PDA

View Full Version : Interesting read



cradom
10-02-2014, 03:58 PM
Found this in "another forum". Be sure to click the 'Learn more' link.
New Mac OS X botnet discovered — Dr.Web - innovation anti-virus security technologies. Comprehensive protection from Internet threats. (http://news.drweb.com/show/?i=5976&lng=en)

lclev
10-02-2014, 04:34 PM
Seems to be real. Can't find anything that suggest how a computer gets infected. I am assuming possibly through email????

I read this article that suggests some things you can do to protect your Mac:

Roll-your-own Defense Against Mac.BackDoor.iWorm - Jacob Salmela (http://jacobsalmela.com/roll-defense-mac-backdoor-iworm/)

I am not sure how well his suggestions would work. I don't have a javaw folder in my Library/ApplicationSupport folder. I do have the Library/LaunchDaemons one. Guess it won't hurt to set up the notification of changes he suggests.


Lisa

cradom
10-03-2014, 04:29 AM
I've done that on some folders before. I found out you need to be careful what folders you set up. Those popups can get old quick.

lclev
10-03-2014, 03:54 PM
Well, for me, it is a new experience. So far nothing has happened but I guess I look at it as a new learning experience. And I have a lot to learn when it comes to OS X.

Lisa

chas_m
10-04-2014, 05:23 AM
A more thoroughly-researched post on this issue:

New OS X malware 'iWorm' discovered in pirated software [u] | Electronista (http://www.electronista.com/articles/14/10/03/formerly.used.reddit.as.go.between.to.steal.user.d ata/)

I'm not trying to make light of what might be a serious threat, but there's an abundance of misinformation on this out there.

cradom
10-04-2014, 08:06 AM
I was wondering exactly how it was getting on machines. Lots of idiots wanting Yosemite and getting it however they can.
Possibly other pirated apps too. Need to stay away from the 'Bay' and torrents people.
If you don't, it's your own fault if you catch something.

lclev
10-04-2014, 06:13 PM
I'm not trying to make light of what might be a serious threat, but there's an abundance of misinformation on this out there.

You are right. I figured with any type of malware (virus,trojan, etc.) there was probably a download involved, whether email or software. Pirated software would make perfect sense.

Lisa

gsahli
10-06-2014, 12:46 PM
Quote from the article:

"Apple may potentially be able to disrupt the botnet through OS X's silent malware definition updates. So far, though, iWorm has gone unchecked."

A user on Apple Discussions reported that his /etc/hosts file was modified with
127.0.0.1 swscan.apple.com

This shunts Mac Software Update querries to localhost, probably killing Update Notification.
I'm no expert, but this seems pretty sneaky.

chas_m
10-07-2014, 05:14 AM
Apple updates OS X malware definitions to block 'iWorm' | MacNN (http://www.macnn.com/articles/14/10/06/should.halt.further.infections/)

bdurfee
10-07-2014, 08:09 AM
I'm new to Mac as I plan to switch from PC to Mac in a few months. On PCs, I usually just purchase antivirus software that monitored things like this and practice "safe-computing" (only use legit software from trusted sources, don't click links in emails, etc.).

I'm just now looking into Mac software as I plan for the switch. Do Mac users usually run anti-virus and do Mac anti-virus providers stay on top of things like this to prevent them from happening on the computer?

lclev
10-07-2014, 08:46 AM
I am sure there will be others that chime on this topic too! 99% of mac owners do not run a separate antivirus program. The vast majority of "malware" - 99% - is written for Windows. Safe computing goes a long way to avoid problems. Even with the iWorm it seems you had to be asking for it by downloading from questionable sites.

Apple has an in-house antivirus called xProtect built in that is very quiet, updates in the background and has already updated to confront the new iWorm threat.

That said, I have just earned my first year pin for owning Macs. I started this venture installing a wide variety of antivirus products. I just had to try them all! I do have strong opinions on clamXav, avast, kaspersky, and comodo some work better than others. As to do they stay updated on Mac viruses, rumor is they don't.

The bottom line is this - of all that I tried the only thing they ever caught were infected emails carrying virus that were written for Windows systems. It is very hard for a recovering Windows-aholic to let go of antivirus but in all honesty it isn't needed.

I suggest you do what I do - read, read, read. This forum is awesome for keeping up with what is going on. You will quickly figure out who really knows the inside info that will be relevant to what you need to keep yourself informed.

Good luck with your conversion! If you are just experiencing OS X for the first time there will be a learning curve so give it time, ask questions here, and you will soon be an expert.

Lisa

cradom
10-07-2014, 02:35 PM
What she said :)
If you absolutely must run anti-virus due to work, the best is ClamX.
It's not an 'active' scanner and does not hog resources.

richardbenson22
11-22-2014, 08:41 AM
The above article would be a new learning experience for me ..