Researchers discover PDF malware that targets Apple's Mac OS X
A new piece of malware which disguises itself as a PDF download and could give hackers remote access to a computer has been discovered as a potential threat to Mac users.
The trojan, identified as Trojan-Dropper:OSX/Revir.A, opens a botnet backdoor by tricking the user into downloading and opening a Chinese language PDF file while it installs itself in the background, according to security researchers at F-Secure.
The command-and-control center of the trojan is currently a bare Apache installation that has been sitting dormant at its domain since May and is not yet capable of communicating with any backdoors. This has led researchers to believe that they have found a malware in the making.
Trojans typically mask themselves as a PDF and infect systems while the user is busy opening the file. But researchers believe that this particular sample may be stealthier than usual malware.
The new trojan differs from most Windows PDF malware in that it arrived to researchers without the usual "pdf.exe" extension or icon. Researchers note that because extension and icon data are stored and displayed differently on Macs, this sample could be more difficult to detect than Windows counterparts, as it can adopt any extension desired.
The technique of using a PDF file as a ruse for the propagation of malware has been a mainly Windows problem in the past, remaining a minimal threat to Mac users.
It is unclear how this malware is spreading, but researchers believe that the most likely mode of circulation is via e-mail attachment. The researchers suggested the author of the trojan could simply be "testing the water" to see if their creation is identified by various antivirus applications.
The trojan, identified as Trojan-Dropper:OSX/Revir.A, opens a botnet backdoor by tricking the user into downloading and opening a Chinese language PDF file while it installs itself in the background, according to security researchers at F-Secure.
The command-and-control center of the trojan is currently a bare Apache installation that has been sitting dormant at its domain since May and is not yet capable of communicating with any backdoors. This has led researchers to believe that they have found a malware in the making.
Trojans typically mask themselves as a PDF and infect systems while the user is busy opening the file. But researchers believe that this particular sample may be stealthier than usual malware.
The new trojan differs from most Windows PDF malware in that it arrived to researchers without the usual "pdf.exe" extension or icon. Researchers note that because extension and icon data are stored and displayed differently on Macs, this sample could be more difficult to detect than Windows counterparts, as it can adopt any extension desired.
The technique of using a PDF file as a ruse for the propagation of malware has been a mainly Windows problem in the past, remaining a minimal threat to Mac users.
It is unclear how this malware is spreading, but researchers believe that the most likely mode of circulation is via e-mail attachment. The researchers suggested the author of the trojan could simply be "testing the water" to see if their creation is identified by various antivirus applications.
Comments
That goes for all three major OSs.
(Also, start Windows, MacOS, Linux feuds based on Malware misconceptions on everyone's parts.)
As for this malware mentioned in the article, if it's delivered by an email attachment, then I'd say that the main people who are most at risk of getting it are stupid people. No OS is secure enough to protect morons from their own stupidity.
I also think that in certain cases, the death penalty would be an appropriate punishment for criminals behind email spam, malware and viruses.
This is a Trojan Horse. That's a different animal. You can see a Trojan Horse ? albeit in its disguise of course ? and it requires to be opened/started by YOU to become active!
A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.
There are no viruses for OSX (yet).
So antivirus software for OSX is a crock.
There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!
don't download and install things from non-official sites got it. You think they should teach common internet protocols at schools. I mean last i checked (in california) there is still a year requirement of a computer class, such as learning to type as well as one other computer elective. They really need to start informing people on good computer usage. It's a good skill to have today.
That's not how this one would be delivered, if there was anything taking advantage of it. There isn't (yet) according to articles. Since this one can spoof any type of file, not just a PDF, simply use common sense. If you get an email with an attachment, perhaps an image file/picture or excel file, from someone that you don't know, or even an unexpected one from someone you might, just don't open it. Simple.
I understand where all of you are coming from but when there's commercials running ad nauseum about how Mac OS does not get viruses (most people DO NOT know the difference between a virus, a Trojan horse or malware), then they are lulled into thinking they're computers are safe and will open whatever from whomever.
1) Where are these commercials?
2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?
The headline says "...PDF malware that targets Apple's Mac OS X". (I interpret that to mean, "designed specifically to attack OSX".)
But then the lead paragraph says:
"...could give hackers remote access to a computer has been discovered as a potential threat to Mac users."
"a computer"… a "potential" threat to Mac users (and I think the word "also" might be relevant here)…
This is not "targeting OSX". Although OSX may be included in the "vulnerable systems" list, there really is a huge difference there.
Especially when the article goes on to say, basically, how it's really most dangerous for Windows machines…
Come on. "Malware"…? How about "Virus" or "Trojan"…? Be as specific as the content of the article.
If it's really "TARGETING OSX", then I'd like to see the article reflect that. Otherwise, tone down the headline… There's enough FUD in the world. I like it that I don't have to deal with it here much at AI… now is not a good time to start.
/rant
THIS IS NOT A VIRUS!
This is a Trojan Horse. That's a different animal. You can see a Trojan Horse – albeit in its disguise of course – and it requires to be opened/started by YOU to become active!
A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.
There are no viruses for OSX (yet).
So antivirus software for OSX is a crock.
There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!
These are probably not the most accurate definitions of a Trojan and virus that I have ever seen. A virus sneaks through your ports? A computer virus is code that can self-replicate and potentially infect other files. A Trojan Horse is an application or file that pretends to be something it's not to trick the user into running it and it usually performs a malicious function. Both a virus and a Trojan horse are usually introduced into the network as a result of the user.
An example of a virus is downloading a pirated copy of Diablo II that has it's binary infected. When the game is ran, the code copies itself to other installed applications to spread itself.
I understand where all of you are coming from but when there's commercials running ad nauseum about how Mac OS does not get viruses (most people DO NOT know the difference between a virus, a Trojan horse or malware), then they are lulled into thinking they're computers are safe and will open whatever from whomever.
Please tell us all more about these imaginary commercials you speak off.
Funny how the biggest threats to OS X are from Adobe-created products.
1) Where are these commercials?
2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?
C'Mon soli, have u quickly forgotten the I'm a Mac, and I'm a PC barrage of commercials? It's been a few years since they aired but they were quite effective and go into any Apple store or Best Buy and the salesperson will say "buy a Mac if you're worried about getting viruses". Most people don't keep up with current events. I often recommend plasma TVs to people and every single one responds the same way "what about the 5 yr life, burn in, etc...." all those things have not been true for years but they hear it once and never bother to check again.
Funny how the biggest threats to OS X are from Adobe-created products.
1) Where are these commercials?
2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?
is this a malware using a pdf file, or involving an adobe program? I thought it was just a file disguised as a pdf. Personally, I never use acrobat to open anything in the bowser anyway.
Please tell us all more about these imaginary commercials you speak off.
http://www.youtube.com/watch?v=GQb_Q...e_gdata_player
Remember now, dishhead?
Funny how the biggest threats to OS X are from Adobe-created products.
1) Where are these commercials?
2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?
Since Apple says so. And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"
http://www.youtube.com/watch?v=Gm0C0y7Uk10
to quote... "I am a Mac OS X so I don't have to worry about viruses"
http://www.youtube.com/watch?v=Gm0C0y7Uk10
Thanks for that one as well. Some of you guys need to chill with the kool-aid, the barley and hops juice, and the funny looking cigarettes.
THIS IS NOT A VIRUS!
This is a Trojan Horse. That's a different animal. You can see a Trojan Horse ? albeit in its disguise of course ? and it requires to be opened/started by YOU to become active!
A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.
There are no viruses for OSX (yet).
So antivirus software for OSX is a crock.
There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!
Apple says you don't have to worry about these things. Even if they are Trojans. And even if you install them yourself
And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"
http://www.youtube.com/watch?v=Gm0C0y7Uk10
Nasty little bugger, very difficult to eradicate, a delicate procedure only for the learned back then.
KOB
C'Mon soli, have u quickly forgotten the I'm a Mac, and I'm a PC barrage of commercials? It's been a few years since they aired but they were quite effective and go into any Apple store or Best Buy and the salesperson will say "buy a Mac if you're worried about getting viruses". Most people don't keep up with current events. I often recommend plasma TVs to people and every single one responds the same way "what about the 5 yr life, burn in, etc...." all those things have not been true for years but they hear it once and never bother to check again.
1) Get a Mac ads ran from 2006 to 2010. We're almost into 2012. Where are these commercials running, to quote, ad nauseum?
2) Listen to the wording of the Trust Mac ad. They clearly state "I [Mac] don't have to worry about your [Windows PC] spyware and viruses." No where does Apple state that Mac OS X can't ever be infected with spyware or viruses. Do you see what the marketing department did there?
Anyone remember the NVIRa in Mac OS 7.5?
Nasty little bugger, very difficult to eradicate, a delicate procedure only for the learned back then.
KOB
Wrong on several accounts. nVIR-A dates back to 1987 when System 4.1 was extant. This was something like eight years prior to System 7.5--not MacOS 7.5. However, Mac System Software through MacOS 8 were vulnerable to it. However, It could easily be eradicated by running one of the commercial Mac antivirus utilities like Symantec Antivirus for Macintosh or free Mac antivirus utilities like Disinfectant.
Since Apple says so. And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"
http://www.youtube.com/watch?v=Gm0C0y7Uk10
Apple says you don't have to worry about these things. Even if they are Trojans. And even if you install them yourself
And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"
http://www.youtube.com/watch?v=Gm0C0y7Uk10
You quote it incorrectly twice in the same thread. Who else would do that but a troll?