you don't know what it is. (especially from porn sites)

"Solution: Don't be an idiot and download stuff when you don't know what it is. (especially from porn sites)"

Security expert and open source advocate Ivan Krstić has been tapped by Apple to lead core OS security. His experience should bring a lot to the table when it comes to beefing up security in Apple's operating system.

http://arstechnica.com/apple/news/2009/05/apple-hires-former-olpc-security-head-to-harden-mac-os-x.ars

Despite its assertion that Macs don't suffer from the viruses and malware that Windows does in a number of its "Get a Mac" ads, Apple has been criticized for not taking security seriously enough. This is particularly because Leopard does not implement (or implement fully) the same security measures as Windows Vista. Lest you think Apple is hoping that its relatively small market share will keep it safe forever, though, the company has hired former director of security architecture at One Laptop per Child, Ivan Krstić, to handle core security for its operating systems.

Krstić, who is an unabashed devotee of Linux and Python, created the Bitfrost security platform for the OLPC project. The system works by effectively running each application in its own sandboxed virtual machine. Each VM is equipped only with the hardware and network access approved either by a central authority server (such as in a school) or expressly permitted by the user. The system also includes an anti-theft mechanism that prevents a laptop from working once it has been reported stolen or otherwise can't check in with a central "leasing" server.

http://www.appleinsider.com/articles/09/06/15/apple_plugs_critical_java_security_hole_affecting_tiger_leopard.html

Apple on Monday finally got around to patching a widely-publicized security flaw in the version of Java shipping with Mac OS X, which could leave a Mac open to attack while browsing the web.

The Mac maker came under criticism from a pair of security firms last month for failing to patch the exploit, which it has reportedly been aware of since January.

The vulnerability, which theoretically exists on all platforms supporting Java, could allow a remote user to run code, delete files, and execute applications on a Mac through a maliciously crafted Java applet.

When executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to a Mac. This could leave users open to “drive-by attacks," according to security firm Intego, which had recommended that users disable Java until a fix was made available.

and are really awesome and have colorful plastic cases, and are made by the same crazy friendly stick-it-to-the-Man company that makes the iPhone and iPod, so iDon't believe this story.

gave me a good laugh.

...Run for the hills, Apple is doomed. :eyes:

What's microsoft's excuse for opening malware with open arms?

Oh, Windows 7 includes a keylogger whose "official" purpose is to help tech people support the machine remotely. XP firewall and UAC were hacked fairly quickly once put on the market. How long before this new utility is cracked? 20 minutes?

Mac is still infinitely secure to a PC by comparison.

Period.

:rofl:

:rofl:

It's a VIDEO codec!!

:dunce:

chants. :)

I own a Mac and I pay $1.99 - $2.99 for most used LPs. Never bought anything at the iTunes store; I prefer physical media.

For the past two years at the Pwn2Own hacking contest, It was the Mac OS X that went down first.

http://news.cnet.com/8301-1009_3-10199652-83.html

The security expert who won $10,000 hacking a MacBook Air in less than two minutes last year won $5,000 on Wednesday by exploiting a hole in Safari in 10 seconds or so.

Charlie Miller, principal security analyst at Independent Security Evaluators, used a MacBook running the latest version of the Mac OS as part of a contest at the CanSecWest security conference called "Pwn2Own," which is hacker slang for gaining control of a computer.

The security hole, which Miller said he discovered last year, allows a remote attacker to gain control of a machine simply by getting the computer user to click on a malicious URL, as Miller demonstrated.

"It's not easy, but this worked with one click" from the Safari browser, he said.

----------------------------------------

Questions for Pwn2Own hacker Charlie Miller
http://blogs.zdnet.com/security/?p=2941

Why Safari? Why didn’t you go after IE or Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.

Link?

XP firewall hacked? Link?

UAC hacked? Link?

Kthx

http://blogs.techrepublic.com.com/window-on-windows/?p=849

That's all it is. A keylogger with a fancy name.

It probably has the same security precautions in it like how they put in the same for critical apps such as "notepad.exe" and "paint.exe".


You can also google "Windows 7 Problem Steps Recorder" to find out more about this latest way Microsoft opens the door to hackers with open, warm arms.

But good job on the FUD and bullshit. If somebody wants to maliciously log keystrokes they aren't going to bother to piggy back onto that thing.

from porn sites (especially) and torrents.

Still won't see a PC in my home. Macs are far superior even when they cost more.

bastards.

Does a legitimate version of such thing exist? Does it even make sense?

ActiveX is a Windows API that calls other Windows APIs. Since the number of Windows APIs on a Unix system is...well, zero...about the only way I can think of to implement ActiveX on a Mac is to run BootCamp or Parallels and run Windows as a child process under the BootCamp/Parallels parent process.

I can well understand how someone could get tricked into installing a bogus "OS X ActiveX" virus; way too much shit on the Internets requires ActiveX to run, which means there are way too many geeks who are willing to blow off a very large part of their potential audience because the audience isn't running the computer the geeks think they should be. (No, this doesn't just mean Mac users--there's no Linux, FreeBSD, Solaris or whatever ActiveX either!) Someone fairly new to computing who runs into enough of those sites is going to start looking for a way to make them work on his or her computer.

There apparently is (was?) an Internet Explorer for OSX, so there you go...

they will certainly become targets for malware and such. It often comes down to the person running the machine as being the best defense, not the OS.
I will keep my iMac, thank you.

IIRC all web browsers are extremely close under the hood because everyone used Mosaic as their starting point.

I've seen a lot of ActiveX controls that look really good, and people would like if they could run them on their Macs...that won't run because they're written in a technology that's welded to Windows.