Mac users face rare threat
Results 1 to 7 of 7

Thread: Mac users face rare threat

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Mac users face rare threat

    A script-based threat that spies on Mac users caught the attention of some security watchers last week.

    The malware, which has been dubbed Opener by Mac user groups, has the potential to disable Mac OS X's built-in firewall, steal personal information or destroy data. At the moment, however, it seems to pose little danger.

    Security experts say those threatening traits are common among the thousands of online threats targeting Microsoft's ubiquitous Windows operating system but are virtually unheard of on Apple Computer's Mac OS.

    Paul Ducklin, Sophos' head of technology in the Asia-Pacific region, said that the software, which Sophos calls Renepo, is designed to affect Mac OS X drives connected to an infected system and that it leaves affected computers vulnerable to further attack.

    Ducklin said Opener disables Mac OS X's built-in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive, and downloads a password cracker called JohnTheRipper.

    Opener is a "rootkit," or a set of software tools that intruders can use to gain access to a computer; it's installed either through a known vulnerability or password-cracking. Rootkits don't spread on their own, as viruses do, and require administrator access to be installed.

    According to Ducklin, Opener could try to spread by copying itself to any drive that is mounted to the infected computer. This could be a local drive, part of a local network or a remote computer.

    It could also be the start of a spate of attacks that use Mac OS X’s scripting features against its users, he said.

    "The existence of Unix shells--such as Bash, for which this virus is written--and the presence of powerful networking commands opens up the game a little bit for Mac users. It is no longer necessary to know about Mac file formats or executables. You can write your malware in script. And if you really wanted to, you could probably write a portable virus that would run on many flavors of Unix" and Mac, said Ducklin

    Chris Waldrip, president of the U.S.-based Atlanta Macintosh Users Group, posted a detailed description of Opener on the MacInTouch Web site.

    Waldrip, who acknowledges that the threat has him "a bit spooked," said Opener seems to have started out with a legitimate purpose but may yet be developed into something more dangerous.

    Waldrip's site also cautions against overreacting to Opener and advises people to use proper security techniques: "As readers take pains to point out, the threat has not yet been incorporated into a widespread virus, worm or Trojan horse, but that's a fairly short step from what we've already seen, and it's important to implement good security procedures."

    Mikko Hypponen, director of antivirus research at F-Secure, said that viruses targeting the Macintosh system virtually disappeared in the late 1980s.

    "Things have been really quiet on Macintosh front, virus-wise. Back in the late 1980s, viruses used to be a much bigger problem on Macs than on PCs. We here at F-Secure used to have an antivirus product for Mac but discontinued it after the macro viruses died out," said Hypponen.

    Symantec said users of Norton AntiVirus for Mac OS X were protected as long as they had updated their signatures over the weekend. A representative for the company said the relevant signature files had been available since Friday evening.
    Source : http://news.zdnet.com/2100-1009_22-5424883.html
    -Simon \"SDK\"

  2. #2
    Senior Member z31200n3's Avatar
    Join Date
    Jan 2004
    Location
    Bellevegas
    Posts
    102
    Interesting...looks like my mac isnt as secure as it once was ;-)


    eh, thanks for the intersting read

    -z3

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    it is definately about time, why should pc's be the only ones with viruii -- does anyone know if Apple is going to release some kind of security patch for it??
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    251
    Unfortunate, but not unexpected.

    With the power of *nix on the desktop comes as many pitfalls as benefits.

    As I've been reading a lot of buzz about Linux breaking into the desktop market (and amazingly enough Linspire/Lin----/Lindows, whatever it's name is now, being sold prebundled with machines at WalMart of all forsaken places) and the high availability of broadband connections, I fear we are going to see a lot more of this happening.

    After all, we have to figure that as John Q. Public starts migrating over to Linux, the people with a propensity for naughtiness are going to follow suite. And as much badness as can be launched from a Windows machine, Linux puts a lot more tools at the jerks disposal.

    It is unfortunate, but we are moving into a world where no machine should be free of a "Virus" scanner, and with the complexity of *nix the scanner will have to be able to spot a wide variety of malware yet still allow any dummass to hit "Update" and then "Scan" rather than jumping through hoops to find a possible rootkit.

    This will make Linux admin's jobs easier as they'll get a lot of handy point and click tools, but it is going to have the unfortunate side effect of making us less geeky. Soon every young teenie-bopper si going to sit down infront of a Linux machine and issue those unfortunate words from Jurassic Park --"This is Unix, I know this"...

    Atleast we'll be able to replenish our geek factor with Gentoo, Slackware, and the various BSDs...

    Could home-user *nix be the end of geek?!?!?!

    Enough of my ramble,
    Dhej
    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Dhej
    Unfortunate, but not unexpected.

    With the power of *nix on the desktop comes as many pitfalls as benefits.



    Pitfalls??

    This will make Linux admin's jobs easier as they'll get a lot of handy point and click tools, but it is going to have the unfortunate side effect of making us less geeky. Soon every young teenie-bopper si going to sit down infront of a Linux machine and issue those unfortunate words from Jurassic Park --"This is Unix, I know this"...
    That tool they used in that movie is available free from SGI

    Atleast we'll be able to replenish our geek factor with Gentoo, Slackware, and the various BSDs...
    You got me there, Gentoo has around 5 security flaws a week from my count, and you are sure too get in some practice. Slackware may take longer, it only gets a few bug fixes per month. BSD... Heh I'll be nice. Free BSD is cool but it has it's own problems.

    Could home-user *nix be the end of geek?!?!?!
    Don't let it worry you, when Linux got popular the bitches who couldn't stand others using it switched too BSD. And hey Plan9 is still Beta quality crap a home user wouldn't use! So it will be Ok

    Enough of my ramble,


    Dhej
    Hehe, it's not like you rant much anyway. You'd have too be an actual active poster for that, if you kept your ass here once in a while.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Junior Member
    Join Date
    Jan 2005
    Posts
    2
    Since X has been switched to shadowed passwords nolonger easily founded with command netinfo tools, Johntheripper ait doing much anymore.

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Arrow This is an old thread ...

    chaostic_2k1 - Just some (hopefully) friendly advice ...

    If the date is flashing it's usually wise to not add to that thread. I typed usually as sometimes there are exceptions where someone can add something new to the discussion.

    Welcome to AntiOnline, on behalf of all more senior than me.
    Happy New Year!
    Tomorrow is another day for yesterdays work!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •