Mac trojan "decimates" built-in OSX Security

Discussion in 'malware problems & news' started by funkydude, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    http://arstechnica.com/apple/news/2...isables-built-in-os-x-malware-protections.ars

    I guess it was bound to happen eventually?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ehh, hardly decimates their security if it still needs user permission to run.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Err, the same could be said about a user entering a UAC password to elevate, makes no difference.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes. And if a program requires UAC to elevate I would hardly say it's "decimated" Microsoft's security.

    Bypassing it via social engineering, sure. Decimating? Hardly.

    Though I would say that bypassing the win7 default UAC level is "decimating" except that I'd probably not say decimating since it isn't quite reducint it to 1/10th of the size =p but that's not the point.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You clearly only read the first sentence of the article, and not what the Trojan does after it's installed. Please read it, it's even in my quote.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    HM, this is what "decimates" implies...

     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah, great. My only point is that they shouldn't say it's bypassing the system security if it's literally not bypassing the system security. Yeah, once it gets admin it gets full reign. But it needs to get admin.

    It removes the XProtect function of updating the system against malware. But it's hardly bypassing the systems security. It can only do this once the user allows it to.

    Yeah, it's pretty bad. No, Apple's built in OSX security is not decimated.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm not saying it doesn't do this lol I'm just saying it's hardly super impressive that a program with admin access turns off the security. And it's hardly bypassing the security, it first has to be installed.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK. :D I misunderstood your post. Somehow, I believed you didn't realize the part I quoted.

    But, yes, you're right. I'd consider the security to be decimated, if the user wouldn't have to give administrator rights. Once given... You're the weakest link. Goodbye! :argh:
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    It clearly is bypassing security, (completely ignoring the social engineering part) not only does in unload it from its active state, it completely wipes it off the drive, from existence. Something AVs these days call "self-defence" I guess.

    The funny part (which you've clearly missed) is the fact that you need an AV to locate and fix the affected files, something you're "not supposed to need for a mac". Even after this, you're left without XProtect on your mac.

    This is a prime example of the "evolution" of mac malware, because a simple "definitions" update cannot fix this, as the service is completely gone, uninstalled. You'd need an update which in essence reinstalls the service, are they going to do that every month just in case someone is infected?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    So let me ask you... if I get a little popup from Comodo sandboxing a virus and I say "don't sanadbox again" and then Irun it again and the virus turns Comodo off... do you think Comodo was bypassed?

    Definitiosn update would prevent it from installing. The only time this program can "decimate" the security is after it's already been given admin rights by the user.

    No, I did not miss that. I just didn't mention it.

    In my opinion the built-in security was not broken through, it was allowed through, and then the malware protected itself by shutting down and removing a service.
     
  12. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Does it work on Lion?
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Tsunami Trojan: First Mac attack based on Linux crack

    Slips in Mac OS X backdoor, phones home

    Full article, more from Sophos, ESET and arstechnica, add breaking news link from ESET
     
    Last edited: Oct 26, 2011
Loading...
Thread Status:
Not open for further replies.