It's A Little Bit Nasty Out There


POSTED ON MONDAY, MARCH 5, 2012 AT 9:11 PM

It feels like Siberia here in Vancouver lately but we're not talking about our nasty weather in this blog. There's one category of software I've never had any interest in, let alone any use for. You've more than likely heard of BitTorrent before (the main reason we used the word "bit" in our blog title). It's actually a file sharing protocol. I've never had the pleasure (or displeasure) of trying it out until last week when we decided to check out the malware situation in an experiment to see how quickly we could pick up something "nasty" (once again, nothing to do with the weather although I'm getting pretty tired of the snow).

We set out on a course to get some "free software". Say what? You bunch of thieves! Relax — since we're so interested in security for Macs, we wanted to see for ourselves what this BitTorrent thing was all about once and for all. After all, it's a hacker's haven out there with thousands of pirated software titles available from all seven continents on Mother Earth. We see BitTorrent Clients (software applications) installed on the odd Mac we work on every now and again which are more often than not, installed by the "kids". And we encountered all sorts of interesting experiences with kids who were addicted to LimeWire many years ago — this whole test brought back memories of reformatting hard drives and re-installing system software!

A great deal of Mac malware originates from software which appears to be "free" — hosted on unknown and untrusted servers somewhere out in cyberspace. It's all so very enticing, especially for youngsters. A number of Mac users got hit with a nasty trojan when they downloaded a pirated version of iWork 09 a few years ago. It happened again with a pirated copy of Adobe Photoshop CS4 a few days later. Last September, we had to deal with Flashback — a trojan which posed as an Adobe Flash Update (this one's still around and quite active, by the way). It's happening more and more frequently these days.

I'm sure there are legitimate uses for BitTorrent but for every one legitimate use, there are more than likely dozens of illegitimate ones. It's a dangerous world out there on the Internet so, armed a copy of Sophos Anti-Virus For Mac, away we went. Other than Sophos, we're not going to mention the names of any products or websites directly in this blog.

We randomly picked out two Mac software utilities and proceeded to download a popular BitTorrent Client. Within about ten minutes, we found dozens of links to our "free" software titles. Upon downloading the first one on to our hard drive, here's what we got — a file containing OSX/Spynion-A:

This was test number one. Into the quarantine it went. From there, it was successfully disposed of without harming our system.

In test number two, inside of one of the zip files we downloaded was a file which was simply named "serial". It looked like a harmless TextEdit file but it was actually an application disguised as a document (the TextEdit icon was obviously cut and pasted). We didn't open it and Sophos Anti-Virus didn't detect anything but doing a Get Info on a "document" and finding out that it's actually an application is always a cause for concern. Along with this file was a second file which contained a trojan named OSX/Miner-D (also known as DevilRobber). A warning similar to the one pictured above popped up on our screen.

So, there you go. Two out of two. Were we just plain old unlucky or is the BitTorrent problem really this bad? If you ask me, the latter seems to be the case. One of the questions we really need to ask here is how many of you actually use anti-virus software on your Macs? If Sophos Anti-Virus wouldn't have been installed on our Mac, double-clicking on our "fresh" downloads could very well have wreaked havoc on our system.

The Mac malware problem doesn't just necessarily happen with BitTorrent. It happened with a technique called SEO Poisoning not all that long ago when MacDefender began to rear its ugly head. The problem became so prevalent that Apple actually released Snow Leopard Security Update 2011-003 on May 31st, 2011 for detecting variants of MacDefender using its own, so-called XProtect mechanism. Be sure to download the update if you haven't already done so.

If you're interested in Mac viruses and malware, here's some further reading material for you. It covers all viruses and malware from 1982 onward including the AutoStart Worm which affected a lot of web designers, graphic artists and desktop publishers in 1998 (that was a real nasty one). I'm sure that there will be lots more to add over the next year with Macs being so much more popular than ever before:

The whole moral of the story here? Don't surf in unknown waters or untrusted territory. And when someone says there are no viruses for Macs, well — they're partially right. There aren't any viruses in the technical sense of the word but there are plenty of trojan horses and all sorts of "swell" malware out there.

Copying someone else's software is illegal and software piracy is a criminal offense (as if you didn't already know that). You can get yourself into a pile of trouble when you obtain your software using a BitTorrent Client. Look what happened to us. And we weren't trying to save money. Honest!

[Updated 04.13.12] If you haven't yet heard the news, over half a million Mac users have been hit by the Flashback Trojan. Some sources are reporting that more than 600,000 Macs worldwide have already been compromised — 95,000 of them are said to be located in Canada. More information about the problem (including instructions for removal) is available from these links:

Apple has released two new Java updates for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) to address this problem. According to Apple, "these Java security updates now remove the most common variants of the Flashback malware." Download the updates here (also available via Software Update):

More info about Apple's Flashback malware removal tool (included in the above two updates) is available here:

Apple also has a standalone version of the removal tool for OS X Lion users who do not have Java installed which can be downloaded here:

We've seen this coming for a long time.

Blog Articles


BLOG ARCHIVE

Sites Recently Completed Or Updated

Move your mouse over a link below for a web site design preview. Click on a link to visit a web site: