Thursday, October 27th 2011
Secure Apple Macs Fall Prey To Linux DDoS Trojan
For years Apple Mac users have felt smug that their computers didn't need any security software installed, unlike their poor Windows counterparts which were always coming down with a cold. This they believed is because their beloved operating system is inherently more secure than leaky old Windows (which it used to be). This smug feeling has been especially strong over the last decade, since the release of Mac OS X in 2001, as it's based on Unix which has always had security baked into it. They therefore felt safe from the multitude of viruses, keyloggers, trojans and various other nasties that the bad guys like to infect operating systems with. However, there have been successful attacks in the past on every Apple Mac operating system since the first one in 1984, just nowhere near the number of attacks as on Windows. Of course, what Windows users, Linux users and other OS users have also been saying for years is that Apple's operating systems simply weren't popular enough to bother with and aren't particularly secure. After all, the hackers do this for fun and financial profit, so why aim for a little teeny tiny target, when you can aim for a big, fat one like Windows?
Well, Apple's OS certainly has increased in popularity somewhat since the debacle that was Windows Vista and hence is now a larger attack target than before, attracting more attention from criminal hackers. This appears to be dispelling the myth that Mac OS X is "secure", what with the latest malware attack. This new kid on the block is a trojan called "Tsunami", which has now been discovered on infected Mac OS X systems. What makes this particular malware different is that it appears to be a port of all things, of a Linux DDoS trojan called Troj/Kaiten. This little beauty herds infected Apple computers into a botnet which DDoS's whatever victim website the criminal hackers choose to instruct it to, using an IRC channel. Lovely.
Graham Cluley of Sophos, has taken this trojan apart and shown how it can be instructed to attack any website. He has reproduced the code snippet below:
He then says:
So, it sounds like this nasty requires a little bit of social engineering to get on the machine, like many do for Windows. However, that hardly sounds like a challenge does it, given the general lack of basic technical skills and security knowledge of ordinary computer users? The Apple ones perhaps even more so, as the platform is designed for "ease of use" and aimed specifically at people who are not tech savvy at all and want a computer "that just works". They'll have no idea why their beautiful Mac inexplicably runs slugglishly and unstably, with their ISP possibly disconnecting them for the garbage pumped out by their infected Mac.
Some people reading this will make the rallying cry "Of course Sophos will say it's vulnerable, they have a product to sell!" and they have a point. However, this doesn't take away the fact that threats to the Mac platform are real, out there and growing. Even if a Mac user doesn't want to run security software they should still practice safe computing habits, which is just another way of saying to use their common sense.
A short and interesting history of Apple malware can be found at this Sophos article.
Source:
Sophos
Well, Apple's OS certainly has increased in popularity somewhat since the debacle that was Windows Vista and hence is now a larger attack target than before, attracting more attention from criminal hackers. This appears to be dispelling the myth that Mac OS X is "secure", what with the latest malware attack. This new kid on the block is a trojan called "Tsunami", which has now been discovered on infected Mac OS X systems. What makes this particular malware different is that it appears to be a port of all things, of a Linux DDoS trojan called Troj/Kaiten. This little beauty herds infected Apple computers into a botnet which DDoS's whatever victim website the criminal hackers choose to instruct it to, using an IRC channel. Lovely.
Graham Cluley of Sophos, has taken this trojan apart and shown how it can be instructed to attack any website. He has reproduced the code snippet below:
The big question, of course, is how would this code find itself on your Mac in the first place? It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website.
But remember this - not only is participating in a DDoS attack illegal, it also means that you have effectively put control of your Mac into someone else's hands. If that doesn't instantly raise the hairs on the back of your neck, it certainly should.
Some people reading this will make the rallying cry "Of course Sophos will say it's vulnerable, they have a product to sell!" and they have a point. However, this doesn't take away the fact that threats to the Mac platform are real, out there and growing. Even if a Mac user doesn't want to run security software they should still practice safe computing habits, which is just another way of saying to use their common sense.
A short and interesting history of Apple malware can be found at this Sophos article.
60 Comments on Secure Apple Macs Fall Prey To Linux DDoS Trojan
In a final note, as an experienced Mac user, I find this "article" insulting. There are quite a few of us longtime Mac users that have more technical experience than 99% of the Windows PC users out there.
Though qubit could have worded it differently... say for example instead of... "For years Apple Mac users have felt smug that their computers..." He could put "For years many Apple Mac users have felt smug that their computers..."
moose has a fair point.
and pantherx12 as well, If Mac or Linux computers were as widespread as Windows PCs, then there'd probably be just as many hackers, etc, using those systems or attacking those systems.
The more you have, the more likely someone will want some of it (or mess with it in some way)
Regardless, thanks for the info qubit, Mac users should appreciate the heads up. Many Mac users may be used to software simply being safe to use on their OS, so seeing this may at least teach them to have some caution with 3rd party apps and such.
otherwise its just a stupid meaningless phrase.
good fight, good night!
And there ARE Mac users who are much more technically literate and knowledgeable than the average 'just works' Mac user... but they're very uncommon and much smaller in number than PC 'enthusiasts'.
And there ARE Windows PC users who are just as much technical morons as the average Mac users that are made fun of on forums like this... and they're just as common as the uninformed Mac users. Some of them even sign up for membership here and ask silly questions. Just as their Mac counterparts do on Mac forums.
But I'll say this, as the owner of an old Gen 3, Revision 1 Macbook that has gone back to PC and Windows 7:
OS X has its ease of use, dumbed down, pluses, but even with the extra features not normally loaded in a normal OS X install, it lacks the granularity of even Windows, not to mention Linux.
If you're using OS X simply for ease of use and actually doing something productive with it, like coding, or content creation, good for you. But for anything else, really, It's better to use Windows or Linux on a desktop or workstation. Even if you run into the occasional snafu, it's a learning experience and will teach you something about your system and about the Windows OS, even old hoary DOS, that will stand you in good stead in the future. It's the 'what doesn't kill me, makes me stronger' learning mode. This is why Mac users are denigrated.
Really, Macs being targeted for trojans and botnet roundups, it's kinda lame isn't it though?
The cluelessness of the Mac user to actually click on something that installs the thing is what makes it worthwhile to even attempt.
With Windows XP users, it's just a case of an insecure OS and hundreds of millions of OS installs, the probability of corralling a sufficient number of systems for a large botnet is much higher and much easier to do.
That says quite a bit about the perceived and demonstrated knowledge of Mac users, no?
I can say that I know both Windows and Mac users and even the less tech savvy ask me to install an antivirus on their Windows PCs. On the other hand, most Mac users always reply they don't need antivirus software.
Back on topic:
Apples, Macs, OSX boxes, or whatever you call 'em, can and do get viruses, not that many out there, but Apple is always plugging vulnerabilities in that O/S, too.
This is just my opinion and, yes, I have used Macs before... And, I, personally, was not impressed.
Apple has the "Deny everything, also, don't mention it and it never happened" attitude.
And, the fan(atic) base follows and drinks the Kool-aid. They will not accept anything, other than, they are the elite, with a Teflon operating system.
It is funny though, even your precious Apple recommends you may want to run an anti-virus program:eek:, see Mac OS X 10.7 Help > Protect your computer from harmful applications
Quote from the page:No O/S is 100% virus/trojan/worm/idiot proof, eventually, someone, somewhere, will try to ruin your happiness and try to make of dollar of the situation.
Oh, by the way, I see what you did here Q.:rolleyes:
personally,i buy out of that,and just go with-whatever makes me happy,regardless of "brand".
as for security flaws,macs have always had them,all computers do,even fones,i may get another mac laptop in the future,for my foto/video editing on the fly etc,i get the best of both then,whats wrong with that?
thanx for article too.
Last Apple Product I enjoyed was the IIE.
Just for the LuLzzz...
also, the mac OS is based more-so on BSD. of which, i remember a hack fest no so long ago, to which apples os came in last, over windows and linux.
""The first rule about Apple having viruses, is Apple deny and don't talk about Apple having viruses
:rockout::rockout::banghead::banghead: