Criminals gain control over Mac with BackDoor.Olyx

Discussion in 'malware problems & news' started by TheKid7, Jun 24, 2011.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Criminals gain control over Mac with BackDoor.Olyx
    http://news.drweb.com/show/?i=1750&lng=en&c=14
     
  2. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    "Doctor Web—the leading Russian developer of anti-virus software"...
    I thought that Kaspersky is the leading Russian developer of anti-virus software...o_O
     
  3. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    They all claim they are number one. :D
     
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    +1. :thumb:
    :D :D :D
     
  5. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    +1
    :argh::argh::argh:
     
  6. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    We all know they're the number one malware creators.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Maybe it's just you.

    Currently blacklisting is still effective on Macs, but not for long (if they will become more popular).
     
  8. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Hate to blaspheme, but false.

    The MacDefender class of simple nasties was already eluding them because like most AV's, they're doing the usual file hash detection on malware and as soon as they release an update for their own detector, the guys repack what they have. Won't go into much detail about it even though they never made me sign an NDA, but I spoke to Apple's security people about a potential solution that would detect zero-day mods like we used to do with BOClean for ZLOB and many other well-funded attacks but they weren't interested.

    Dirty little secret of the AV industry: They get a sample, they SHA1 hash it and there's your signature. Change one bit and it no longer matches. :(

    I was absolutely aghast when I learned this at COMODO. It's the textbook method.
     
  9. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    @Kevin McAleavey, It's cheap and easy, and you can boast about having a 99+% detection rate in tests while providing little security. Consumers will buy everything, as long as it's marketed right.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    There can be only one!

    On topic, since this the second backdoor, it should be cherished, sort of like a pioneer collection. And maybe even produce a movie called mac backdoor 2, oh how that would sell.

    Mrk
     
  11. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Mac devices, in the not too distant future, will come bundled with a well-known antivirus program that will be a trial version.

    Opportunity knocks for AV companies struggling with a dwindling market share.
     
  12. x942

    x942 Guest

    This is why they need an emulation engine or other means of analyzing data on the fly (most AV's do this Avast etc.). Down side is it usually is disabled by default and it takes loger to scan the file. HIPS are great addition to an AV.
     
  13. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    I'm of the opinion that AV's are *so* 1980's and are obsolete. HIPS is getting there too since Apple's OS has more holes in it than Windows from what I've seen of its innards while studying possible solutions for them. They've been VERY lucky. My proposal to them was an entirely different direction that would suit their different culture.

    AV's and the messy world of OS' is the reason why I embarked on the whole KNOS thing two years ago. Imagine not even needing an AV or any of that in the first place? Apple, like KNOS, is based on BSD - the difference is that they decided to fork off on several other paths too and that is what is leaving them vulnerable now. But I suppose they're going to go the windows route with AV's instead. KNOS works on Apple machines, so it's all good. Here in our world we have PC's and fruits, and they all run on KNOS.
     
Loading...
Thread Status:
Not open for further replies.