Thursday, October 27th 2011

Secure Apple Macs Fall Prey To Linux DDoS Trojan

For years Apple Mac users have felt smug that their computers didn’t need any security software installed, unlike their poor Windows counterparts which were always coming down with a cold. This they believed is because their beloved operating system is inherently more secure than leaky old Windows (which it used to be). This smug feeling has been especially strong over the last decade, since the release of Mac OS X in 2001, as it's based on Unix which has always had security baked into it. They therefore felt safe from the multitude of viruses, keyloggers, trojans and various other nasties that the bad guys like to infect operating systems with. However, there have been successful attacks in the past on every Apple Mac operating system since the first one in 1984, just nowhere near the number of attacks as on Windows. Of course, what Windows users, Linux users and other OS users have also been saying for years is that Apple's operating systems simply weren't popular enough to bother with and aren't particularly secure. After all, the hackers do this for fun and financial profit, so why aim for a little teeny tiny target, when you can aim for a big, fat one like Windows?

Well, Apple's OS certainly has increased in popularity somewhat since the debacle that was Windows Vista and hence is now a larger attack target than before, attracting more attention from criminal hackers. This appears to be dispelling the myth that Mac OS X is "secure", what with the latest malware attack. This new kid on the block is a trojan called "Tsunami", which has now been discovered on infected Mac OS X systems. What makes this particular malware different is that it appears to be a port of all things, of a Linux DDoS trojan called Troj/Kaiten. This little beauty herds infected Apple computers into a botnet which DDoS's whatever victim website the criminal hackers choose to instruct it to, using an IRC channel. Lovely.

Graham Cluley of Sophos, has taken this trojan apart and shown how it can be instructed to attack any website. He has reproduced the code snippet below:

He then says:
The big question, of course, is how would this code find itself on your Mac in the first place? It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website.

But remember this - not only is participating in a DDoS attack illegal, it also means that you have effectively put control of your Mac into someone else's hands. If that doesn't instantly raise the hairs on the back of your neck, it certainly should.

So, it sounds like this nasty requires a little bit of social engineering to get on the machine, like many do for Windows. However, that hardly sounds like a challenge does it, given the general lack of basic technical skills and security knowledge of ordinary computer users? The Apple ones perhaps even more so, as the platform is designed for "ease of use" and aimed specifically at people who are not tech savvy at all and want a computer "that just works". They'll have no idea why their beautiful Mac inexplicably runs slugglishly and unstably, with their ISP possibly disconnecting them for the garbage pumped out by their infected Mac.

Some people reading this will make the rallying cry "Of course Sophos will say it's vulnerable, they have a product to sell!" and they have a point. However, this doesn't take away the fact that threats to the Mac platform are real, out there and growing. Even if a Mac user doesn't want to run security software they should still practice safe computing habits, which is just another way of saying to use their common sense.

A short and interesting history of Apple malware can be found at this Sophos article.Source: Sophos
Add your own comment

60 Comments on Secure Apple Macs Fall Prey To Linux DDoS Trojan

#1
Moose
"It just works" is the biggest fail of a slogan that a company has had the stupidity to make. "You can't configure me" would be more better.
Posted on Reply
#2
timta2
The information is from Sophos, who relies on fear in order to sell their products. I've yet to see any Mac malware that in the the real word is a threat. You aren't going to trick me into typing in my system password to install your malware. Try again.

In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
Posted on Reply
#3
pantherx12
It's always just been a case of market share anyway, if macs had windows market share they'd have plenty of viruses.
Posted on Reply
#4
xBruce88x
by: timta2
The information is from Sophos, who relies on fear in order to sell their products. I've yet to see any Mac malware that in the the real word is a threat. You aren't going to trick me into typing in my system password to install your malware. Try again.

In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
Well... many, if not most, of us at TPU that use windows do not fall into that 99%, sorry.

Though qubit could have worded it differently... say for example instead of... "For years Apple Mac users have felt smug that their computers..." He could put "For years many Apple Mac users have felt smug that their computers..."

moose has a fair point.

and pantherx12 as well, If Mac or Linux computers were as widespread as Windows PCs, then there'd probably be just as many hackers, etc, using those systems or attacking those systems.

The more you have, the more likely someone will want some of it (or mess with it in some way)

Regardless, thanks for the info qubit, Mac users should appreciate the heads up. Many Mac users may be used to software simply being safe to use on their OS, so seeing this may at least teach them to have some caution with 3rd party apps and such.
Posted on Reply
#5
Freedom4556
by: timta2
In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
I think you typified the smugness perfectly. :laugh:
Posted on Reply
#6
Damn_Smooth
The first rule about Apple having viruses, you don't talk about Apple having viruses.
Posted on Reply
#8
Breit
by: timta2
...

In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
if you think of yourself as one of the 'more (technically) skilled' mac users, than perhaps its just lame to compare yourself to the average user of the opposing team. just take the challenge and compete to the 'more (technically) skilled' windows users and see if thats gonna work out... :rolleyes:
otherwise its just a stupid meaningless phrase.

good fight, good night!
Posted on Reply
#9
Inceptor
by: timta2
In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
Yes, there ARE some Mac users who can make nearly every member of this forum look like technical idiots...but they're extremely rare.
And there ARE Mac users who are much more technically literate and knowledgeable than the average 'just works' Mac user... but they're very uncommon and much smaller in number than PC 'enthusiasts'.
And there ARE Windows PC users who are just as much technical morons as the average Mac users that are made fun of on forums like this... and they're just as common as the uninformed Mac users. Some of them even sign up for membership here and ask silly questions. Just as their Mac counterparts do on Mac forums.

But I'll say this, as the owner of an old Gen 3, Revision 1 Macbook that has gone back to PC and Windows 7:
OS X has its ease of use, dumbed down, pluses, but even with the extra features not normally loaded in a normal OS X install, it lacks the granularity of even Windows, not to mention Linux.
If you're using OS X simply for ease of use and actually doing something productive with it, like coding, or content creation, good for you. But for anything else, really, It's better to use Windows or Linux on a desktop or workstation. Even if you run into the occasional snafu, it's a learning experience and will teach you something about your system and about the Windows OS, even old hoary DOS, that will stand you in good stead in the future. It's the 'what doesn't kill me, makes me stronger' learning mode. This is why Mac users are denigrated.

Really, Macs being targeted for trojans and botnet roundups, it's kinda lame isn't it though?
The cluelessness of the Mac user to actually click on something that installs the thing is what makes it worthwhile to even attempt.
With Windows XP users, it's just a case of an insecure OS and hundreds of millions of OS installs, the probability of corralling a sufficient number of systems for a large botnet is much higher and much easier to do.
That says quite a bit about the perceived and demonstrated knowledge of Mac users, no?
Posted on Reply
#10
xtremesv
by: timta2
The information is from Sophos, who relies on fear in order to sell their products. I've yet to see any Mac malware that in the the real word is a threat. You aren't going to trick me into typing in my system password to install your malware. Try again.

In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
I can notice the sarcastic tone on qubit's writing but he has a very plausible point.

I can say that I know both Windows and Mac users and even the less tech savvy ask me to install an antivirus on their Windows PCs. On the other hand, most Mac users always reply they don't need antivirus software.
Posted on Reply
#11
95Viper
Oh Wow! I can see where this thread is heading!

[spoiler][/spoiler]

Back on topic:

Apples, Macs, OSX boxes, or whatever you call 'em, can and do get viruses, not that many out there, but Apple is always plugging vulnerabilities in that O/S, too.

This is just my opinion and, yes, I have used Macs before... And, I, personally, was not impressed.
Apple has the "Deny everything, also, don't mention it and it never happened" attitude.
And, the fan(atic) base follows and drinks the Kool-aid. They will not accept anything, other than, they are the elite, with a Teflon operating system.

It is funny though, even your precious Apple recommends you may want to run an anti-virus program:eek:, see Mac OS X 10.7 Help > Protect your computer from harmful applications

Quote from the page:
Here are some tips to protect your computer from harmful applications.

Never download unlicensed or “pirated” software from the Internet.
Accept only applications you receive from a known and trusted source.
Run an antivirus program if you find any suspicious files or applications, or if you notice any suspicious behavior on your computer.
To reduce the amount of exposure to harmful applications or files, limit the number of administrator accounts you create. Consider creating a user account for your daily work and use the administrator account only when you need to install software or administer accounts.
If you enabled the root user and you don’t currently need it, disable it.
No O/S is 100% virus/trojan/worm/idiot proof, eventually, someone, somewhere, will try to ruin your happiness and try to make of dollar of the situation.

Oh, by the way, I see what you did here Q.:rolleyes:
Posted on Reply
#12
CJCerny
First Mac wasn't released until May of 1984.
Posted on Reply
#13
mediasorcerer
macs have there uses,i once needed a new boat anchor for my....just kidding,so long as we have "choices" i dont see the problem,ive had a few macs before and mostly they are good machines,if not overpriced and non configurable like windows,but taking sides? your really buying into the left/right paradigm when thinking in that kinda framework,and thats exactly how the market caters too your idealised perceptions,by coercing or encouraging the consumer to "take sides",
personally,i buy out of that,and just go with-whatever makes me happy,regardless of "brand".

as for security flaws,macs have always had them,all computers do,even fones,i may get another mac laptop in the future,for my foto/video editing on the fly etc,i get the best of both then,whats wrong with that?
thanx for article too.
Posted on Reply
#14
xBruce88x
hmm... i have that 1984 mac os emulated on my deskop... its fun to play with from time to time
Posted on Reply
#15
qwerty_lesh
I don't want to live on this planet anymore.
Posted on Reply
#16
bill_d
next up apple patents the firewall
Posted on Reply
#17
DonInKansas
Apple Macs? As opposed to PC Macs? Maybe Big Macs? :roll:
Posted on Reply
#18
eidairaman1
Never Liked Macs- too confusing to use, even more confusing to fix

Last Apple Product I enjoyed was the IIE.
Posted on Reply
#19
jmcslob
I for one would like to see a coalition of Hackers get together and do nothing but harass & infect MAC users....

Just for the LuLzzz...
Posted on Reply
#20
DaedalusHelios
by: timta2
The information is from Sophos, who relies on fear in order to sell their products. I've yet to see any Mac malware that in the the real word is a threat. You aren't going to trick me into typing in my system password to install your malware. Try again.

In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
Well to be honest, qubit is right. I have used macs since 1998 and the "Apple community" has changed quite a bit over the years. It went from arrogance to out right ignorance. There are exceptions to all harsh generalizations so timta2 might be an exception despite the wild claim to be possessing "more technical experience than 99% of the Windows PC users". Just how would you quantify your technical experience to be that level? :confused:
Posted on Reply
#21
bothaus
In all fairness, Sophos Mac AV is completely free for home use. So the motivation is quite nil except for mindshare. Virus' can hit Mac's, they can hit anything that reads out code. But every Month I service 400+ Mac's, maybe more, for the last 10 years and I have never, ever seen a virus on a Mac unless I put it there. People always say they have one but in the end it is something completely different. But no-one should start a fight with their guard down. Mac users are like Apollo Creed in Rocky IV. Drago is around the corner.
Posted on Reply
#22
entropy13
Blasphemers! The Almighty Mac is infallible! The Holy Apple are invincible to such underhanded methods! Such baseless accusations of weakness from heathens does not serve them well, only causing them to solidify the fact that they are infidels! Those liars must burn! Death to the non-believers! Glory to Apple! Hail Steve Jobs! Hail, Apple Triumphant! Hail, Apple Magnificent!
Posted on Reply
#23
Swansen
by: pantherx12
It's always just been a case of market share anyway, if macs had windows market share they'd have plenty of viruses.
yeah basically right, i think its more entertaining that everyone overlooks something this common.

also, the mac OS is based more-so on BSD. of which, i remember a hack fest no so long ago, to which apples os came in last, over windows and linux.
Posted on Reply
#24
qubit
Overclocked quantum bit
by: CJCerny
First Mac wasn't released until May of 1984.
Yes, quite. I meant to say "Apple". Thanks for the correction. :toast: Now fixed.
Posted on Reply
#25
dorsetknob
by: Damn_Smooth
The first rule about Apple having viruses, you don't talk about Apple having viruses.
not quite true

""The first rule about Apple having viruses, is Apple deny and don't talk about Apple having viruses
:rockout::rockout::banghead::banghead:
Posted on Reply
Add your own comment