BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 27d, 7h, 21m | CPU: 54% | MEM: 5570MB of 10881MB used
{The community for beta collectors}

Forum rules


Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it


Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
 PostPost subject: Mac Security tips (yes... a Mac can be hacked)        Posted: Sun Jul 19, 2009 8:27 pm 
Staff
User avatar
Offline

Joined
Thu Oct 23, 2008 3:25 am

Posts
2688

Location
Earth.

Favourite OS
Real Life
I don't know the best spot for this... so i'll post it here...
I got emailed this from a friend after his mac got hacked

I) Mac Botnet Trojans:

If indeed this is the case with this spam, and it appears it is, there is indeed a Mac botnet. It was reported this past February. It has been created using a couple Trojans known as Trojan.OSX.iServices.A & B. There were put into bogus installers for pirated copies of Apple iWork '09 and Photoshop CS4. They can easily be put into any application installer, but those were the first two instances. At the time of the first reports the botnet was guestimated to include about 20,000 Macs. It is known to have been involved in at least one DDOS attack. I haven't tracked what it has been up to since then. Just about all the anti-malware apps can detect and remove it. That includes the free version of iAntiVirus and the ClamXav using up-to-date definitions/signatures. I verified this in personal testing, thanks to some malware samples a friend provided.

Good summary reports about the iServices Trojans can be found at:

http://www.macworld.co.uk/business/news ... wsid=25756

http://www.macfixit.com/article.php?sto ... 4200920267

I've also been keeping track of the current Trojans at my Mac-Security blog.


II) Mac Back Door Trojans:

The most recent series of RSPlug Trojans have been implicated in creating back doors into infected Macs. They are known as Trojan.OSX.RSPlug.E - L. I haven't kept track of the damage done by these Trojans, but it could be literally anything. This series is well known to be used by criminal profiteers. They can be hidden as literally any installer you pick up off the Internet. All of them request your ID and password when you run the installer, then they run with your user account privileges.

All these Trojans create an incentive to never work on the Internet using an Administrator account if you can help it. It's also a good reason to use a 'Reverse Firewall' such as Little Snitch so the phone-home behavior of these Trojans can be detected and cut off. I run Little Snitch on all my Macs, including my server. I believe Intego offer one as well in the NetBarrier suite.


III) Internet Surveillance:

Forging another person's email address into spam is dirt easy and has been going on for about a decade. There have been frequent calls to overhaul the email standard to stop this problem, among others. But so far no new standard has been forthcoming.

Meanwhile, the surveillance going on across the Internet around the planet is staggering. Intercepting email transmitted across the internet and stripping out addresses for both source address forgery and spamming is easy. Even encrypted email messages still have headers in the clear. There are big business bucks to be made in stealing data. But there is also a huge political incentive. I used to thank China for the worst offenses. They've been at it since 1998 via their 'Red Hacker Alliance'. Last month China were implicated in stealing US government defense project plans off federal servers. But in recent years illicit Internet surveillance has caught on everywhere. Last week North Korea was implicated in security breaches in South Korea and other countries. It is known that Russia was doing it during the Chechnya War a few years back. The Neo-Cons were unconstitutionally performing it on US citizens during the W. Bush administration, as was verified last week at the FBI. (No flame backs please. I'm only reporting facts).

And of course remember that any time you connect to an unsecured/unencrypted WiFi router, everything you send and receive from the Internet can be intercepted by anyone else connected to that router's network. I've seen this in action. You can avoid some of this problem by encrypting data you send out from your computer. There are dozens of excellent encryption tools these days. Also helpful is sticking to only https Web connections or using SSL connections to servers on the Internet.


IV) How To Fight Back:

I highly recommend anyone with the time and patience report all their spam to a blacklist collection group. You can do this inside the Gmail and MobileMe websites. Personally, I've been using SpamCop.net since 1998. Spamcop.net is instrumental in tracking and stopping professional spammers as well as shutting down spam botnets. Apparently my contribution has made me infamous among spammers as I get maybe 3 spam messages a day. I tell people I must be on a 'Do Not Spam' list distributed among pro spammers. (I wish!) Adam Engst disagrees with using SpamCop.net and has written about TidBITS being put on a blacklist years back thanks to some dimwits turning in his server to SpamCop.net. But I persist and have no regrets and no reports of false reporting from my end.


Enough for now, although I could go on for an hour. I gave a lecture on this stuff a month ago at a local computer user group. Scared them stiff! (x_x)

I hope some of this was helpful.


:-Derek

(I'm not derek btw..)

_________________
Visit my BLOG!
Wanna play a fun browser based game that plays while you're away? Click here.


Top  Profile  WWW  YIM
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 




Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS