The Original Gay Porn Community - Free Gay Movies and Photos, Gay Porn Site Reviews and Adult Gay Forums

  • Welcome To Just Us Boys - The World's Largest Gay Message Board Community

    In order to comply with recent US Supreme Court rulings regarding adult content, we will be making changes in the future to require that you log into your account to view adult content on the site.
    If you do not have an account, please register.
    REGISTER HERE - 100% FREE / We Will Never Sell Your Info

    PLEASE READ: To register, turn off your VPN (iPhone users- disable iCloud); you can re-enable the VPN after registration. You must maintain an active email address on your account: disposable email addresses cannot be used to register.

Trojan targets Mac users

_AJ_

_AJ_

Phantom Poster
Joined
Jun 25, 2006
Posts
3,235
Reaction score
2
Points
38
Location
Melbourne
http://www.theage.com.au/news/security/trojan-targets-mac-users/2007/11/02/1193619116211.html
Trojan targets Mac users


November 2, 2007 - 12:05PM


In a backhanded compliment to Apple, online criminals are apparently so impressed with its scorching sales they are sending Macintosh computers an attack typically aimed at machines running Microsoft's dominant Windows operating system.

Symantec researchers said the websites serving up the new attack also deploy a Windows version.

"For a while Mac users have enjoyed the benefits of being a small enough population that hackers didn't go after them directly - that's obviously now changing," said Ben Greenbaum, senior research manager at Symantec Security Response.

Lynn Fox, an Apple spokeswoman, said the company knows about the threat and urges Mac users to be careful about where they download things from.

"Apple has a great track record for keeping Mac OS X users secure, and as always, we encourage people to install software only from trusted sources," she said in a statement.

Online porn-hunters are the intended victim of the latest ploy, in which visitors to certain explicit websites are led to believe they're downloading a free video player when in fact they're installing malicious code onto their Macs.

Once the user authorises the transaction, the fraudsters can redirect his future browsing to fraudulent websites and possibly to steal his information or passwords or simply send ads for other pornographic websites and rake in advertising US dollars.

For example, a person using an infected computer may thinks he is going to online auctioneer eBay or its PayPal electronic payment division but actually be directed to a site that looks legitimate but exists to purloin personal information.

The attack does not target a vulnerability in the Macintosh operating system.

Instead, it requires a user to approve the download, then enter his computer's administrator's password to continue, operations that raise red flags among sophisticated computer users.

Symantec researchers said the Trojan used in the attack is a rejiggered version of one that's been around for a couple years and requires that victims fall for a social engineering trick to work.

Security researchers at Intego, which makes Macintosh antivirus software and discovered the scheme this week, said it underscores the mounting threats to Mac users as the machines grow in popularity.

Windows machines still dominate the PC market, but Apple, which for years commanded just 2 to 3 per cent of the U.S. market, has now grown to command an 8 per cent chunk, according to market researcher Gartner Inc.

"This is the first really malicious criminal malware (for Macs)," said Intego spokesman Peter James. "We've seen some proof-of-concept malware, we've seen some worms, but this is different."

AP
Click to expand...
 
The attack does not target a vulnerability in the Macintosh operating system.

Instead, it requires a user to approve the download, then enter his computer's administrator's password to continue, operations that raise red flags among sophisticated computer users.
Click to expand...

That pretty much sums up the entire article... This targets stupid users. This doesn't pose as big of a threat as do the many Windows trojans that don't require any unusual user interaction to be installed.
 
it's kinda a phishing trojan. i do believe you have to enter your sysadmin pw as well when you want to really install a new codec. (i read another article which said that it's not a video player but a box said that the video's codec is not supported and that you need to install a new one)
 
I thought this was going to be about condoms.

I had the thought "good, we don't need them reproducing."

:badgrin:
 
dfwjacker said:
That pretty much sums up the entire article... This targets stupid users. This doesn't pose as big of a threat as do the many Windows trojans that don't require any unusual user interaction to be installed.
Click to expand...

sheep said:
Leopard should take care of security issues.

http://www.macintouch.com/leopard/firstlook.html#security

Scroll down to the Security section of the article.
Click to expand...

typical response from a mac user stick your head in the sand and pretend its a non issue

also those "new" security measures look alot like vista security changes
 
_AJ_ said:
typical response from a mac user stick your head in the sand and pretend its a non issue

also those "new" security measures look alot like vista security changes
Click to expand...

Actually, I'm a Linux user because security is important to me and yes Mac OS happens to be more secure than any flavor or Windows.

But I guess to you, us Linux and Mac users have our heads buried in the sand while Windows users enjoy all that security. :rolleyes:
 
AJ, what I thought dfwjacker was implying is that no matter what OS you use, if just a little common sense is exercised whilst surfing, many wouldn't become infected.
 
dfwjacker said:
Actually, I'm a Linux user because security is important to me and yes Mac OS happens to be more secure than any flavor or Windows.

But I guess to you, us Linux and Mac users have our heads buried in the sand while Windows users enjoy all that security. :rolleyes:
Click to expand...

i know you are a linux user sorry my response wasn't clear but what i meant was that it seems that whenever there is a problem with a non windows system it is easily explained away and implied that you couldn't be so stupid yet a similar virus on my vista pc would bring up UAC which makes a much bigger deal of things by blacking out the screen showing exactly the program trying to run the company who made it location on the hard drive ect.

yet i would never be so glib about something as serious as malware viruses and trojans

but hey i am sure if you close you eyes and count to 100 it will all be good :rolleyes:

oh and i have to disagree with one thing you said liam i believe the implication was if you use common sense on any platform excluding windows you can say i am wrong if you like but there is no way he would post this if it were for windows and you had to jump through hoops to get the trojan on your computer
 
In order for a Mac user to be infected with this trojan, he must first visit a porn site and click on a booby-trapped video. Then, a window pops up telling you that you lack a certain video plugin, and asks if you want to download it. If you click OK, your Mac will download a disk image that contains the trojan. You then need to mount the disk image by double-clicking on it.

An installer then appears in the disk image window. The Mac asks for your administrator password. If you enter the administrator password and double click on the disk image to install it, then you're infected.

The trojan still does not damage the Mac OS, but it changes some network settings to redirect your web browser to fraudulent sites set up to trick users into surrendering personal information. The user must then enter his credit card and bank account information on the fraudulent site in order to suffer damage from this trojan.

This trojan is not a security risk in the sense that it demonstrates some weakness in the Mac's security. Any OS can be damaged by logging in as an administrator and changing basic system settings. To suggest this trojan demonstrates a security risk in the Mac OS is absurd.

*nix users don't need to worry about things like automatically getting infecting with malware, just by visiting a certain web site, and without clicking on anything at all (like the animated cursor vulnerability in Vista). *nix OSs are designed to be secure.
 
noelie said:
:corn: :corn:
Click to expand...
Pass some yonder.

Care for a Schlitz?

240382.jpg
 
sheep said:
Leopard should take care of security issues.

http://www.macintouch.com/leopard/firstlook.html#security

Scroll down to the Security section of the article.
Click to expand...

Leopard (nor any future version of any OS) will not "fix" this issue. The method of attack requires a user to first download and then install (while providing their password) a malicious program. A user will be able to do this on any OS (otherwise how would you install things?).

User education is the only solution for this.
 
dfwjacker said:
That pretty much sums up the entire article... This targets stupid users. This doesn't pose as big of a threat as do the many Windows trojans that don't require any unusual user interaction to be installed.
Click to expand...

I guess I am a stupid user and find your comments extremely helpful, thank you!
 
There is and never will be a cure for human stupidity.

But the fact remains that, under the default security settings, it is still much harder for viruses and trojans to propagate under Mac OS than it is under windows.
 
You must log in or register to reply here.
Back
Top