Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
BlackHole RAT Mac OS X backdoor Trojan virus mimics password prompt
Fortunately, the virus doesn't seem to be very malicious. It allows a remote controller to reboot or shutdown an infected computer, or pop up a fake 'Administrator Password' box that can be used to phish a user's password -- but for the most part, it actually seems to be a proof of concept; a warning to Mac users that their OS can be infected.
One of BlackHole RAT's functions pops open a full-screen dialog with only a 'reboot' button, and the following, vaguely sociopathic message:
"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected!You kind of expect 'muhahaha!!1' to be at the end.
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished."
As for how the virus is distributed, it is probably via the usual channels: pirate downloads, or vulnerable browser plug-ins. Sophos notes that its Anti-Virus for Mac Home Edition, which is a free download, identifies and removes the virus. You should probably run it, just to make sure you're not infected.
Comments
14
Subscribe to commentsStevenFeb 28th 2011 10:22AM
Another "Proof of Concept" from a company trying to push its own anti-virus software. Nice.
chrisrmcardleFeb 28th 2011 11:33AM
@Steven
Do they really do that? I just downloaded this program (sophos anti virus) but if this is true then fuck that, I'm not gonna install it.
Sebastian AnthonyFeb 28th 2011 11:36AM
@Steven That's a very cup-half-empty way of looking at things :P
StevenFeb 28th 2011 11:40AM
@Sebastian Anthony Argh... freaking DS stupid comments....
The main part DownloadSquad didn't report was this sentence (quoted from Sophos' article on this malware):
"As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share."
Did you read that? The malware isn't even FINISHED. How did Sophos get it's hands on unfinished malware? Sounds fishy to me.
lsydexickFeb 28th 2011 10:35PM
@Sebastian Anthony
Follow the money I say, I bet most viruses are written and distributed by Anti virus company's...
StevenFeb 28th 2011 11:39AM
@(Unverified) The main part DownloadSquad didn't report was this sentence (quoted from Sophos' article on this malware):
"As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share."
Did you read that? The malware isn't even FINISHED. How did Sophos get it's hands on unfinished malware? Sounds fishy to me.
Sebastian AnthonyFeb 28th 2011 11:51AM
@Steven You gotta love our comment system... :(
As far as I understand it, it's a normal virus -- it was found in the wild -- but the virus writer published it as an unfinished proof of concept.
I don't think Sophos received the virus through some 'back channels'.
It's possible, sure -- but if you start thinking that way, who can you trust? :P
KevinFeb 28th 2011 12:35PM
That is hilarious
SilverWaveFeb 28th 2011 2:25PM
so is that Windows 1,000,000 Apple 1...
Or are the figure worse than that?
Sebastian AnthonyFeb 28th 2011 5:39PM
@SilverWave That's the ratio of Windows to Mac users, right?
FezMar 1st 2011 12:54AM
@SebestianAnthony
lol'd
5hRreDDyFeb 28th 2011 4:07PM
Been using Sophos for Mac ever since it was first released. Can't really complain about it to be honest since it has a low memory footprint, updates automatically and doesn't hog the CPU's time. Feature-wise it's pretty basic, but it's nice to know that I have protection in place just in case something (fingers crossed) infects my Mac. It's quite useful if you're running Parallels or similar seeing as it scans for Windows as well as Mac malware. Can't complain about the price of free either.
hi.ldav9Feb 28th 2011 5:37PM
Actually, i work for the computer center at Michigan State University. We've recently seen quite a few macbooks come in with virus's on them. Word on the street is that someone is paying $5 per infected computer.
Def not virus's that are proof of concepts since they disrupt the users computer enough that they come in for us to fix it.
PeanuttMar 1st 2011 8:41PM
I don't see why a trojan is news. Anyone can write a trojan. You don't have to exploit anything other than a clueless user to p3wn a system with a trojan. If this was a worm then this would be interesting.
What is the vector for infection here? Does this sneak in via a network or does a dumb user have to manually execute the trojan?