Hacker writes easy-to-use Mac Trojan

[JRViejo]

Quote:

IIn a sign that hackers, like everyone else, are taking an interest in everything Apple, researchers at Sophos say they've spotted a new Trojan horse program written for the Mac.

It's called the BlackHole RAT (the RAT part is for "remote access Trojan") and it's pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There's even a YouTube video demonstration of the program that shows you what it can do.

Computerworld Article by Robert McMillan.

[twl845]

How does Sophos Free AV stack up against Intego AV for Mac? I am probably going to buy an iMac as soon as the new Lion OS comes out this Summer, and as a long time pc user, I don't buy Apple's claim that they don't get virus'. Maybe they don't..yet, but I'd rather be safe than sorry.

[chronomatic]

Quote:

Originally Posted by twl845

How does Sophos Free AV stack up against Intego AV for Mac? I am probably going to buy an iMac as soon as the new Lion OS comes out this Summer, and as a long time pc user, I don't buy Apple's claim that they don't get virus'. Maybe they don't..yet, but I'd rather be safe than sorry.

No need for AV software if you simply don't install the trojan. That article is quoting a researcher at Sophos, who has a financial interest in getting you to buy worthless AV products. Never listen to someone with something to sell when it comes to computer security.

AV has proven to be a failure even on Windows.

[m00nbl00d]

Quote:

Originally Posted by chronomatic

No need for AV software if you simply don't install the trojan. That article is quoting a researcher at Sophos, who has a financial interest in getting you to buy worthless AV products. Never listen to someone with something to sell when it comes to computer security.

AV has proven to be a failure even on Windows.

Regardless AVs being necessary or not (and I guess that depends on what users have on their hands - both O.S knowledge and knowledge on how to operate other tools), Sophos provides a free AV for the Mac.

[Someheresomethere]

With Sophos I did notice somewhat of an impact on my Mac's performance. I like ESET and Intego better, but you should try them out yourself to judge. Intego has the most experience, and a built in firewall.

[whitedragon551]

Quote:

Originally Posted by chronomatic

No need for AV software if you simply don't install the trojan. That article is quoting a researcher at Sophos, who has a financial interest in getting you to buy worthless AV products. Never listen to someone with something to sell when it comes to computer security.

AV has proven to be a failure even on Windows.

Security through obscurity is ignorant.

[twl845]

Quote:

Originally Posted by chronomatic

No need for AV software if you simply don't install the trojan.

What if you don't recognize the item as a trojan when it's presented to you?

[chronomatic]

Quote:

Originally Posted by whitedragon551

Security through obscurity is ignorant.

Explain where I mentioned security through obscurity and what it has to do with this.

Quote:

Originally Posted by twl845

What if you don't recognize the item as a trojan when it's presented to you?

Don't install untrusted software. This means don't go torrenting for software and don't search random websites. This means only install software from reputable sources (doesn't Apple have their own software repository?).

[twl845]

Quote:

Originally Posted by chronomatic

Explain where I mentioned security through obscurity and what it has to do with this.



Don't install untrusted software. This means don't go torrenting for software and don't search random websites. This means only install software from reputable sources (doesn't Apple have their own software repository?).

Right, Apple has their own brand software, and there are quite a few non-Apple companies that accept Mac. What is a random website? If you are doing a search for instance, what makes you avoid a link to what you're looking for?

[m00nbl00d]

Here's a perfect example of what a reputable source is: -http://www.eweek.com/c/a/Security/Kasperskys-Download-Site-Hacked-Directs-Users-to-Fake-AntiVirus-336193/

[chronomatic]

Quote:

Originally Posted by m00nbl00d

Here's a perfect example of what a reputable source is: -http://www.eweek.com/c/a/Security/Kasperskys-Download-Site-Hacked-Directs-Users-to-Fake-AntiVirus-336193/

That's pretty humorous. But it goes to show how important the digitally signing of files are. Such a "redirect" could have been made moot if people checked sigs on the files they download (of course it helps if developers actually sign their software).

[funkydude]

You forgot the part where you may have to pay before you download the software in the first place. Services such as ClearCloud and SmartScreen would protect you from viewing the page itself.

[m00nbl00d]

Quote:

Originally Posted by funkydude

You forgot the part where you may have to pay before you download the software in the first place. Services such as ClearCloud and SmartScreen would protect you from viewing the page itself.

I actually gave an example not so long ago regarding a fake Malwarebytes Anti-Malware. People first would need to go through a phishing scam, and then download the supposed to be Malwarebytes Anti-Malware application and even more rogue crap, once they paid all that.

The UI was the real one actually; the one in the phishing website, that is. After I provided this, it was taken down by Malwarebytes team. Just a drop in the ocean, though.

People also forget about malware using stolen digital signatures. A digital signature by no means is a sign that an application is trustworthy. I may be wrong, though.

[m00nbl00d]

Quote:

Originally Posted by chronomatic

That's pretty humorous. But it goes to show how important the digitally signing of files are. Such a "redirect" could have been made moot if people checked sigs on the files they download (of course it helps if developers actually sign their software).

Not that humorous. I'd say that humorous is the fact Kaspersky got hacked more than once. I guess they were caught unguarded.

[J_L]

If you're connected to the internet or any other devices, there's always danger lurking somewhere. Doesn't matter which OS you run.

[twl845]

Quote:

Originally Posted by J_L

If you're connected to the internet or any other devices, there's always danger lurking somewhere. Doesn't matter which OS you run.

Exactly. So it might be a good idea to use an AV in your Apple OS. It's like having flood insurance a mile from the river.