New Mac OS X backdoor Trojan, Sabpab, discovered

[.Neo]

That's the point I don't understand. Flashback and this new supposed one are Java exploits....so if my Mac doesn't have Java installed how can my machine get infected and thus need this removal tool? Isn't the best defense on this just not to have Java installed along with a good a/v scanner?

Better to be safe than sorry I guess? If you run Adobe CS5 you're forced to install Java, so that's not always an option. For most of the public here a a/v scanner still isn't necessary really. Just disable Java in your browser and don't install software from untrusted sources.

I'm glad I upgraded all my Macs to Windows 7 in time.

Yes because we all know there are no trojans whatsoever for Windows.

[n_K]

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

I've never really looked into mac security all that much, but if you can exploit java then it doesn't matter HOW MUCH security you put in with signed executables (I don't think they need to be signed, it's got the same 'mark as dirty/from another computer' security bit that windows does which gives a 'are you SURE you want to run this application' message), because you can exploit valid signed programs and do things with them.

Anyway, macs are getting more popular so there's going to be a huge rapid increase in exploits and viruses for them in the future.

Edit: Also, PC vendors are all from different manufacturers and whatnot, (I'm talking laptops/netbooks/ultrabooks/tablets specifically here) whereas all of apples line use the same base hardware, which includes the exact same password say, for the administration functions of the battery, and with that power it doesn't take much to blow one up as a security researcher demonstrated (FYI; apple still haven't stopped using the same battery firmware password OR allowed you to change it).

[PyX]

I still have OS X but I have no real reason to use it anymore. The question then becomes, why did I get a Mac in the first place? I didn't know Windows 7 was so good. If I did at the time, I would have saved myself some money and built my own PC.

It depends if you have a desktop or not. Of all laptops that I have seen in my life, I would buy a MacBook with Windows 7 on it over anything else. They just gave me an HP from somebody else last week at work and couldn?t stand it, now I have my Toshiba for myself and it?s even worse. I?m still considering telling them I want to use my MacBook Pro instead :p

Then again, of all desktops I have seen, the iMac remains my favorite one too, but the difference is less marked with an iMac, because you can easily build a tower with exactly what you want.

[Rippleman]

When it comes to security, the only thing Apple is light years ahead of Microsoft on is denial.

and customer loyalty, and bank account, and tablet market, and phone sales, and service support, and apps, and on and on... and before you flame, i do not own a mac, i just am starting to see that apple hate is getting very annoying from kids that are too young (or adults that are too old) to comment on stuff they are obviously biased on.

[resol612]

and customer loyalty, and bank account, and tablet market, and phone sales, and service support, and apps, and on and on... and before you flame, i do not own a mac, i just am starting to see that apple hate is getting very annoying from kids that are too young (or adults that are too old) to comment on stuff they are obviously biased on.

Apple !== Microsoft

Note the extra equal sign.

How can people get so charged up over tech companies is beyond me.

resol612:whatever platform i'm typing on

[neufuse Veteran]

I have a feeling the harder they look the more backdoors/torjans they will find that have been around for a while lurking since no one was looking for them...

[redvamp128]

First and foremost I am not anti-Apple- However this should be a wake up call... for now it is only Flash and Java based attacks.... Apple should realize that now they are on the radar instead of flying just below. This is how it started for them before...You will have to remember back in the days when there was IBM DOS and they said back then... Only DOS gets viruses, then the attacks started for the Apple II machines...

The true question now is.... How will Apple handle this? Denial, Acceptance or Locking a user to only approved applications to be installed on OSX?

[sagum]

Days of Macs being virus proof are over.

In 1982, as a high school student at Mt. Lebanon High School, Skrenta wrote the Elk Cloner virus that infected Apple II machines. It is widely believed to be the first large-scale self-spreading personal computer virus ever created.

http://en.wikipedia.org/wiki/Rich_Skrenta

Seems like the Mac was a haven for virus right from the start. Apple have a wonderful way of brainwashing people. I own an ipod.

[funkydude]

and customer loyalty, and bank account, and tablet market, and phone sales, and service support, and apps, and on and on... and before you flame, i do not own a mac, i just am starting to see that apple hate is getting very annoying from kids that are too young (or adults that are too old) to comment on stuff they are obviously biased on.

Calm down dear! It's not "Apple hate", it's a dig response to Apple adoration, and completely on-topic with security, which your post is not.

[#Michael]

First and foremost I am not anti-Apple- However this should be a wake up call... for now it is only Flash and Java based attacks.... Apple should realize that now they are on the radar instead of flying just below. This is how it started for them before...You will have to remember back in the days when there was IBM DOS and they said back then... Only DOS gets viruses, then the attacks started for the Apple II machines...

The true question now is.... How will Apple handle this? Denial, Acceptance or Locking a user to only approved applications to be installed on OSX?

Couldn't one say that if you didn't have flash or java installed then you wouldn't have this issue? So far....is there an actual virus/trojan/exploit for os x itself and not flash or java on os x?

[123456789A]

Couldn't one say that if you didn't have flash or java installed then you wouldn't have this issue? So far....is there an actual virus/trojan/exploit for os x itself and not flash or java on os x?

No.

[rfirth]

So far....is there an actual virus/trojan/exploit for os x itself and not flash or java on os x?

Yes.

Anyway, that's a pointless argument. Does anyone ever say "Hmm, got a virus, but good thing [Company X] code wasn't involved!"

Trojan vs virus? [To your credit, you aren't making a distinction in your post, but others are] Does anyone ever say "Hmm, my computer is infected and taking commands from a remote server and transmitting my banking information to criminals. Good thing it's just a trojan!"

[PyX]

Days of Macs being virus proof are over.

Since I own Macs [6 years from now], people have said this year after year. And you know what ? It never really took off.

[redvamp128]

Couldn't one say that if you didn't have flash or java installed then you wouldn't have this issue? So far....is there an actual virus/trojan/exploit for os x itself and not flash or java on os x?

The problem actually could possibly be that Apple allowed people to install Java and Flash.... they could take the alternate route of only allowing approved programs to install-- I.E. those that are bought at through iTunes or on an Apple DVD. Though from what I understand java was included with OSX but has since been removed. Many programs still unfortunately require java in order to run though.

Though you could actually say if they were not installed then you would not have those issues, however, just in these programs being exploited one must ask the inevitable question.... "What else are the hackers and male-ware developers working on to exploit my system?"

For many years Apple has been under the radar of such exploits, now all of sudden something like this appears.

Sure, by all means remove Java and Flash, but the question is "Where is the next attack coming from and how to avoid it?"

Some have suggested- the next exploit could actually be the way it handles viewing images... but that remains to be seen.

The point is, for so long has there not been little research into avoiding Virus and Male-ware, but now it may be time to look into ways to prevent it.

In Windows now through Security Updates, Malicious Software Removal Tools, Anti-Virus, Script Blockers, Resident programs (like that in Spybot Search and Destroy) or other programs like that to block out the bad.

Also more and more programs are choosing to run in user modes and also inside memory sandboxes, it may now be time for Apple to consider applying programs like that in order to circumvent the next outbreak.

- I had always thought each system in order to do an update to help stop malicious code would need to reboot before installing them or actually having to insert a boot dvd in order to make system changes...

Windows downloads updates then prompts you to insert your install medium to reboot and install updates... also this would be required when a program wants to add itself to the start up of the computer.

(these were just thoughts to help stop the spread of Male-ware and Viruses)

Yes.

Anyway, that's a pointless argument. Does anyone ever say "Hmm, got a virus, but good thing [Company X] code wasn't involved!"

Trojan vs virus? [To your credit, you aren't making a distinction in your post, but others are] Does anyone ever say "Hmm, my computer is infected and taking commands from a remote server and transmitting my banking information to criminals. Good thing it's just a trojan!"

Good point... the relative term from what is a virus and male-ware are small.... but this should be a wake-up call that Apple is now on the radar.

[Japlabot]

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

Wow you can not be so wrong. Both companies try to build security into their products, but no security is perfect and that's where the similarities end. The companies' approach to security response is completely different.

One has a dedicated security team who puts out timely patches and advisories, tries to work pro-actively with hackers to prevent a 0-day release (a 0-day is where a security hole is being exploited before the company knows that there even was a security hole), puts out a patch to a 0-day hole as soon as possible, releases monthly removal tools for common Malware (especially those that used a 0-day), offers free antivirus to all paying users. There is nothing more they could possible do that they are not already doing.

The other likes to advertise their security quite strongly, especially compared to the other, but when a security hole is found despite all their "advanced securities" they keep it a secret for months, and then when it is found out that it is being actively exploited they deny that there is anything wrong with their software, say that it is not their fault that there is a security hole affecting their products, sit on their hands for more months while they decide if they even want to close the security hole, and then eventually many more months after that they decide to put out an update to clean up the infected machines.

I wonder how it will go next time that a security bug is found which Apple won't fix and a virus comes in which will silently overwrite all the time machine backups with dummy data either straight away (because many users leave their time machine disks always plugged in or use Time capsule) or waits until the Time machine backup is plugged in while making it look like the time machine is working properly.Then when it has finished making the time machine backup useless (PS: Time Machine supports only ONE backup destination) it will then wait until a certain time to allow the virus to spread without being detected. After this it will then overwrite all the data on the main computer itself and then all Mac users will be screwed with no backup and no data at the same time because Apple did not do anything about security.

[redvamp128]

...

I wonder how it will go next time that a security bug is found which Apple won't fix and a virus comes in which will silently overwrite all the time machine backups with dummy data either straight away (because many users leave their time machine disks always plugged in or use Time capsule) or waits until the Time machine backup is plugged in while making it look like the time machine is working properly.Then when it has finished making the time machine backup useless (PS: Time Machine supports only ONE backup destination) it will then wait until a certain time to allow the virus to spread without being detected. After this it will then overwrite all the data on the main computer itself and then all Mac users will be screwed with no backup and no data at the same time because Apple did not do anything about security.

I have heard that could be a possible exploit... the time machine-- whereby no active file is written which bypasses the security when the maleware/virus is inserted-... then when the user uses the time machine to go back - he then will have rights to write to system files without being signed, because a backup file does not have that signature and therefore won't be checked.

In other words-- if there can be an insertion point into the time machine (which is not monitored and protected by OS X) then when the user initiated a backup it will have the rights to write to system files... that is what I have heard as a possible way to exploit a system when file protection is enabled. (this is a concept with Windows Backups)... because the backup runs as a user but the writing the back to the main system is ran as a Power User or Administrator. Based upon that theory it could theoretically affect OSX in the same way just like that of Linux.

[Dot Matrix]

This is *APPLE MAC OSX BASED* malware that is loaded onto the system via an exploit in Java. This malware and Flashback were written specifically for the Mac.

There are still some Apple faithful out there trying to pass this stuff off as NBD, and still see their holier than thou OS as bulletproof, and are quickly laying the blame on Java.

[watchthisspace]

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

Apple can be slower than Microsoft to plug hole's though.

[PyX]

Apple can be slower than Microsoft to plug hole's though.

This is true though. I prefer Apple?s approach over Microsoft when it comes to security, but they could fix them faster. With MS, under 24-48 hours, it would be a thing of the past already. Took like 4-5 days with Apple.

[+Heartripper Subscriber¹]

Apple's approach on viruses reminds me of RMS Titanic captain's approach on icebergs.

[Robbie Ride]

Having what is described as a great approach to security, Apple wouldn't have Trojan Virus issues on their OS X platform, it would be virus free. But since the take the longest time to release patches to fix issues after a period of denial, it just shows that the os isn't as secure as people once thought. It does seem like OS X has now be come the main target for viruses and malware just like Windows XP was.

[Glassed Silver]

Having what is described as a great approach to security, Apple wouldn't have Trojan Virus issues on their OS X platform, it would be virus free. But since the take the longest time to release patches to fix issues after a period of denial, it just shows that the os isn't as secure as people once thought. It does seem like OS X has now be come the main target for viruses and malware just like Windows XP was.

That comparison is pretty ridiculous.

On a sidenote: Apple's current teams are new to malware fixing (not brand new, but MS sure have a lot more expertise).

To be honest, I can see Apple buying up an AV company easily.

It would stay in the background like Defender on W8 and get updates through a more appropriate and faster channel than Software Update...

Glassed Silver:mac

[.Neo]

Having what is described as a great approach to security, Apple wouldn't have Trojan Virus issues on their OS X platform, it would be virus free. But since the take the longest time to release patches to fix issues after a period of denial, it just shows that the os isn't as secure as people once thought. It does seem like OS X has now be come the main target for viruses and malware just like Windows XP was.

Except there still isn't a single virus out in the wild for OS X. There were for Mac OS 9 (an OS with a much lower market share), but not OS X.

[Open Minded]

Except there still isn't a single virus out in the wild for OS X. There were for Mac OS 9 (an OS with a much lower market share), but not OS X.

There's also not many games in the wild for OS X. I guess that's one of the trade-offs.

[PyX]

There's also not many games in the wild for OS X. I guess that's one of the trade-offs.

But every year becomes the best year for Mac gaming.

With the App Store, with Steam and with ported games from the iPhone and iPad to Mac OS X, and with companies who now recognize the Mac as a gaming platform, this isn?t really a valid argument.

On the other hand, there will always be like less than 3-5 malware for OS X every year. This has remained stable.