BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   Mac Users Corner (http://www.blackberryforums.com/mac-users-corner/)
-   -   Dangerous New Mac Spyware Making the Rounds (http://www.blackberryforums.com/mac-users-corner/227943-dangerous-new-mac-spyware-making-rounds.html)

Dubdub 06-02-2010 01:41 PM

Dangerous New Mac Spyware Making the Rounds
 
This has little to do with BB's but a lot to do with Mac users:

Dangerous New Mac Spyware Making the Rounds

Thereís a very nasty piece of spyware attacking Appleís computer platform. Itís called OSX/OpinionSpy, and it piggybacks in on free screensaver and media conversion software.

Specifically, around 30 screensavers developed by a company called 7art and one app called Mishinc FLV to MP3 carry the spyware, according to security firm Intego. The programs were available on popular sites, like Softpedia, MacUpdate and VersionTracker, though theyíve since been pulled from those locations. MacUpdate told CNET that it had been aware of the problem as far back as March and had acted accordingly.

The spyware app isnít part of the software itself, but instead downloads during the installation of the originally downloaded programs. It often masquerades as a market research program called PremierOpinion that tracks browsing and purchasing information for market research purposes, but it also can come completely unannounced. The aim of OSX/OpinionSpy is to collect data from files and programs. Hereís a breakdown of a few ways it does its dirty work:

* Runs as root, allowing complete access, including modification, to all files
* Scans all accessible files on local and network drives
* Opens a back door using port 8254
* Analyzes data transmitted via a LAN connection, allowing a single Mac to collect data from an entire network
* If the application is killed, it automatically relaunches via launchd, the system-wide OS X service launcher
* Injects code into Safari, Firefox and iChat without any user authorization or action required, and then copies personal data from these applications. Code is injected into Mac memory, not the actual applicationís files, allowing it to go undetected

It can be upgraded via the backdoor access without the userís knowledge, and just deleting the original program it came in on wonít eliminate the spyware itself. To rid yourself of the infection, if you think you might have it, you should grab ClamXav or iAntiVirus or another trusted Mac malware scanner. Signs that you may be infected include your computer sometimes asking for your name or prompting you to fill out forms and surveys. Also, your computer may stop working correctly and require a reboot.

Intego is using the opportunity to push its anti-virus products, which is only fair given that itís at least warning people about it, but as always, I recommend sensible downloading and browsing practice before any other means of virus or malware protection. If something seems suspicious, it probably is, and if you find you have no internal means of analyzing what constitutes danger and what doesnít in term of online activity, consult with someone who you know definitely does. Finally, if something is free, always exercise extra caution

Dangerous New Mac Spyware Making the Rounds

okader 06-02-2010 07:42 PM

thank you for the info Dubdub. very helpful

steveberry 06-09-2010 10:31 AM

Great post! Thank you for sharing this.

Dubdub 06-09-2010 10:44 AM

I have not heard any more about, so I do not know how "real" or how it has spread.

Jagga 06-12-2010 12:09 PM

There was a recent update to Safari so I'm sure this is closed. Also these will request a password for admin no? Root requires an admin pw to begin with.


All times are GMT -5. The time now is 04:18 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.