New Trojan Targets Mac OS X

[arsenal]

http://www.macnn.com/articles/07/10/....targets.macs/

Quote:

The trojan itself is a form of DNSChanger, using the scutil command to change the Mac's DNS server -- a service that translates hostnames like macnn.com to their numerical IP addresses. Using a poisoned DNS server, the Mac hijacks some Web requests for phishing or to generate revenue from pornographic advertisements.

What's more, under Mac OS X 10.4 Tiger there is no way to see the changed DNS server in the operating system's graphical user interface, although in Mac OS X 10.5 Leopard users can see the change in the Advanced Network preferences; the added DNS servers are dimmed and cannot be removed manually.

Intego says all versions of Mac OS X include the scutil command, suggesting that all versions are vulnerable to the new trojan.

[Barnes]

You will still have to okay 2-3 separate prompts to install this "trojan". It's not like you can get infected without knowing just from surfing. A porn site is trying to get you to download and install an application. What would any semi computer literate person do?

[BlackArcher101]

double post

[BlackArcher101]

Quote:

Originally Posted by Barnes

What would any semi computer literate person do?

If the person is anything like most people I know, he/she will click it totally oblivious to the fact they did something bad. Adaware and other spyware/virus programs thrive off people like this. I run free avg with nothing else and haven't had a virus on my pc since that one years ago that automatically infected your pc once you connected to the internet. The one that shut down your pc and was more of any annoyance than anything else.

I guess what I'm trying to get at is awareness of the tricks on the net and what to avoid goes a long way in battling virus', but I find the average home user/parent/casual surfer throws caution to the wind when surfing. Our common sense has to be taught to others and virus'/trojans will always spread because of this.

[llama64]

Hah! I knew it. I just ordered my first Mac ever thinking they would be safer then a Windows box.

Sorry guys, this is my fault. I brought the nastiness over to the Mac world.

--

Bit off topic but for you Windows users out there, if you want to avoid compromising your computer, just do the following:
- Use a good web browser (Opera, Firefox). I still recommend against IE7 despite it coming a long way.
- Install an anti-virus software package not made by Symantec. Norton causes more problems then it solves. McAfee isn't far behind either. My personal recommendation is AVG Free.
- Don't install crap from MySpace or MSN. Things like screen savers, mouse cursors and animated dancer icon things are usually vectors for spyware/ad-ware.
- Move your My Documents folder off your C: drive an onto a separate partition.

I'm sure there are others.

[Regorium]

But but...Steve jobs not only told me that Macs don't have viruses, they ALWAYS work, work straight out of the box, require NO drivers for any device...

But, it's not true? *shock*

Norton really is a PITA too. I've had it flag so many things that are not actually viruses, but are bugs in Norton. Then they come out with an update to fix it, but now I have things stuck in my Quarantine FOREVER because the files no longer exist. Dammit.

[Cowboy89]

You have to figrue that a big reason for mac's having less/no viruses has to do with their tiny market share in the personal computer market. It's simply not profitable for scammers/adwarers to prey on the 2-5% of users that use mac's. As they get more popular a day will come when macs are just as useless as PC's when it comes to viruses/adware/spyware.

[mykalberta]

I will reserve judgement until its mentioned as a serious issue on TWIT

[Azure]

Quote:

Originally Posted by llama64

- Move your My Documents folder off your C: drive an onto a separate partition.

How come?

[arsenal]

Quote:

Originally Posted by Barnes

You will still have to okay 2-3 separate prompts to install this "trojan". It's not like you can get infected without knowing just from surfing. A porn site is trying to get you to download and install an application. What would any semi computer literate person do?

Well that's the whole point of a Trojan. Is to make you think you are actually doing something useful, yet the payload is a virus, thus compromising your system.
It's not a self-propagating worm.

Also, I read some where that the firewall is not turned on by default in Leopard. So you will have to turn it on for you Leopard users.
Not sure about other versions of Mac OS.

[arsenal]

Quote:

Originally Posted by Cowboy89

You have to figrue that a big reason for mac's having less/no viruses has to do with their tiny market share in the personal computer market. It's simply not profitable for scammers/adwarers to prey on the 2-5% of users that use mac's. As they get more popular a day will come when macs are just as useless as PC's when it comes to viruses/adware/spyware.

Not really. Part of it is that Mac OSX architecture is inherently safer than previous versions of windows. Just because Mac OSX makes the actual user run under an account that doesn't have full permissions to the entire system. Where as in Windows, the user was always running as administrator. Same goes with users of *NIX systems. Unless those users are complete ID 10 T 's, they are not running as root.

[llama64]

Quote:

Originally Posted by Azure

How come?

Its a best practice to minimize data loss in case of trouble. On my PC my computer is setup like this:
300GB HDD
C: - 40gb partition: System drive containing applications and Windows
D: - 250gb partition: data drive containing documents, media and games
S: - 10gb partition: drive containing my Virtual Memory swap file

With this setup, I can trash windows completely by formating C: without worrying about affecting the data on D:. It also makes things easier when re-installing windows or trying to recover data in case of a file system error. A virus that trashes the file system on C: might leave the D: alone and intact.

Ideally, D: would be it's own drive to minimize risk versus hardware failure, but I'm not personally worried bout that at home.

[llama64]

Quote:

Originally Posted by arsenal

Not really. Part of it is that Mac OSX architecture is inherently safer than previous versions of windows. Just because Mac OSX makes the actual user run under an account that doesn't have full permissions to the entire system. Where as in Windows, the user was always running as administrator. Same goes with users of *NIX systems. Unless those users are complete ID 10 T 's, they are not running as root.

Kinda tangential to this, this argument only applies to versions of windows prior to Vista. Vista has implemented a system of User Access Control that mimics the *NIX style (SUDO). Unfortunately it's a bit on the irritating side mostly due to shotty 3rd party programming, particularly from the device market (ATI, nVidia.... tsk tsk). When Windows programmers learn to stop assuming they have the right to modify any file on my PC, the problems will decrease.

Mac's benefit from a locked down platform that has trained their programmers to be more mindful of what they are doing. This has lead to some higher quality programming that takes less liberties with the system.

[arsenal]

Quote:

Originally Posted by llama64

Kinda tangential to this, this argument only applies to versions of windows prior to Vista. Vista has implemented a system of User Access Control that mimics the *NIX style (SUDO). Unfortunately it's a bit on the irritating side mostly due to shotty 3rd party programming, particularly from the device market (ATI, nVidia.... tsk tsk). When Windows programmers learn to stop assuming they have the right to modify any file on my PC, the problems will decrease.

yah, the UAC is rather annoying. But I have just disabled it and move on.
But yes, once windows programmers figure out that they don't have free reign over the OS any more (they never should have), the UAC will drive people nuts.