Sophos identifies a trojan for OS X

Feb 28, 2011 by Katie Gatto weblog
Sophos identifies a trojan for OS X

(PhysOrg.com) -- Macs have, for the most part, been considered to be more secure than their PC counterparts due to the lack of developments of viruses and other malicious codes that are created for them. Most of the authors of malicious code are playing a numbers game, in order to get the best results they need to hit the largest number of machines possible with each piece of code. As Mac operating system-based machines have become more and more popular, they have become increasingly attractive to the writers of malicious code.

A team of security researchers working at Sophos have identified a trojan that is set up to exploit a in Mac OSX.

The code, known as "Remote Access " or "Blackhole RAT" for short is currently unfinished, but is expected to be a Mac based version of the Windows RAT known as "darkComet". If that is the case, then Blackhole Rat will allow hackers to send commands remotely.

The commands issued from this type of trojan may give the person running the code the ability to pop up a fake "Administrator Password" window in order to perpetrate phishing styles of attack against a target. The software might also be able to be used to add files to the system, or send remote commands such as: restart, shutdown or sleep command to the Mac.

Currently the site for the trojan is very basic, with a mix of text in English and German, but the site does promise that there are upgrades to the software coming in the future. No specifics have been given, all of site would say is that "much more functions" will be released when the final product out.

Explore further: Microsoft expands ad-free Bing search for schools

Related Stories

Energizer Duo battery charger hides a Trojan

Mar 09, 2010

(PhysOrg.com) -- The Energizer Duo USB battery charger has been hiding a backdoor Trojan in its software that affects computers using Windows. According to Symantec the Trojan has probably been there since ...

Virus sends costly messages from Android phones

Aug 11, 2010

Mobile security firm Lookout on Tuesday warned that a booby-trapped Movie Player application is infecting Android phones in Russia with a virus that sends costly text messages.

Apple's Boot Camp Now Supports Vista

Mar 30, 2007

The Mac maker will now support Microsoft's newest OS, as well as XP, with its Boot Camp software, which allows Windows to run on its Intel-based machines.

Recommended for you

Microsoft expands ad-free Bing search for schools

Apr 23, 2014

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

User comments : 24

Adjust slider to filter visible comments by rank

Display comments: newest first

Burnerjack
2.3 / 5 (8) Feb 28, 2011
The indusrty as a hole really need to get a handle on this problem.
Virus writers need to be hunted down ...and killed.
paulthebassguy
3.7 / 5 (7) Feb 28, 2011
I'm not trying to be sadistic or anything but I really would like a virus to come out for Mac OS, just to see the looks on the faces of all those trendy mac fanboys who are always so smug when they point out that their operating system is more secure than windows.
Skeptic_Heretic
3 / 5 (4) Feb 28, 2011
There are really only 7 heuristic vectors for system infiltration, of any OS. No OS is truly immune.
axemaster
5 / 5 (5) Feb 28, 2011
Virus writers need to be hunted down ...and killed.

Yeah, because your computer is more important than someone else's life.
nada
5 / 5 (2) Feb 28, 2011
I'm not trying to be sadistic or anything but I really would like a virus to come out for Mac OS, just to see the looks on the faces of all those trendy mac fanboys who are always so smug when they point out that their operating system is more secure than windows.


Your hatred of Mac is misplaced because Apple DID NOT write os-x. OS-X is BSD modified. There will never be the same kind of free for all for viruses on BSD/Linux like there is for Windoze.
nada
3.2 / 5 (5) Feb 28, 2011
There are really only 7 heuristic vectors for system infiltration, of any OS. No OS is truly immune.


Correct. No OS is immune - however Windows is like a house with no locks and just signs that say "We're secure!". BSD/Linux is like a house that "can be" locked very tight.

Still skeptical? Consider this: The default file mode for ALL windows files is "executable". That stupidity is pervasive in every feature of WIndows. More importantly, MS doesn't really care - they don't have to. Afterall they STILL allow web sites to invoke active X code that can modify system files. Still. after all these years. How much do you care when you continue to allow that?

Unfortunately, the price of security is knowledge and most consumers just want a toaster - and that's what windows is - a toaster. BSD/Linux takes effort and time to learn and secure. I for one am fine with that as that will make it less of a target for the bad guys.
sv87411
5 / 5 (3) Mar 01, 2011
This article could of course just be a bit of free advertising for Sophos and nothing more.

A quick scroll to the bottom of the original article confirms this "Fortunately our products can detect and remove Trojans like this, and for home use they're free! If you would like to install Sophos Anti-Virus for Mac Home Edition, click on the banner below."

Free to download, but not free to run. All antivirus software consumes your computer's hardware resources - disk, memory, processer time - you bought these things and are now allowing them to be used to "protect" yourself from the viruses that the anti-virus companies tell you about. In the most part as long as you are knowledgeable and careful - and certainly on Mac/Linux based systems - you won't be "infected".

Most (non rich) people wouldn't use their money to pay someone else to protect their home, they'd do it themselves via education and care and common sense, but they seem OK to pay others to protect their computer.
Skeptic_Heretic
3.8 / 5 (6) Mar 01, 2011
Correct. No OS is immune - however Windows is like a house with no locks and just signs that say "We're secure!". BSD/Linux is like a house that "can be" locked very tight.
Get another 4 billion people running and configuring BSD on their own and there will be little to no difference in the number of penetration attempts and successes. LINUX is not approachable for the average person, so fewer unsecure users use it.
Still skeptical? Consider this: The default file mode for ALL windows files is "executable".
Entirely false.
That stupidity is pervasive in every feature of WIndows.
The default is read only and then only in versions produced prior to Win7 server 08 R2.
More importantly, MS doesn't really care - they don't have to.
Nonsense.
Afterall they STILL allow web sites to invoke active X code that can modify system files.
And if Linux was the dominant force, the same would be true of it.
peter09
not rated yet Mar 01, 2011
Any individual machine running any O/S can be compromised in the end, give enought time and effort, however the key to a successful virus/trojan is its ability to automatically go on to infect other machines and hence propogate. This is where MACs and Linux have strengths compared to windows; due to their inherent variability in configuration and inbuilt (not bolted on) security its much more difficult to spread malware to these O/S.

The idea that Linux for instance does not present enough targets is not true. Most servers run Linux, and cracking servers would be much more profitable for the virus writer than a users desktop. Currently there are no known viruses infecting Linux in the wild.

I cannot comment on Windows 7 but previous versions of Windows were demonstrably wide open.
bugmenot23
2 / 5 (4) Mar 01, 2011
"skeptic_heretic" pathetic attempt at a counter argument. first go into explorer tools folder options and the view tab, and unhide file extensions. then take a file that is a document eg a jpg or pdf, and rename the extension to .exe then double click on it. it will execute. under linux you would have to change the file attributes to give it the permission to execute. also under linux when you download an executable file (a binary or script or even a windows exe to run through wine) you have to manually give it the permission to execute. this small inconvenience is a matter of a couple of clicks in a contempory linux desktop, but obviates the vector of quite a number of the most successful windows malware. (i'd almost call them trojans cause you have to eg. click the email extension but i think some eg. melissa? have been widely called viruses)
Skeptic_Heretic
5 / 5 (2) Mar 01, 2011
bug, the default attribute is determined by the file extension and the extension handling subset within the OS.

Linux doesn't use an extension handling subsystem.

You're talking about specifically manipulating the system by folling it with a file name. That is not a default "all files are executable". The term you would be looking for, on the windows side, would be modifiable.
El_Nose
2.3 / 5 (3) Mar 01, 2011
most people are wrong about windows knowadays -- windows is actually a VERY secure OS -- but it has one HUGE issue -- you basically have ot be a sys admin to know all the functions to turn on or off to make it fully secure.

Yes yes BSD being a linux based OS is very secure, and it takes a lot more to find a hole in its security but there are plenty of viruses for Mac's most are exploits that have nothing to do with the OS ...but hey if you feel safe with a overpriced computer that locks you into not only propietary software but propritary hardware that is also overpriced because of its limited market ...have fun with it
krundoloss
2.3 / 5 (3) Mar 01, 2011
Everyone wants to knock Windows, but their weaker security model exists because they NEED it to be compatible with thousands of software packages and millions of websites. Its what makes the world go round. Linux is waay too hard to use, every time I try to give linux a go, I find myself reading for hours on how to do something that is easy and natural to do in Windows. And in the end, I have all this knowledge of a system that is not relatable and standard, as in, I cant help Grandma with her New Windows 7 laptop becuase I have been messing around with obscure Linux Driver configurations or trying to use some obscure free software. Why learn something that no one uses? Id rather learn what everyone else uses.
El_Nose
1 / 5 (1) Mar 01, 2011
I know my previous statement is going to get slammed so before you rate me a 1 read this www edibleapple.com/apple-asks-security-experts-to-examine-os-x-lion
El_Nose
not rated yet Mar 01, 2011
@krundoloss

if you are having trouble with linux get a user friendly version of linux susch as Ubuntu -- it is very much like windows in style and feel and they have done a lot to (excuse the expression) dumb it down a little. Linux is made for and used by CS, math, and pysics majors. It is our perfect platform. It really is not for everyone to use, becuase its basic tool set is for text and file manipulaiton that most people have no need for in there daily lives.

Cygwin is an excellent starting point if you need linux tools on your PC -- such as the grep command.

I highly recommed Ubuntu to the average lay person to start using linux -- and you are right, it has a steep learning curve - but since i have started using it more and more i find man pages very readable and straight to the point.
sherriffwoody
not rated yet Mar 01, 2011
join the mac-lash, its about time people learned apple, the dark side
frajo
1 / 5 (1) Mar 02, 2011
Yes yes BSD being a linux based OS is very secure
Please have a look at the history table:
upload.wikimedia.org/wikipedia/commons/5/50/
Unix_history-simple.png .
frajo
1 / 5 (1) Mar 02, 2011
Afterall they STILL allow web sites to invoke active X code that can modify system files.
And if Linux was the dominant force, the same would be true of it.
[1] No. Only if additionally Linux would be proprietary, closed source without armies of volunteers eager to hunt down any exploit.

[2] In the world of personal computers, pragmatism rules - not theory. Otherwise MS never would have become what is.
J-n
3.5 / 5 (2) Mar 02, 2011
For those who are a bit uninformed who state that few people use linux therefore it would be stupid to infect with viruses, please understand the following.

1. the Majority of the worlds web servers and data servers are run on linux or unix based operating systems. That means the website you are viewing right now is most-probably running on a linux based OS.

2. The best way to get Credit card numbers, SSNs, and other profitable personal information is to acquire them from the servers as the data is stored there in large files. On people's personal computers there is often only 1 set of this data, where on a server it could be hundreds of millions of data sets.

The issue of security on linux has very very little to do with the raw numbers of people using the software. Every person on this site uses linux indirectly. I would also argue that data thieves would rather have the data located in PayPal's databases than the data from 10,000 individual computers.
frajo
1 / 5 (1) Mar 02, 2011
That means the website you are viewing right now is most-probably running on a linux based OS.
The PhysOrg server is running CentOS Linux with Apache 2.2.3. See netcraft.com.
El_Nose
not rated yet Mar 04, 2011
frajo you gave me a one and then your posts seems to coorelate to what i said ;-S i am very confused.

to be clear I am stating that the Apple OS is not the most secure OS. In fact it programs are not always written in a secure manner.

My support : google the pawn to own contest or google Charlie Miller

CM basically gained root access on a Mac using Safari in about 8 seconds. Every year this contest goes on and Mac has been losing...

So far as far as browsing is concerned Windows 7 with IE8 or Chrome --with no Flash installed -- is considered the safest combo for browsing the web.

You don;t have to agree go check it out for yourself
J-n
not rated yet Mar 04, 2011
I still figure my ubuntu box with FF and Noscript running works pretty nicely.
frajo
1 / 5 (1) Mar 04, 2011
frajo you gave me a one and then your posts seems to coorelate to what i said ;-S i am very confused.
That was just because of the incorrect "BSD being a linux based OS".
Maybe I was a bit harsh and "4" would have been more appropriate.
Larry_Threatt
4 / 5 (1) Mar 06, 2011
BSD != Linux, its more a Unix Flavor Btw.

More news stories

Brazil enacts Internet 'Bill of Rights'

Brazil's president signed into law on Wednesday a "Bill of Rights" for the digital age that aims to protect online privacy and promote the Internet as a public utility by barring telecommunications companies ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

US urged to drop India WTO case on solar

Environmentalists Wednesday urged the United States to drop plans to haul India to the WTO to open its solar market, saying the action would hurt the fight against climate change.

FDA proposes first regulations for e-cigarettes

The federal government wants to prohibit sales of electronic cigarettes to minors and require approval for new products and health warning labels under regulations being proposed by the Food and Drug Administration.

Vermont moves toward labeling of GMO foods

Vermont lawmakers have passed the country's first state bill to require the labeling of genetically modified foods as such, setting up a war between the behemoth U.S. food industry and an American public that overwhelmingly ...