Hi folks,
Symantec added detections for a new OSX based trojan.
See the Security Response Write-up page for full threat details.
OSX.Tsunami - Risk Detected
Cheers,
Thomas
18 Spice ups
zak
(Zak)
2
Thanks for keeping us informed. I really love the green guys in the community.
It’s about time that Mac users should take seriously about installing AV and malware protection programs (like me…).
elgin8949
(Elgin8949)
5
Nothing is 100% secure and safe. It’s unfortunate that Mac users are not in touch with reality on this topic. That goes for non-IT people on Linux too.
1 Spice up
It is not that surprising considering that Symantec Antivirus was launched in 1989 as a product for the Mac and sold 100, 000 dollars in its first month. That is always a tidbit. I like to throw at the hardcore Apple guys when they say Macs do not get viruses.
Sure things may have changed a bit since then but it is still an imperfect machine built by even more imperfect human beings of course there is going to be someone else who can exploit it.
Thank you for the heads up!!
drx8163
(Dr X)
8
David1618 wrote:
Macs need AV? (jk)
The first real virus was on the Apple ][ computer. In the early days Mac’s were the traget for viruses because they multitasked and PC’s didn’t with Windows 3.1
Funny how times have changed!
elgin8949
(Elgin8949)
9
N3WJL wrote:
Ahh, Apple II. I remember my first virus I wrote for it, I was 9.
As always, thanks for the heads up!
Elgin8949 wrote:
Nothing is 100% secure and safe. It’s unfortunate that Mac users are not in touch with reality on this topic. That goes for non-IT people on Linux too.
They say the second-to-last stage of drunkenness is being bulletproof…
David-JH
(David_JH)
12
No-one that knows anything about what’s actually involved, would claim that Mac OS X is “invulnerable” but it’s a terrible logical fallacy to believe that Macs are just as vulnerable as WIndows and the only separating determinant of the number of malware items is due to market size.
OS X under the hood is NOT Windows. Too many times I’ve seen Win7 boxes compromised because as student clicked through the wrong links. Or believed a popup and clicked on it. With a fully up to date Norton. Or McAfee.
The latest security update for Mac OS X has thankfully disabled the stupid default of opening “safe” downloads (well, taken dmg’s out of the “safe” designation), so that one social-engeering based vector is closed.
Doesn’t matter what platform is in use, if a user downloads software, runs an installer and puts in their password, all bets are probably off.
Actual attack vectors and malware for the Mac is not the same with “just minor differences” to that of Windows. By a few hundred football-field lengths.
You’d do well to focus first on OS updates - important security patches as well as keeping Acrobat and Flash updated - Adobe’s security/code review QA for those seems to be full of holes.
For me, the state of Windows vulnerabilities has gotten SO heinously AWFUL, that were I starting any new company and headed up security in any fashion, you would have to present a REAL business-case need in order to even be allowed to run Windows on your desktop. What’s the value of your time & resources and meaningful security of company info/assets, vs. knowing that no one A/V product is going to protect from all of the very real Win malware in the wild.
1 Spice up
and yet another new mac trojan…
David-JH
(David_JH)
14
SIGH
Nobody that knows anything about anything, should trust a single thing from Bit Torrent sites.
For your aid/info, one thing as an admin you can do is use the Suspicious Package QuickLook plugin to quickly & easily examine the contents of a (OS-standard install mechanism) installer package.
But if your users are permitted access to Torrent sites and have admin privileges, there are your two biggest holes. Gaping, Grand Canyon-sized holes.
This is not new at all in so much as the attack vector is completely unchanged and in no way “new” in any fashion whatsoever from past malware for OS X.
LOOK: If someone on any operating system/platform uses a software package that if not in whole, in large parts is used to illegally distribute and share illegally-obtained items (software, movies, etc.) and download an installer and run it and supply their credentials, in that case you can put anything you want on their system. That’s the problem with social-engineering based malware. It’s not even a virus. When people will run an installer from an untrusted (nay, should be seen as suspect !) source, all bets are off.
I suggest that first and foremost that you do not exempt your users (Mac or PC) from your acceptable network usage policies. And that should include company-owned assets used offsite. And should include non-company assets that your company is going to pay to support.
Another good investment is Little Snitch, for a very good outgoing firewall. Rules customizable by app, port, port-range.
