OSX/Jahlav-C Trojan
This trojan is apparently out in the wild and is a real attack on OS X in the wild. It seems to require some social engineering and requires the user to install media codecs to view "ActiveX", which any reasonably technical user will understand is not possible on OS X:
http://www.sophos.com/blogs/sophoslabs/v/post/4811
Apparently the users of the exploit will try to trick users into running installers such as AdobeFlash.dmg, etc.
http://www.sophos.com/security/analy...sxjahlavc.html
One question that I have and haven't been able to answer after a fair amount of googling is whether or not this trojan requires the user to enter their username and password. This is a critical piece of information that's missing, since it would help me ascertain whether this is a real vulnerability in OS X, or just strictly a user engineering effort.
I'm at work on my Windows workstation, so I can't verify if /Library/Internet Plug-Ins requires administrative privileges to write to (although I imagine it would).
And, please, don't turn this into a flamewar. I'm interested in technical information on this trojan and what it means for OS X security in general. Well-reasoned, factual and polite arguments on either side of the general OS X security issue are welcome.
http://www.sophos.com/blogs/sophoslabs/v/post/4811
Apparently the users of the exploit will try to trick users into running installers such as AdobeFlash.dmg, etc.
http://www.sophos.com/security/analy...sxjahlavc.html
Quote:
OSX/Jahlav-C creates a malicious shell script file named AdobeFlash in the /Library/Internet Plug-Ins folder and sets it to run periodically. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload.
OSX/Jahlav-C creates a malicious shell script file named AdobeFlash in the /Library/Internet Plug-Ins folder and sets it to run periodically. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload.
One question that I have and haven't been able to answer after a fair amount of googling is whether or not this trojan requires the user to enter their username and password. This is a critical piece of information that's missing, since it would help me ascertain whether this is a real vulnerability in OS X, or just strictly a user engineering effort.
I'm at work on my Windows workstation, so I can't verify if /Library/Internet Plug-Ins requires administrative privileges to write to (although I imagine it would).
And, please, don't turn this into a flamewar. I'm interested in technical information on this trojan and what it means for OS X security in general. Well-reasoned, factual and polite arguments on either side of the general OS X security issue are welcome.
Comments
This trojan is apparently out in the wild and is a real attack on OS X in the wild. ....
Welcome to last month.
[...] which any reasonably technical user will understand is not possible on OS X [...]
'Reasonably technical users' constitute a tiny minority of all OSX users, though. So most users will NOT understand the incongruity of that 'request/advice' to install ActiveX. I.o.w.: most users ARE vulnerable to this attack!