Mac Trojan
 

http://www.insanely-great.com/news.php?id=7873

so the rule is..... if you cant good....be safe :D

There is an article on the main macosxhints site about this trojan:
http://www.macosxhints.com/article.p...71031114140862

Made the front page of Digg with over 800 diggs in less than an hour:
http://www.macnn.com/articles/07/10/....targets.macs/

well it says you'll get it if you download a codec for porn sties, so Im not infected :)...i hope, will calm av be able to deal with it?

if your stupid enough to install software from a porn site you dont deserve to have a computer

Wake me when there's a virus out there and Apple hasn't closed the hole with a software update. I want to be sure that I complain loudly to Apple if/when that happens.

these tactics have been around for several years on the PC side. Oh, you need this codec, download this, and it is malware. It is only a matter of time before mac users become socially engineered to do such things. It is like Mitnick has said about the human factor and security. Nothing is ever 100% secure with the human factor because of social engineering and other like techniques that can be used to bypass security.

So, should Apple try and centralize all codecs so we know who we should be downloading them from?

There really isn't much you can do, because Apple would be in a huge catch 22 if this were the case. For one, if they centralized everything, then all third party codecs, support, add ons etc, would go through their servers, and who would quality check it? They would have to hire a whole other set of developers to check everyone's work.

Apple, could try to put out a digital certificate but then again, the developers would have to purchase that from Apple and well there are some issues with that as well. MS put out a digital certificate but it is not required. The software that has the digital certificate is suppose to work with no troubles.

If Apple enforced that they would also have issues with the little third party they have now. It is in Apple's interest to obtain third party compatability overall in the market. Third party will help this happen.

I hate to bring up the cliche that mac users are dumb because Apple has made the OS so simple and easy that they have never learned anytihng, where as a PC user has had so many troubles they by trial and error find out the hard way of software troubles therefore they are more educated. Just so certain users on this forum don't jump on this statement, let me be clear, I said cliche!

I mean I never get a virus on my PC at home. I run windows XP SP2, with no software based firewall, no anti virus, and no anti-spyware either. I never have any issues. I know that P2P applications are filled with bad stuff, I view the contents of all my torrents before downloading them and check the tracker to see if it is a valid source, I don't install codecs that I just find or am told to install, and I typically use software packages that are all inclusive - meaning there is no reason to download any codecs. So, really just by using the right software on my PC, and being cautious and running CCcleaner every now and then I am pretty much avoiding any and all issues. I have been running my PCs this way since around 2000ish, and have not had a virus yet. I secure my network on the network level with hardware.

So, really you will have to educate yourself with the basics of what is safe and what is not safe on the internet. Mac users have been fortunate enough to not have to really deal with a lot of what the Windows users have had to deal with, but at the same time at least the windows user base has had that experience and they know what to expect when they start installing random software left and right.

What if I wrote a codec that once you put in your admin password to install it, it ran a script to so something of the effect of sudo rm -rf / as admin? I mean this type of treat is definitely a possiblity so I think it is up to the user to be more responsible for what they do.

Some of the Windows user base knows what to expect. Most don't, which is why malware is so successful on the PC. If all PC users had your knowledge and expertise, there would be no Windows viruses in the wild! Mac users on the other hand, generally have experience with Windows. It's that experience that caused most of them to consider the Mac in the first place. That's why it's so difficult to create a successful trojan on a Mac. This trojan is a good example. It's relying on teenage boys whose desire to view porn may override their limited experience and common sense!

You can't stop a user from giving out his or her admin password.

I hear duct tape can fix just about anything

Hey, it's MacGyver!

Hey!:eek: I have never watched adult content. ;)
But if I did, I would have enough sense not to install or download anything from websites of that manner.
As opposed to my dad, who hasn't been a teenager since the '80's and still goes places and gets his PC virused(not that I checked his web history or anything). He was blaming it on my sister for playing games on the disney channel website...
Maybe I said too much...:o

The exception that proves the rule! :D

Seriously though, they're just playing the odds, and the odds are better that a teenager will be reckless than an adult.

I guess we are more likely to look at the naughty content. But I dont watch it myself. I agree anyone who installs a codec for porn is stupid, whos that desperate?

nuf said??

Give that man the $10,000!

/too obscure?

lol but still, codec for porn, get a GF lol. But on a serious note, couldnt this be used on youtube like sites?

It could possibly, but the site should use a common 'standard' media plugin, such as QuickTime, Flash, or even RealPlayer (ugh).

Not some obscure media plugin nobody has ever heard about.

Just to add another thought. I haven't been around a PC virus for a long time (the only PC's I work with are very well maintained). What do they do these days? I know a lot of them are just mules for spammer bots, but are there still ones out there that just destroy your hard drive for kicks and giggles? I mean honestly, with how hard it is to defeat security these days, it seems like you'd need to put some money into any bug you create...so there'd have to be some cash based reason for doing this, right?