SecureMac has introduced a free Trojan Detection Tool for Mac OS X. The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X. Called DNSChanger Trojan and also known as OSX.RSPlug.A Trojan Horse the software attacks users attempting to play a fake video file. Upon attempting to play the video, the victim receives the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec."
Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis. SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
View: Full Story @ PC World
Last edited by KeR on 09 Jan 2008 - 21:33
It would require administrative rights to install on Linux and Vista, too. The problem is, it's a trojan. Trojans are named such because they sneak in under the guise of something else, in this case the "codec."
It would require administrative rights to install on Linux and Vista, too. The problem is, it's a trojan. Trojans are named such because they sneak in under the guise of something else, in this case the "codec."
usually they don't wear big black cloaks, hats and twirling their mustache, asking to be letting by ask for admin rights.
The problem, is if this was on about being a windows only codec trojan, the windows defendents would be slamming the article as dumb.
This virus is much the same as if I sent everyone osx user recursive delete script and run it as root, that is as much a virus as this.
It would require administrative rights to install on Linux and Vista, too. The problem is, it's a trojan. Trojans are named such because they sneak in under the guise of something else, in this case the "codec."
usually they don't wear big black cloaks, hats and twirling their mustache, asking to be letting by ask for admin rights.
The problem, is if this was on about being a windows only codec trojan, the windows defendents would be slamming the article as dumb.
This virus is much the same as if I sent everyone osx user recursive delete script and run it as root, that is as much a virus as this.
I'm a Windows user, and I think it's a useful article. Trojans could easily trick someone that is a Mac newbie just as well as a hapless Windows user. It is logical for your media player to want to install a codec. And doesn't OSX ask for elevated privileges when you install most applications? That's hardly your "cloak and mustache" scenario.
It's good someone made a removal tool to fix things up for people that fell victim to this. You make it sound as if you'd rather infected people stay that way.
Last edited by GreyWolfSC on 09 Jan 2008 - 21:53
Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.
On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?
Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.
On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?
Almost everything I installed when I was using Tiger asked for admin elevation when I ran the installer. I guess it's completely changed?
Screenshot of trojan here: http://sunbeltblog.blogspot.com/2007/10/sc...mac-trojan.html
Looks like it actually says IN the QuickTime window that it needs the codec. Remember, trojans are designed to trick you into thinking what you're installing is innocuous.
Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.
On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?
Almost everything I installed when I was using Tiger asked for admin elevation when I ran the installer. I guess it's completely changed?
Screenshot of trojan here: http://sunbeltblog.blogspot.com/2007/10/sc...mac-trojan.html
Looks like it actually says IN the QuickTime window that it needs the codec. Remember, trojans are designed to trick you into thinking what you're installing is innocuous.
nope thats not quicktime asking for a codec, this is quicktime.
Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.
On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?
Almost everything I installed when I was using Tiger asked for admin elevation when I ran the installer. I guess it's completely changed?
Screenshot of trojan here: http://sunbeltblog.blogspot.com/2007/10/sc...mac-trojan.html
Looks like it actually says IN the QuickTime window that it needs the codec. Remember, trojans are designed to trick you into thinking what you're installing is innocuous.
nope thats not quicktime asking for a codec, this is quicktime.
Um, duh? But is a new user going to know that?
I doubt even Windows newbies would fall for that.
I really would think a new user would not fall for what was shown, its totally unlike any API error box ever shown in OSX, OS9, OS8 and system 7
for the average user if they want to play a 'video' they will install the 'codec', if they think they need to do it to watch said 'video' adn yeah if they think they need to put in an admin password to do so, they WILL.... hell i know of a LOT of users that have done similarly stupid things..
have you ever heard of 'social engineering' Kevin Mitnick used it quite a bit...hell if you ask the right questions in the right way, people will tell you their password..... ever wonder why there are soooo many nigerian scams, its becasue people are stupid and actually fall for them..
if it was a windows trojan, then id be still asuming a lot of idiots woudl install it... the fact is it is a trojan and if all mac users were so smart as to not put in the password, then this removal tool would NOT exist, the fact it exists tells me a lot of MAC users are just as stupid as a lot of winodws users adn actually did type in their password....
for the average user if they want to play a 'video' they will install the 'codec', if they think they need to do it to watch said 'video' adn yeah if they think they need to put in an admin password to do so, they WILL.... hell i know of a LOT of users that have done similarly stupid things..
have you ever heard of 'social engineering' Kevin Mitnick used it quite a bit...hell if you ask the right questions in the right way, people will tell you their password..... ever wonder why there are soooo many nigerian scams, its becasue people are stupid and actually fall for them..
if it was a windows trojan, then id be still asuming a lot of idiots woudl install it... the fact is it is a trojan and if all mac users were so smart as to not put in the password, then this removal tool would NOT exist, the fact it exists tells me a lot of MAC users are just as stupid as a lot of winodws users adn actually did type in their password....
come off, you say WHO CARES cause you have no bloody come back.
That screen is nothing like a OSX dialogue box in a million years
Your point is? I would argue a Mac user is just as stupid to enter thier password to install "The Ultra Cool Free Screensaver" ( if not more so ) that a windows user is of clicking "OK" a few times. The reason I say more so is because a lot of Mac users are under the shiney guise that their system couldent possibly EVER get a virus.
Any virus provention methods that rely soley on user identification are useless when captain "give me my kitty cat screensaver" honestly beleaves its genuine software.
Your point is? I would argue a Mac user is just as stupid to enter thier password to install "The Ultra Cool Free Screensaver" ( if not more so ) that a windows user is of clicking "OK" a few times. The reason I say more so is because a lot of Mac users are under the shiney guise that their system couldent possibly EVER get a virus.
Any virus provention methods that rely soley on user identification are useless when captain "give me my kitty cat screensaver" honestly beleaves its genuine software.
under illusion because the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves.
I really would think a new user would not fall for what was shown, its totally unlike any API error box ever shown in OSX, OS9, OS8 and system 7
Wait wait.... Let me get this straight what you just said.... I really think that someone that has never seen what the dialog box should look like ..... would not fall for the box not looking like what they don't know it should look like.
You're a mac fanboy and I can already smell it.
Lets look at it from this other angle... Do you really think only 10 or 20 people fell for it if they had to make a REMOVAL TOOL you idiot!
Start jogging those braincells, might actually be able to put em to work, and give up, OSX is just as vulnerable to virus's as windows vista.
That screen is nothing like a OSX dialogue box in a million years
umm did you read the post??? i never said whocares, i said USERS ARE STUPID, are you trying to tell me the average computer users are not stupid??? hell there must be a few for this removal tool to exist, they wouldnt realease a removal tool if NOONE was infected!!!!
Your point is? I would argue a Mac user is just as stupid to enter thier password to install "The Ultra Cool Free Screensaver" ( if not more so ) that a windows user is of clicking "OK" a few times. The reason I say more so is because a lot of Mac users are under the shiney guise that their system couldent possibly EVER get a virus.
Any virus provention methods that rely soley on user identification are useless when captain "give me my kitty cat screensaver" honestly beleaves its genuine software.
under illusion because the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves.
hahah Now i KNOW you do not work in IT or tech support, because if you did you would not make ridiculous statements like "the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves" you really dont have any idea how stupid a LOT of users are... you may be smart enough not to fall for these....oh yeah did i mention i worked on MAC's in my last job and i know for a fact most of those users were stupid...
Anti-virus and such has been available for OSX for a while now. Nothing new.
Anti-virus and such has been available for OSX for a while now. Nothing new.
But to hear the Apple "fanboys" you would get the impression that it was new and unheard of.
Anti-virus and such has been available for OSX for a while now. Nothing new.
But to hear the Apple "fanboys" you would get the impression that it was new and unheard of.
strange.....
when ever we get news stories about OSX viruses its always the bashers from the windows world on here that make these statements and very rarely the OSX user.
Mac users can be quietly confident that they're machines are very safe. I've never even given thought to anti-spyware, anti-virus, pop up protection and all the other crap that has become a staple diet of Windows 'die hards' whenever i'm using my Mac. Please - bring it on all you would be virus and trojan writers.
Mac users can be quietly confident that they're machines are very safe. I've never even given thought to anti-spyware, anti-virus, pop up protection and all the other crap that has become a staple diet of Windows 'die hards' whenever i'm using my Mac. Please - bring it on all you would be virus and trojan writers.
Being ignorant of internet security is just inviting a Mac catastrophe of Blaster or Slammer scale, especially with the increasing Mac install base. This trojan could have easily installed all kinds of zombie software after it got administrative permission as well as modifying DNS entries. (And apparently except for Leopard there is no easy way to see that the DNS table has been modified.)
Anti-virus and such has been available for OSX for a while now. Nothing new."
Actually Mark, most Mac users who post on these new stories have the attitude that their Mac is invincible. Of course there is anti-virus for Macs but the Mac users act like they will never need it.
And that mentality is what's childish.
Last edited by internetworld7 on 10 Jan 2008 - 04:49
Last edited by elvenseven on 09 Jan 2008 - 22:00
The computer's not the problem. It's the assumption that it's impervious that is.
The computer's not the problem. It's the assumption that it's impervious that is.
Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.
The computer's not the problem. It's the assumption that it's impervious that is.
Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.
if you believe it is an assumption then you are simply ignorant..why woudl anyone write a virus that affects 7% of the worlds computers, when they can write one that affects 80%, if you have aareasonable explanatino for that please let me know...
The computer's not the problem. It's the assumption that it's impervious that is.
Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.
if you believe it is an assumption then you are simply ignorant..why woudl anyone write a virus that affects 7% of the worlds computers, when they can write one that affects 80%, if you have aareasonable explanatino for that please let me know...
You tell me.
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
The computer's not the problem. It's the assumption that it's impervious that is.
Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.
if you believe it is an assumption then you are simply ignorant..why woudl anyone write a virus that affects 7% of the worlds computers, when they can write one that affects 80%, if you have aareasonable explanatino for that please let me know...
You tell me.
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
"The major source of threat to Linux systems at present seems to be exploits on browsers such as Firefox and Opera, just as in the Windows world the exploits are on Internet Explorer and Firefox."
that link doesnt really prove anything.. except that running as a non admin user is the safest way to protect a machine, which by the way i can do in windows...
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
Two reaosns to create a virus.
1) Obtain or break into a system
2) Cause mahem and be a twat
3) Steal Information.
If I wanted to do that I would target as large a possible audiance as possible ( point who cares made ) or I would target servers which often store data or on large connections capaable of being used as a fast spamming DOS etc attack platform.
Last time I checked the ratio of mac servers to linux servers was pretty low.
Last edited by shockz on 09 Jan 2008 - 23:30
I predict that WHEN a virus hit's the OSX community there will be an utter outcry from said community because they were ill prepared and a thunderous burst of glee from the Windows community because they've been telling them it was coming.
I predict that WHEN a virus hit's the OSX community there will be an utter outcry from said community because they were ill prepared and a thunderous burst of glee from the Windows community because they've been telling them it was coming.
Only thing is, this will never happen. Next ludicrous scenario please.
I predict that WHEN a virus hit's the OSX community there will be an utter outcry from said community because they were ill prepared and a thunderous burst of glee from the Windows community because they've been telling them it was coming.
Only thing is, this will never happen. Next ludicrous scenario please.
Boy, you sure come up with the deepest thoughts...
Any particular reason why? You always spout on about OSX's "Superior UNIX foundation" (Not actually knowing what that means, mind you), but can you explain what about it would prevent a piece of malicious code running with root privledges from completely taking over the system? Because I can't. Or what about the myriad of privledge escalation exploits we see Apple dealing with on what seems like a daily basis these days?
Last edited by MioTheGreat on 10 Jan 2008 - 00:56
I predict that WHEN a virus hit's the OSX community there will be an utter outcry from said community because they were ill prepared and a thunderous burst of glee from the Windows community because they've been telling them it was coming.
Only thing is, this will never happen. Next ludicrous scenario please.
haha ignorance is bliss,until you get hit by that virus of course, i thnk yours has to be the most ludicrrous statement of all of the posts so far. have you ever heard the statement 'never say never'.... how can you KNOW that some flaw is not discoverd in osx that can be exploited??? and know that no virus will EVER get released?? if you can explain that please let us all know, im sure MS woudl luv to know how to make such a secure OS also..
Any particular reason why? You always spout on about OSX's "Superior UNIX foundation" (Not actually knowing what that means, mind you), but can you explain what about it would prevent a piece of malicious code running with root privledges from completely taking over the system? Because I can't. Or what about the myriad of privledge escalation exploits we see Apple dealing with on what seems like a daily basis these days?
Well first, I'm glad I have ingrained in you and others here over time that OS X has a superior UNIX foundation.
Any particular reason why? You always spout on about OSX's "Superior UNIX foundation" (Not actually knowing what that means, mind you), but can you explain what about it would prevent a piece of malicious code running with root privledges from completely taking over the system? Because I can't. Or what about the myriad of privledge escalation exploits we see Apple dealing with on what seems like a daily basis these days?
Well first, I'm glad I have ingrained in you and others here over time that OS X has a superior UNIX foundation.
as expected you have absolutley nothign to back up your claims, especially as we know there are unix viruses in existance... how has mac made unix more secure than unix has?? as i said ignorqnce is bliss...when you have some real reasons other than 'cause i said so' pleas let us all know as we are very curious
as expected you have absolutley nothign to back up your claims, especially as we know there are unix viruses in existance... how has mac made unix more secure than unix has?? as i said ignorqnce is bliss...when you have some real reasons other than 'cause i said so' pleas let us all know as we are very curious
You've really failed to 'ingrain' anything in anyone other than the fact that you lack a decent understanding of Operating System architecture.
You've tried to use circular reasoning in your argument, but you can't even seem to get that right. You claim that code can never run as an "Admin" (It's actually 'root', if you keep on trying to throw UNIX terms around), but you're forgetting everything in kernel space, and every installer you've ever ran, or every configuration tool you've even ran that asked for your password. Every single one of them ran with root privileges, and without any decent isolation systems in OSX's window manager like Vista has (Vista has something called UIPI), they're vulnerable to attack from applications of lesser privilege. Not to mention the myriad of exploits that have been popping for Apple like weeds which allow for arbitrary code execution with root privileges (They're called privilege escalation exploits), every one of which allows for malicious code to be run with the Admin privileges you say that they cannot obtain.
Ugh. Why do I bother? It's like putting a post it note on a wall with a detailed explanation of why the wall isn't a window, despite how much it wants to be.
Last edited by MioTheGreat on 10 Jan 2008 - 03:31
I predict that WHEN a virus hit's the OSX community there will be an utter outcry from said community because they were ill prepared and a thunderous burst of glee from the Windows community because they've been telling them it was coming.
Only thing is, this will never happen. Next ludicrous scenario please.
Here ya go...
http://docs.info.apple.com/article.html?artnum=307179
I guess none of those exist. And almost everything on that list can be used to take over your Mac. You're just lucky nobody cares about doing so yet.
Last edited by internetworld7 on 10 Jan 2008 - 00:08
DUD
DUD
MUD
DUD
MUD
My comment is mud?
DUD
MUD
My comment is mud?
BUD... how could you?! you broke the chain.
I think it is 'some' mac users (not all, as there are some mac users that understand how computers do work) ignorance and blind faith in OSX being so secure that annoys people. statements like "Only thing is, this will never happen. Next ludicrous scenario please" dont help the cause..as we all know you cant comment on things that dont even exist yet, OS's are coded up by humans, humans make mistakes...
Last edited by whocares78 on 11 Jan 2008 - 03:19
Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.
Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.
You've pooped in quite a few Microsoft stories yourself, so not much room for finger pointing there.
Mac users don't own Mac news any more than Windows users own the Windows news. If you have that much of a problem with people commenting on Mac news, you should try a Mac-only site.
And for the record, the only difference between the Intel Macs and a standard PC is Apple's Trusted Platform Module. (And the price.)
Last edited by GreyWolfSC on 10 Jan 2008 - 02:47
also if only mac users commented on articles like these then poeple that dont know anythign will assume that 'mac is perfect', i bitch about MS all the time too if you had payed any attention, but I'll leave my MS bitching for the MS articles... if by asking questinos and tryig to make you realise mac aint perfect is causing a disturbance then you really do have issues... all i can say is each to their own, you use what suits you and i will use what suits me... just dont come and tell me OSX has never had a virus adn never will...it is the ignorance that annoys me..
the fact is if a security pacth is released it is becasue there was a security issue, it really is that plain and that simple..
Last edited by whocares78 on 10 Jan 2008 - 03:15
Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.
You've pooped in quite a few Microsoft stories yourself, so not much room for finger pointing there.
Mac users don't own Mac news any more than Windows users own the Windows news. If you have that much of a problem with people commenting on Mac news, you should try a Mac-only site.
And for the record, the only difference between the Intel Macs and a standard PC is Apple's Trusted Platform Module. (And the price.)
show me where I've bashed windows, go on, go on??????????????
Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.
You've pooped in quite a few Microsoft stories yourself, so not much room for finger pointing there.
Mac users don't own Mac news any more than Windows users own the Windows news. If you have that much of a problem with people commenting on Mac news, you should try a Mac-only site.
And for the record, the only difference between the Intel Macs and a standard PC is Apple's Trusted Platform Module. (And the price.)
show me where I've bashed windows, go on, go on??????????????
I said Microsoft, not Windows. but I figured you'd say that, so I made a list. (Starting with the top story on the site, too.)
http://www.neowin.net/news/main/08/01/10/c...face?cid=608237
http://www.neowin.net/news/main/08/01/06/w...ures?cid=607172
http://www.neowin.net/forum/index.php?show...amp;p=589116720
http://www.neowin.net/forum/index.php?show...amp;p=589024346
http://www.neowin.net/forum/index.php?show...amp;p=589024378
http://www.neowin.net/forum/index.php?show...amp;p=589024113
This last one isn't you bashing Microsoft, it's you complaining about people discussing Mac and Windows and a mod telling what you should do if you don't like people disagreeing with you.
http://www.neowin.net/forum/index.php?show...amp;p=588230693
If you want me to search and find all the times you slammed Windows users let me know.
Last edited by GreyWolfSC on 10 Jan 2008 - 14:37