Discussions about the latest virus

Posted:
in General Discussion edited January 2014
Hello,



Have there been any postings on the latest virus infecting Windows systems?



Every time I go to Symantec and check out info on the latest virus Macs are ALWAYS on the uninfected list...
«1

Comments

  • Reply 1 of 34
    mcqmcq Posts: 1,543member
    Well, the Sasser worms are exploiting a specific vulnerability in certain versions of Windows, so Macs would automatically be on the list of systems unaffected.



    As far as it's damage so far, not too certain on the extent, but it's been picking up a little bit with the b variant of the worm. Estimates appear to be at around 500,000 infections at the moment:

    http://news.com.com/2100-7349_3-5205107.html?tag=nl
  • Reply 2 of 34
    defiantdefiant Posts: 4,876member
    We got that Virus on Monday, at about 8 am. Some guy brought it with him with his notebook. That bastard! Stupid PC's kept rebooting. Sasser spread so ****ing fast it was unbelievable. In the same minute that guy plugged in his notebook, virtually everyone in the company was infected with the virus- unbelievable! We couldn't work until about 11 am, when everything was back under control.



    I hate windows, I really do.
  • Reply 3 of 34
    podmatepodmate Posts: 183member
    The University that I work for has been hit pretty hard by sasser. Our division had to shut down the 5 remote offices we have spread over the State because of the worm. That means that we had about 65 people sitting idle along with quite a few students during finals week.



    I got to waste 5 hours yesterday going from machine to machine to run the windows update, update DAT files and remove the worm. I get to spend today doing the same crap.



    My boss (who is a bought and paid for windows devotee, but I like him because he just bought me a G5 and 12" PB) told me not to say crap to him about this latest problem. I just smiled and reminded him to inform the Directors of our Division that all of the timelines on my projects will have to be adjusted because of this latest MS security issue.
  • Reply 4 of 34
    scottscott Posts: 7,431member
    My comcast email account is acting funny right now. Might be sasser? Work email is fine which is unusual.
  • Reply 5 of 34
    giaguaragiaguara Posts: 2,724member
    I keep getting windows viruses quite often. I normally forward them to f-secure, ask what viruses they are, and then forward them to a friend who collects Windows viruses. So far I haven't seen sasser
  • Reply 6 of 34
    aquaticaquatic Posts: 5,602member
    People keep getting viruses and keep on trucking. I REALLY think 99% of people have NO CLUE that Macs don't have viruses. This by itself DEFINITELY needs a commercial it would probably do WONDERS for higher ed. marketshare. Seriously. People just don't know Macs don't have viruses.
  • Reply 7 of 34
    podmatepodmate Posts: 183member
    Quote:

    Originally posted by Aquatic

    People keep getting viruses and keep on trucking. I REALLY think 99% of people have NO CLUE that Macs don't have viruses. This by itself DEFINITELY needs a commercial it would probably do WONDERS for higher ed. marketshare. Seriously. People just don't know Macs don't have viruses.



    Nice thinking, but it won't work.

    MS has "bought" my university with "gifts" and low priced software. The central IT dept of our University is 100% MS centric. They want everyone on AD. They appear to discourage the buying of Macs and they don't seem at all *nix friendly. We get the MS software almost free along with gobs of tech support time. While we have to pay higher (but still very fair) prices for non-MS products. Which company do you think will win the bean counters over?

    All that matters is initial purchase cost.

    TCO, we don't want to hear about it, just tell me how much it will cost right now! I've been told this in the past. The bean counters and managers only care about their fiscal year budget, they will worry about costs to the next years budget next year.
  • Reply 8 of 34
    ipodandimacipodandimac Posts: 3,273member
    virus? yawn... back to my nap (literally).
  • Reply 9 of 34
    johnqjohnq Posts: 2,763member
    Unfortunately an ad from Apple touting/bragging about lack of viruses would attract more hackers than you could shake a stick at, and if you think that Macs can't be hacked if there are enough resources/hacker manhours being thrown at the problem, then good luck.



    Social engineering is not a trivial issue, (meaning that a relatively secure OS means nothing) considering most worms or viruses are triggered by the user clicking on an attachment - social engineering is the key component. The Mac is every bit as susceptible to tricking users to do things (even if attachments are not the trigger as they are on Windows with VB).



    It would still be trivial to masquerade a malicious program as an innocent file on a Mac. Most novices will double click anything that has the icon they are expecting to see. The program can even actually do what the user is expecting and still be coded to do nefarious things in the background.



    Anyway we are safe mostly thanks to being less prevalent. I hope this doesn't translate into lax standards and coding.
  • Reply 10 of 34
    chinneychinney Posts: 1,019member
    Quote:

    Originally posted by johnq

    Unfortunately an ad from Apple touting/bragging about lack of viruses would attract more hackers than you could shake a stick at, and if you think that Macs can't be hacked if there are enough resources/hacker manhours being thrown at the problem, then good luck.



    Social engineering is not a trivial issue, (meaning that a relatively secure OS means nothing) considering most worms or viruses are triggered by the user clicking on an attachment - social engineering is the key component. The Mac is every bit as susceptible to tricking users to do things (even if attachments are not the trigger as they are on Windows with VB).



    It would still be trivial to masquerade a malicious program as an innocent file on a Mac. Most novices will double click anything that has the icon they are expecting to see. The program can even actually do what the user is expecting and still be coded to do nefarious things in the background.



    Anyway we are safe mostly thanks to being less prevalent. I hope this doesn't translate into lax standards and coding.




    Actually, I would like to see a fuller discussion of this issue here on AI. Is it just a question of prevalence, or are other factors involved, i.e., in particular, other factors relating to the way the Mac OS is designed? Perhaps this has been explored on AI, but I missed it. Do people have information and views on this?
  • Reply 11 of 34
    paulpaul Posts: 5,278member
    sasser hit BC pretty hard...



    the kicker with sasser is that the user doesn't have to do ANYTHING to get the virus--as long as they are connected to the network without the latest MS patch(es) there is a 99% chance they will get sasser...



    saturday was when it first hit campus-but the help desk wasn't open something like 50 or 60 people still came in to try and get their computers fixed... they were all told to come in the next day...



    on sunday the help desk opened at 12.... people started showing up at 8AM



    there was 100 people in line by the time the doors opened



    yesterday was worse...



    there normally is one supervisor and 2 or 3 student workers at the helpdesk... but ITS called EVERYONE in... there was something like 30 people working to clean people's computers... I'm sure they were getting paid something like an average of $25/hr too... (us students only get $8)



    we were all working on at least 3 students at a time... figure about 2 hours scanning per computer... we went through close to 300 students each day...



    I didn't go in today, but I'm sure it is more of the same...



    this of course doesn't include all of the people that I had to help once I got back from work... living in a dorm has its advantages... but this certainly isn't one of them...



    whatever... each person I helped was very surprised to hear that macs don't have this problem...
  • Reply 12 of 34
    durandaldurandal Posts: 277member
    Quote:

    Originally posted by Chinney

    Actually, I would like to see a fuller discussion of this issue here on AI. Is it just a question of prevalence, or are other factors involved, i.e., in particular, other factors relating to the way the Mac OS is designed? Perhaps this has been explored on AI, but I missed it. Do people have information and views on this?



    Well, the flaws are there... http://www.atstake.com/research/advi.../a050304-1.txt This is one of the issues that have been solved with the latest security update...
  • Reply 13 of 34
    paulpaul Posts: 5,278member
    Quote:

    Originally posted by Chinney

    Actually, I would like to see a fuller discussion of this issue here on AI. Is it just a question of prevalence, or are other factors involved, i.e., in particular, other factors relating to the way the Mac OS is designed? Perhaps this has been explored on AI, but I missed it. Do people have information and views on this?



    there are many factors that contribute to OS X not having ANY viruses (thusfar)



    the biggest one is the fact that it is MUCH harder to write a virus for OS X (or any other UNIX) then Windows... this is due to the fact that windows has so many gaping holes to be exploited... why spend days writing a UNIX virus when you can spend hours on a much easier exploit?



    another factor is market share... when you only have 5% of the market if a virus targets your platform it is very hard to spread-it would take 20 times LONGER to get the kind of volume that a sasser type worm does...



    you would think that it would be a helluvalot more prestigious to write the FIRST (widespread) os X virus rather then a windows virus--everyone has done that



    but, it still hasn't happened yet...
  • Reply 14 of 34
    kennethkenneth Posts: 832member
    My Internet was down from ~2AM to 10:30AM this morning. I asked one of the tech support guy and he told me all the routers on campus has been hit with blaster worm. I asked him whether it is Sasser worm or not.. he said no.
  • Reply 15 of 34
    curiousuburbcuriousuburb Posts: 3,325member
    Quote:

    Originally posted by Chinney

    Actually, I would like to see a fuller discussion of this issue here on AI. Is it just a question of prevalence, or are other factors involved, i.e., in particular, other factors relating to the way the Mac OS is designed? Perhaps this has been explored on AI, but I missed it. Do people have information and views on this?



    tried reading these?
  • Reply 16 of 34
    chinneychinney Posts: 1,019member
    Quote:

    Originally posted by curiousuburb

    tried reading these?



    Thanks. I just scanned some of the more promising threads in your 'search' link. However, I did not see very much explaining why OS X is robust against viruses, aside from the fact that most virus writers don't bother writing for an OS that has a relatively small percentage of the market.



    In response to my earlier question, Paul "mayo" seemed to suggest the following additional explanations: 1) that it it is simply harder to write a virus for a Unix-based system and 2) that Windows has so many security holes that Unix-based systems are secure by comparison. Is this is it? I also wonder if, perhaps, the fact that OS X was essentially a complete redesign made it easier to build-in security, in comparison to the patchwork quilt that is Windows.
  • Reply 17 of 34
    hyperb0lehyperb0le Posts: 142member
    Quote:

    Originally posted by Chinney

    Thanks. I just scanned some of the more promising threads in your 'search' link. However, I did not see very much explaining why OS X is robust against viruses, aside from the fact that most virus writers don't bother writing for an OS that has a relatively small percentage of the market.





    Basically, OS X is more resistant to viruses because its security is better. A program cannot access the root volume without a user manually authenticating that this program has a reason to do so.



    So let's say we have somebody who writes a virus for OS X. Let's now say that someone is stupid enough to give it authentication. So the virus accesses the user's address book and runs an AppleScript to send itself to people. Now, because Mail is not stupid, a program cannot automatically execute from an email. So lets say for every 20 people that the virus is sent to, 10 people open it. (That's probably more than would actually open it). Now let's say 8 of those 10 people are on Windows. The virus can't do anything to them because it was written for OS X. So we have two people to possibly be infected. Now let's say one of those 2 is really dumb and authenticates the program. The chain starts over.



    So, an OS X virus would not be impossible, but it would be very difficult to do anything destructive (because of authentication) and very hard to spread (none of the ActiveX crap to exploit.)
  • Reply 18 of 34
    torifiletorifile Posts: 4,024member
    I've (uncharacteristically) stayed out of this thread because I've been accused of being somewhat zealous in my dislike of MS (LoCash said someone pissed in my chocolate milk - I still haven't had any chocolate milk since that image made it's way into my mind but I digress).



    A while back I found an intriguing post over at maccentral about Windows security. I'm just quoting it word for word and I can't speak for how true it is. It sounds about right. Maybe someone with more knowledge on this issue could chime in...



    Quote:

    I'll address several issues here. I'm a programmer by trade, and have been creating UNIX programs, filters, and drivers since '82. My name is in the '94 and '94 Yggdrasil Linux "Plug-and-Play" books, so I've obviously been a Linux hack since '92. I also write Windows programs using Visual Studio, and have been porting my tools from Linux to OS X since the beta. So, I think I *might* be qualified to say what I'm about to say.



    Remember: a "virus" is a set of invasive routines which have been attached to a legitimate program. A "worm" is, in essence, a detached background process.



    Creating a UNIX "virus" would require the writer to muck with program text and data segment pointers, and change the program initialization pointer from the "crt0.o" equivalent to something else. The degree of difficulty here is at least 9.5 on a scale of 1-10... even if you *do* have the source to the runtime invocation routines. Then, to screw up the system, you have to attain root privileges from within the attached routines in that user-privileged program, which is indeed quite a bit harder. It's not impossible with the default OS X install, but it ain't easy. The easiest way to defeat this is to create a root account with a scrambled password on *EVERY* *NIX system you use, and that includes OS X.



    Writing a UNIX "worm" is easier. Any program can create a detached process. BUT, the same issues with user-level vs. root permissions exist. Worms will run on properly protected systems, but they may never be able to attain the privileges necessary to do significant damage.



    Now, these are not easy tasks. It's *much* easier to write a simple script that fools Windows into thinking that an offending program is actually something the user *wants* to run. Windows does *NOT* have user-level protections - and that's why viruses and worms are so easy to invoke on Windows.



    Lastly: each task on a *NIX program runs in its own virtual memory space. Programs running within these virtual spaces are not allowed to "touch" devices or other system resources. Instead, programs make requests to the system for system resources. Even the graphics subsystem runs as a task under OS X. Hence, a "buffer overflow" within the OS X desktop would cause the desktop to crash and restart, but shouldn't cause any other problems.



    Windows has incorporated graphics routines into its kernel. Hence, a "buffer overflow" in one of the graphics routines causes the kernel to respond with a handler. If you write your virus properly, the handler will execute *virus code* as the handler... and the virus has now attained system-level capabilities. The Windows kernel thinks it is running legitimate code, but it is running the virus' code -- which just happens to now be running as the system-level error handler. And, without user-level privilege protections, you can do.... anything.



    That's how it's done, folks.



  • Reply 19 of 34
    chychchych Posts: 860member
    Quote:

    Originally posted by hyperb0le

    Basically, OS X is more resistant to viruses because its security is better. A program cannot access the root volume without a user manually authenticating that this program has a reason to do so.



    So let's say we have somebody who writes a virus for OS X. Let's now say that someone is stupid enough to give it authentication. So the virus accesses the user's address book and runs an AppleScript to send itself to people. Now, because Mail is not stupid, a program cannot automatically execute from an email. So lets say for every 20 people that the virus is sent to, 10 people open it. (That's probably more than would actually open it). Now let's say 8 of those 10 people are on Windows. The virus can't do anything to them because it was written for OS X. So we have two people to possibly be infected. Now let's say one of those 2 is really dumb and authenticates the program. The chain starts over.



    So, an OS X virus would not be impossible, but it would be very difficult to do anything destructive (because of authentication) and very hard to spread (none of the ActiveX crap to exploit.)




    Yeah but you see, by default users have read/write privileges to anything in ~/, and has read privileges on the address book data. Thus no password is required to access the address book. In fact, it is so trivial to write a program that nukes anything the user has read/write access without authentication to, i.e. here's your OS X virus:



    (applescript) do shell script "rm -rf ~/Documents"



    But the real problem is deployment, it simply is impossible to effectively deploy an OS X virus; no decent security holes to install programs in, no screwy e-mail clients, etc. However you can send this exact applescript application to someone else running OS X, and if they choose to execute it (mail does give a virus warning), buh bye Documents.



    In fact, I seem to remember an incident a while ago where Apple distributed some program (was it iTunes?) whose installer nuked your hard disk if its name had a space in it. Maybe that was the first OS X virus, straight from Apple.
  • Reply 20 of 34
    torifiletorifile Posts: 4,024member
    Quote:

    Originally posted by chych

    In fact, I seem to remember an incident a while ago where Apple distributed some program (was it iTunes?) whose installer nuked your hard disk if its name had a space in it. Maybe that was the first OS X virus, straight from Apple.



    Yeah, it was iTunes. But not exactly a virus. Destructive (stupid, moronic, etc. Take your pick) installer, to be sure. But not a virus.
Sign In or Register to comment.