• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Security alert: New Trojan Horse apps said to attack the Mac

Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
Security alert: New Trojan Horse apps said to attack the Mac

Security alert: New Trojan Horse apps said to attack the Mac

Some security mavens have long theorized that as the Mac becomes more popular, we'd start to see malware that would start targeting the platform. Sure enough, this morning's crop of email blasts from PR firms included a few notices of trojans that are affecting Mac users.

First, from SecureMac, comes word of trojan.osx.boonana.a, which comes disguised as a link on social networking sites asking "Is this you in this video?" Clicking the link downloads and runs a Java applet that then installs further applications to modify system files and open the system to password-free access. The other malicious apps report back to command and control servers, as well as hijack user accounts to spread the trojan through email spam.
 
Joined
Mar 17, 2009
Messages
3,626
Reaction score
111
Points
63
Your Mac's Specs
2018 15" MBP, 2019 11" iPad Pro, iPhone 11 Pro
Glad I don't belong to any social network sites.
But common sense will protect most users anyways.

Intego reports that these trojans will give you fair warning, as the standard Mac OS X Java security alert (see below) will be displayed. If you're not expecting a Java applet to be running on your machine, click the Deny button and the applet will not run. If you want more information about what's happening, click the Show Details button, and you'll see that content with an untrusted root certificate wants to run on your computer. Clicking Deny will protect your machine from a possible malware infection. Allowing the Java applet to run will launch an installer that will be displayed on your machine. If you haven't launched an installer deliberately, then quit it immediately.
 
Joined
Dec 16, 2009
Messages
373
Reaction score
6
Points
18
Location
Baytown, Tx
Your Mac's Specs
Late 2009 Macbook Pro 2.26, 160gb HD, 2gb RAM, OSX 10.6; Emac 1.42ghz 80gb HD 2gb RAM OSX 10.5
Can't be said enough, kids: If you don't know what it is, then don't download it.

An ounce of prevention equals a pound of cure!
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
Good thing Apple is getting rid of Java in 10.7. ;)
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
Many member ask the question about viruses and malware on the Mac and in addition to using the search function at the top of the forum, you'll find almost all your answers here:

Official Antivirus and Firewall FAQ
 

iWhat

,
Joined
Nov 11, 2004
Messages
5,736
Reaction score
164
Points
63
Location
Toledo, Ohio
Your Mac's Specs
Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!
which comes disguised as a link on social networking sites asking "Is this you in this video?"

Glad I never go outside my house then, I totally just saved myself from that trojan.
 
Joined
Oct 3, 2009
Messages
2,641
Reaction score
26
Points
48
Location
Albuquerque, New Mexico
I'm familiar with how Facebook and Twitter run feature-wise. If there is a link that says that, ha, I am not clicking on it.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
Good heads up.
 
Joined
Jun 24, 2008
Messages
196
Reaction score
1
Points
18
Your Mac's Specs
Macbook White 2.13Ghz 160GB 10.6.4 (Buggy Version :() Snow Leopard
Intego reports that these trojans will give you fair warning, as the standard Mac OS X Java security alert (see below) will be displayed.

This is therefore not a security risk as the user has full control. This is the same level of threat as other malicious executables such as those packaged in .app packages.

In Windows you only have to open your web browser, click on a particular link and your whole computer is full of crap. You never get warned about anything.

This is the real threat - Drive-by download - Wikipedia, the free encyclopedia

Being sensible can't stop that happening.
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
I do not have Java enabled on mine just script.
 
Joined
Dec 17, 2007
Messages
105
Reaction score
3
Points
18
Your Mac's Specs
iMac 2.66 Ghz - 4Gig Ram - iPod 60gig Black - iPhone 3GS Black 32gig
god0fgod - What's the point in raising Windows issues here other than for petty point scoring?

The fact is that lots of malware is delivered in this method, and the users are the weak point in any system - once someone has decided to view a stupid video from an unknown source, they are unlikely to think twice about clicking 'Allow' when prompted.

I still think it is unlikely that many users will be bothered by this, but responding to a possible Mac threat by simply shouting 'Well Windows is worse!' doesn't achieve anything.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
god0fgod - What's the point in raising Windows issues here other than for petty point scoring?

The fact is that lots of malware is delivered in this method, and the users are the weak point in any system - once someone has decided to view a stupid video from an unknown source, they are unlikely to think twice about clicking 'Allow' when prompted.

I still think it is unlikely that many users will be bothered by this, but responding to a possible Mac threat by simply shouting 'Well Windows is worse!' doesn't achieve anything.

Actually I agree. Sure Windows has a lot more issues with Virus's and Malware, but that is not the point of this thread at all.

There is an article on OS News that shows that this is maybe being blown out of proportion a bit though, but users should always be careful anyway just in case.

http://www.osnews.com/story/23954/Java_Trojan_Attempts_to_Attack_Mac_OS_X_Fails
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
This is therefore not a security risk as the user has full control. This is the same level of threat as other malicious executables such as those packaged in .app packages.

Huh? That's a ridiculous statement. Of course it's a threat because it's a phishing-type attack and most users are not smart enough unfortunately to not click on "accept" anytime a window pops up.

In Windows you only have to open your web browser, click on a particular link and your whole computer is full of crap. You never get warned about anything.

This particular attack would also get a warning in Windows since it's java based and you'd need to approve the applet, but nice try.

Honestly, just an overall ignorant post filled with misinformation and poorly formed opinions.
 
Joined
Jun 24, 2008
Messages
196
Reaction score
1
Points
18
Your Mac's Specs
Macbook White 2.13Ghz 160GB 10.6.4 (Buggy Version :() Snow Leopard
"This particular attack would also get a warning in Windows since it's java based and you'd need to approve the applet, but nice try."

No, you don't understand anything that I was talking about.

And everyone here is being awfully rude.

I was pointing out that drive-by downloads don't happen on Macs but they do on Windows and nobody can prevent those. Even security software is rather rubbish at dealing with those unless you pay for very expensive ones.

I know this because of experience. I've browsed the web before doing nothing but viewing websites and on Windows I'd get stupid malware pop out of nowhere.
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
I was pointing out that drive-by downloads don't happen on Macs but they do on Windows and nobody can prevent those. Even security software is rather rubbish at dealing with those unless you pay for very expensive ones.

But that does't have anything to do with this particular threat or this thread. So if you want to discuss that, I suggest a new topic rather than causing confusion in this one.
 
Joined
Jun 24, 2008
Messages
196
Reaction score
1
Points
18
Your Mac's Specs
Macbook White 2.13Ghz 160GB 10.6.4 (Buggy Version :() Snow Leopard
I was pointing out that this particular problem is nothing serious. Any security problems with the OS such as buffer overflows are the things to worry about. There has been problems in OSX through the past. Apple release security updates reasonably fast, luckily.
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
I was pointing out that this particular problem is nothing serious.

But it can be a serious issue, and it's that comment that is why people are pointing out the error of your arguments.

It's a serious issue for people who aren't informed of the danger or people who just click "accept" or enter their password into anything that pops up....which is probably most people.
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
It's a serious issue for people who aren't informed of the danger or people who just click "accept" or enter their password into anything that pops up....which is probably most people.
Which is nothing new, and there's nothing that can be done about such people.

Except to take advantage of them whenever possible. I recommend a career in sales for this.
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
Which is nothing new, and there's nothing that can be done about such people.

Except to take advantage of them whenever possible. I recommend a career in sales for this.

So are you saying that we shouldn't tell people? I know you hate any suggestion that Mac OS X isn't 100% ultimately secure, but sometimes I think sharing the information is important. ;)
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Nothing is 100% secure. OSX is VERY secure but 100% might be taking it a bit far. :D
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top