Mac OS X's pirate trojan
In the past few days, Mac users have been struck by two different, but related, kinds of malware. The sinister packages are downloaded along with BitTorrents of iWork '09 and Adobe CS4, and, like most malware, once installed call back to a central computer and await instructions (presumably to start participating in a botnet).
Many are getting worked up about this because it represents the first true piece of Mac malware that isn't just a proof of concept. But it's important to keep in mind that this isn't a worm or a virus that you can contract just by clicking on a link or opening an email; it's a trojan, which means that you have to be tricked into downloading it and agreeing to give it administrator access. The particular way this trojan tricks you into doing so is rather neat: it piggybacks on installers for the aforementioned pirated software. People are used to giving software installers admin access, but then, most people don't get their software from sketchy warez sites.
The thing about classic scams, as anyone who's watched a David Mamet movie knows, is that they rely on the greed of the scamee. Thus, the Nigerian 419 scam only works if the victim believes he or she is about to come into some ill-gotten loot. These Mac trojans follow the same principle. Still, it's easy to be smug: I know that I've downloaded and installed applications from the Internet (giving my admin password in the process) that I discovered only after a few minutes of Google searching for a tool that serves a particular purpose that I need. Sure, the Web sites they came from looked slick and professional, but that's not exactly hard to fake. This is a wakeup call to be more diligent about what exactly we're installing on our Macs.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Be Prepared
Mac Users should be prepared for the windfall that comes from Apple's we are secure mantra. With the growth of the Mac during the Vista fiasco Mac users have become more of a target. Since OS X is based of of Unix it means all you have to do to get into a system is hack grub. If anyone thinks the hackers don't know or won't figure out how to do this please re-think your stance. It does not matter if this is a Trojan, Worm or another virus that creates a botnet they are all dangerous in the end.バッテリー
大阪でバッテリー販売。 セルモーターリビルト。 オルタネーターリビルト。リビルト在庫多数。大阪で電装品販売。リンク品在庫多数。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。レプリカユニフォーム
プロ野球やバスケなどの有名選手のレプリカユニフォームが大人気。今、流行のムームードメインはコンピュータやネットワークにつけられる識別子です。冷水や温水を素早く飲めるのがウォーターサーバーです。機関投資家を中心にCFDを扱っていましたが、今や個人投資家に大人気。現在の電子タバコは高性能です。禁煙するにはとても良いです。ダイエットにお勧め。今注目なのがマイクロダイエット無理なくやせられます。グローバル時代だからこそスピードラーニングで外国語を気軽に学ぶ時なのです。引っ越しや旅先にかかせないのがレンタカーです。自分の学力を計るのが学力テストです。将来のために保険に入ることは、とても大事です。注目はライフネット生命です。