Macworld Forums

You need to be logged in to be able to post and reply to messages

A place to talk about Mac technology, industry trends and general technology.

Macworld Forum tips - Please read! Please also remember that when you register with the Macworld Web site in order to post on our Forums you have agreed to our Terms & Conditions and Forum Rules.

Forum Home

Mac industry views and opinions
Author:	Topic: Re: Well we knew it would happen 2
DESIGNADE Member
	Posted: Thu, 16 Feb 2006 11:13AM	Email Print Text-only View thread
	AlanAudio, Your spot on Alan; unfortunately the default, and therefore the option used by most novice users/switchers, is to set-up and use an admin account. It'll be interesting to see Apple's response. Ade
	Posts: 247 \| Location: Tunbridge Wells, United Kingdom \| Registered: Sat, 28 Feb 2004 \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
J.P. Member
	Posted: Thu, 16 Feb 2006 11:43AM	Email Print Text-only View thread
	DESIGNADE, There is limited stuff Apple can do about that kind of trojan, if you can make people run an application it's very hard to protect against it. OS X doesn't autorun files which is a great start, but trojans are user problems. If I wrap "rm -rf /" in a nice script, call it free porn and drop it on a website. Then when it runs get it to ask for admin privileges it'd be a pretty nasty trojan, but there aren't many ways to protect against that. JP. Apple Certified System Administrator The Mac Place - Macintosh Support, Consultancy, & pithy Mac blog
	Posts: \| Location: UK \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
andybarton Member
	Posted: Thu, 16 Feb 2006 01:57PM	Email Print Text-only View thread
	J.P., It has a name, so it must be official Leap-A http://www.sophos.com/virusinfo/analyses/osxleapa.html Time to get the Virex updated....
	Posts: 3199 \| Location: , United Kingdom \| Registered: Wed, 03 Jul 2002 \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
J.P. Member
	Posted: Thu, 16 Feb 2006 02:33PM	Email Print Text-only View thread
	andybarton, It must be an official what? It's a trojan, not a virus, and they're damn hard to protect against because they're user vulnerabilities not software vulnerabilities. If you just don't download/open dodgy files that aren't what they say they are then you're fine. This malware can't spread without user interaction, it's not particularly clandestine or clever and it doesn't have any payload. JP. Apple Certified System Administrator The Mac Place - Macintosh Support, Consultancy, & pithy Mac blog
	Posts: \| Location: UK \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
andybarton Member
	Posted: Thu, 16 Feb 2006 02:52PM	Email Print Text-only View thread
	J.P., "An official trojan", not just a wind-up on the Macrumor site. I know all the rest of the stuff, but some users aren't as clever as you. Or even me.
	Posts: 3199 \| Location: , United Kingdom \| Registered: Wed, 03 Jul 2002 \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
J.P. Member
	Posted: Thu, 16 Feb 2006 03:06PM	Email Print Text-only View thread
	andybarton, The thing with this particular trojan is it would need an awful lot of very unaware users, running Tiger, to gain any traction. The fact that virtually no-one has the file is a pretty big help as well. It just doesn't have a good transmission path There is one thing that Apple could do to add an extra warning, which is to make ~/InputManagers a special case as far as permissions go so it flags up for a password (or even deprecate ~/InputManagers) but in the end that's still just an extra warning. JP. Apple Certified System Administrator The Mac Place - Macintosh Support, Consultancy, & pithy Mac blog
	Posts: \| Location: UK \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
BigRedX Member
	Posted: Thu, 16 Feb 2006 03:48PM	Email Print Text-only View thread
	J.P., There's a good level headed analysis of this trojan in this thread at Ambrosia “Richard, Roger, Rodney, Rastus, Raoul, Roderick, Randy, Rupert”
	Posts: \| Location: , United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
Cyber skiver Member
	Posted: Thu, 16 Feb 2006 03:56PM	Email Print Text-only View thread
	DESIGNADE, Copied from elsewhere beacause it might be useful: For anyone using the first account they created when they installed OS X, it's time to put a stop to that right now, because you have the rights to change a whole bunch of important stuff like your applications that don't require becoming root. You're in the admin group, and that's a lot of power all by itself. A good idea, right now, would be to go into your system Preferences, into Accounts, and create a new user. Turn on the "Allow user to administer this computer" check box, then log into that account and make sure it works. Once you're satisfied that the new account works and that you've remembered the password, turn off the "Allow user to administer this computer" check box for your own regular account. From then on, use the new account to install software, run System Update, etc. Use your now-demoted regular account for your regular daily computing. A declawed account can still do some things that don't require special privs, like delete your own user files or send malware out to other computers. It will, however, keep your system reasonably safe from unintended modification. edit: One last bit: Check the files in your Applications folder, even after declawing, and see if you are listed as the owner of any files. If you are, log in with your new admin account (fast user switching is a help here) and change the ownership to the system or that admin user ----------------- But for situations like this trojan, even that wont help a lot. > It'll be interesting to see Apple's response I don't imagine Apple can do much more than to remind people not to open files indiscriminately. To check what kind of file is being open (show extensions)... and if something which calls itself photos or doc contains something which looks like it could run as a program or application or any funny extension name.. do not open it. For this sort of things there is no other solution, assuming you want the option of choosing and installing apps. (edit: I know most people here is aware of all that. But I reckon the more it is repeated, the better)
	Posts: \| Location: , United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
DESIGNADE Member
	Posted: Thu, 16 Feb 2006 04:08PM	Email Print Text-only View thread
	Cyber skiver, Thanks CS. All good advice; seems like a lot of hassle, but worth it. Ade
	Posts: 247 \| Location: Tunbridge Wells, United Kingdom \| Registered: Sat, 28 Feb 2004 \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
AlanAudio Global Moderator
	Posted: Thu, 16 Feb 2006 04:53PM	Email Print Text-only View thread
	I must admit that I can't help but be amused at the social engineering behind this Trojan. The essence is that they need to capture people's imaginations and fool them into opening and running the file. On PCs, it's done by offering them what they think is going to be porn. On a Mac, they write it only for users with the latest version of the OS and tempt them with offers of full-frontal shots of the next build of the OS.
	Posts: 2267 \| Location: United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
Cynic Global Moderator
	Posted: Thu, 16 Feb 2006 05:03PM	Email Print Text-only View thread
	AlanAudio, So Mac users, virtuous citizens or sad geeks?
	Posts: 1665 \| Location: Limbo, United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
J.P. Member
	Posted: Thu, 16 Feb 2006 05:25PM	Email Print Text-only View thread
	AlanAudio, Strange that that's targetting probably the worst demographic as far as making this thing "successful" goes; Mac geeks more than anyone else. JP. Apple Certified System Administrator The Mac Place - Macintosh Support, Consultancy, & pithy Mac blog
	Posts: \| Location: UK \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
DESIGNADE Member
	Posted: Thu, 16 Feb 2006 06:12PM	Email Print Text-only View thread
	J.P., I've read elsewhere that it's been intentionally badly coded in some areas, almost to suggest that it's a friendly wake-up call to Apple and us. I don't think huge success or damage was ever the plan.
	Posts: 247 \| Location: Tunbridge Wells, United Kingdom \| Registered: Sat, 28 Feb 2004 \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
Cyber skiver Member
	Posted: Thu, 16 Feb 2006 06:43PM	Email Print Text-only View thread
	DESIGNADE, Tend to agree. This has the smell of a "proof of concept" attack. As has been noted, it was started in sort of geeks hangout, and even there, appears mostly directed to those most insterested in being "up to date". To me it suggest either a sort of "don't be so cocky" warning or a "lets see if I can get these fellows to fall for it..." Of course there could be something nastier which hasn't come to light as yet. In the site there is one report from someone who opened the file in one of his machines, realized what had happened, deleted the file and still received an e-mail containing the trojan in another of his network machines. So it looks like one of the things it does is acces e-mail...The purpouse of the exercise might be to see how far does it spreads... or it could be leaving something behind I don't think malware has much of a future within the Mac community really. Is not just that our machines are more secure, but I do believe we are -as a group- more responsible and savvy than Windows users. And we have an OS which give us plenty of facilities to be secure..
	Posts: \| Location: , United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
Cyber skiver Member
	Posted: Thu, 16 Feb 2006 06:57PM	Email Print Text-only View thread
	Cynic, Ohh.. geeks, please, geeks... Who cares about virtuose citizens? -------- When I am sixty...I"ll dress in a maroon jumper and green trousers I'll jump the queus.. and pinch pretty girls' bottoms will be as bad tempered as I please.. and demand extra coffee for free But above all.. copy any poem I like and pretend I dont remenber someone already wrote it. (Come to think of it.. I already done that one) But, who cares? I rather be a geek than an upright citizen. so there...
	Posts: \| Location: , United Kingdom \| IP: Logged
Author:	Topic: Re: Well we knew it would happen 2
J.P. Member
	Posted: Thu, 16 Feb 2006 10:10PM	Email Print Text-only View thread
	DESIGNADE, I've heard that and it doesn't sound unreasonable. I've thought for a while that the InputManagers method was a bad idea (really, really not smart), and this comes right after the daringfireball article about them. The resource fork issue has popped up before as well. It does kind of smell like a "these bits need fixing" wake-up call, the fact that it's relatively benign does make me wonder... JP. Apple Certified System Administrator The Mac Place - Macintosh Support, Consultancy, & pithy Mac blog
	Posts: \| Location: UK \| IP: Logged
« Back 1 2 3 Last 11 Messages

MACWORLD MARKETPLACE

	LogMeIn Free - Remote Computer Access LogMeIn is a secure remote desktop software that lets you access your computers, files, and apps from anywhere on any device. Simply connect with LogMeIn Free and be free to work the way you want.
	TemplateCloud TemplateCloud.com is the design marketplace for graphic designers. You create designs, and use our software to build them into online editable templates. We sell your designs in different countries via different websites. Each time a customer uses your design, we pay you a royalty; the price is set by you.
	Amsys Amsys is recognised as the technical leader in Apple and has developed bespoke technical products and solutions to deliver class leading support to its business clients. Amsys clients can select from consultancy, integration, break-fix, recruitment, training and app development. Amsys make Apple products work for business.
	About NAD NAD Electronics has always stood out by doing things differently. Our relentless pursuit of great sound has earned us a ‘giant killer’ reputation. Every product is designed with heart and soul you can hear, emphasizing quality over quantity. We focus on the inside where it counts—and where you can hear the results.
	Sphero is a completely new type of gaming system. It's the world's first robotic ball that you control from your smartphone or tablet. You can drive Sphero, play tabletop and multiplayer games, use Sphero as a handheld controller for on-screen gameplay, and even explore augmented reality. Now with 20+ apps!
	MeteoGroup WeatherPro - the award winning weather app! Developed by professional meteorologists and providing weather forecasts for over 2 million locations with real-time, high resolution radar and satellite images, ski weather, water temperatures and more, WeatherPro is the most accurate and comprehensive weather app on the market.
	Beat the Credit Crunch - Lease your Mac from Hardsoft Hardsoft are the only 'one stop' solution for the supply and finance of I.T. to businesses throughout the UK via our regional branch offices. We are uniquely both equipment Apple Approved Reseller and licensed Credit Brokers and have tailored a solution which includes a full 3 year warranty and an equipment upgrade every 18 months.