

New Java trojan attacks Mac OS X via social networking sites - charlief
http://arstechnica.com/apple/news/2010/10/new-java-trojan-attacks-mac-os-x-via-social-networking-sites.ars

======
tvon
FTA:

> A new trojan horse has cropped up that affects Mac OS X _(and Windows as
> well)_.

Perhaps noteworthy in the title.

~~~
albemuth
Windows users might not consider a new trojan as noteworthy news ;)

------
seles
It seems to imply that once the link is clicked it downloads and runs the
payload automatically, but this is rather hard to believe (I would guess that
there is some user action required).

Is the article correct?

~~~
InclinedPlane
Drive by download & execute vulnerabilities exist in Java for many browsers.

So yes, it is possible for the "trojan" to work as described.

~~~
bradleyland
If "as described" includes running automatically (without user permission),
then you'd be incorrect in this case. This particular trojan doesn't include
any privilege escalation exploits, so the user must confirm a couple of
security dialog boxes (including keying their password) before the trojan can
install.

~~~
rexyo
This is not entirely true. There will be only 1 popup asking the user's
permission to "run" java code through the browser. After that, the applet can
download anything on the box it needs and execute it.

The applet has full access to the local filesystem with the same priviliges
the original user has. If needed the hackers can further exploit the machine,
by escalating user priviliges with some corrupt scripting..

One click is enough to seriously damage your machine, be careful;) This is
what the popup looks like in Firefox
<http://www.ussu.ca/studentgroups/JavaApplet.jpg>

------
alanh
Chrome users, enter 'about:plugins' in your address bar to disable Java.

(Users of other browsers, you can usually find what you need in preferences.)

------
sirn
From another source, clicking on link appears to shown a certification error
dialog[1].

[1]: [http://www.macrumors.com/2010/10/27/new-java-based-
malware-t...](http://www.macrumors.com/2010/10/27/new-java-based-malware-
targets-mac-os-x-but-threat-level-disputed/)

------
Shooter
What antivirus/security software do other HNers use on their Macs, if
anything?

~~~
ihodes
Right now, common sense.

I'll move to Arch if I need to install anything else that remotely resembles
bloat.

~~~
frou_dh
Common sense is also enough on Windows, except when it isn't.

------
tjarratt
Since no one else is going to say it...

Suddenly it doesn't seem like such a bad idea to remove Java from OS X. I for
one can go without any applets and even minecraft on my macbook pro.

~~~
SpikeGronim
First, Apple isn't removing Java from OS X. They will stop shipping their
customized version of Java in several years.

Second, every popular piece of software has vulnerabilities. So if this
warrants the removal of Java, you should remove Safari and the BSD kernel from
OS X as well.

~~~
X-Istence
There is no BSD kernel in OS X. The entire OS is Darwin running an XNU kernel
that has a BSD layer within it. There is no way to remove the BSD layer
without removing the entire OS.

~~~
SpikeGronim
"There is no way to remove the BSD layer without removing the entire OS"

Yup, that's the joke I was making... grandparent comment would have us remove
all our software...

------
hackermom
Underlying requirement: that the user running the applet is an administrator
(and while this is the default modus operandi as per the installation
procedure of OS X, not every OS X user continues on this path).

~~~
msbarnett
The user is also alerted when the applet tries to run, and they would need to
approve the privilege escalation request for the applet; it has an untrusted,
self-signed cert.

~~~
DavidSJ
If true, this is a huge omission from the article. Got a source?

~~~
msbarnett
Sure, here's a couple with less breathlessness, and more details:

[http://www.intego.com/news/trojan-horse-os-x-koobface-a-
affe...](http://www.intego.com/news/trojan-horse-os-x-koobface-a-affects-mac-
os-x.asp)

[http://www.tuaw.com/2010/10/27/security-alert-new-trojan-
hor...](http://www.tuaw.com/2010/10/27/security-alert-new-trojan-horse-apps-
attacking-the-mac/)

