New Mac malware confuses users with right-to-left filename tricks

http://www.infoworld.com/d/security/new-mac-malware-confuses-users-right-left-file-name-tricks-222817

And who says Macs don't get viruses? I think we have enough evidence now to prove that they do :eek:
«1

Comments

  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    http://www.infoworld.com/d/security/new-mac-malware-confuses-users-right-left-file-name-tricks-222817

    And who says Macs don't get viruses? I think we have enough evidence now to prove that they do :eek:

    you need to get your terminology correct first.

    your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

    this is a malicious app that requires the user to install it before it can do anything.
    it's not a virus as it doesn't spread out infecting other systems.
  • StigStig Posts: 12,446
    Forum Member
    ✭✭
    chenks wrote: »
    you need to get your terminology correct first.

    your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

    this is an app that requires the user to install.
    it's not a virus as it doesn't spread out infecting other systems.
    Here we go. Get your IT dictionaries out folks, for yet another Mac 'malware' debate.
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    Stig wrote: »
    Here we go. Get your IT dictionaries out folks...

    well there is a big difference between malware, spyware and a virus.

    i don't believe macs have ever not been suspect-able to malicious apps that require manual installation - and i don't think anyone has ever claimed that not to be the case.
  • cnbcwatchercnbcwatcher Posts: 56,681
    Forum Member
    chenks wrote: »
    you need to get your terminology correct first.

    your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

    this is a malicious app that requires the user to install it before it can do anything.
    it's not a virus as it doesn't spread out infecting other systems.

    I tend to use the word virus to refer to any kind of computer malware. It still seems like another nasty one though. Is there any such thing as an anti-spyware program for Mac?
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    I tend to use the word virus to refer to any kind of computer malware. It still seems like another nasty one though. Is there any such thing as an anti-spyware program for Mac?

    all the major AV companies (Sophos, Kaspersky, Norton) do mac software, however Little Snitch will monitor for outgoing connections etc
  • DotNetWillDotNetWill Posts: 4,564
    Forum Member
    ✭✭✭
    chenks wrote: »
    well there is a big difference between malware, spyware and a virus.

    Nope, if the Mac circle jerk club members sent less time saying we don't get viruses because a virus is this, that's a worm/malware/spyware and actually educated people as to how these happens, there might be less to argue about.
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    DotNetWill wrote: »
    Nope, if the Mac circle jerk club members sent less time saying we don't get viruses because a virus is this, that's a worm/malware/spyware and actually educated people as to how these happens, there might be less to argue about.

    your circle jerk club only has one member doesn't it ???
    did you find a suitable cream for those calluses?

    here's some reading for you though so you know the difference between virus, spyware and other things.

    http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

    essentially a virus "spreads from one computer to another, leaving infections as it travels."

    knowing the difference between them will help you.
  • QuackersQuackers Posts: 4,830
    Forum Member
    ✭✭✭
    "If users agree to open the file, the malware will install itself in a hidden folder"

    That being the key thing. Its not a virus.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    Quackers wrote: »
    "If users agree to open the file, the malware will install itself in a hidden folder"

    That being the key thing. Its not a virus.

    could you explain the importance of the distinction?
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    flagpole wrote: »
    could you explain the importance of the distinction?

    a virus self propagates without user interaction.
    this piece of malware requires the end user to explicitly install it, and once installed it does not then spread itself to infect other system
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    flagpole wrote: »
    prior to the internet malware had to be self-replicating in order to propagate. i'm guessing you are not old enough to remember that. these days the same effects can be achieved without self replication. the taxonomy is largely irrelevant.

    and what would you guess at my age i wonder?

    ps, using big words doesn't suit you.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    chenks wrote: »
    a virus self propagates without user interaction.
    this piece of malware requires the end user to explicitly install it, and once installed it does not then spread itself to infect other system

    i didn't ask for someone to reiterate the distinction.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    chenks wrote: »
    and what would you guess at my age i wonder?

    ps, using big words doesn't suit you.

    since you've asked about 15-16 i guess. certainly no older. possibly younger?

    i honestly have no idea which big words you are referring to.
  • paulj48paulj48 Posts: 1,122
    Forum Member
    ✭✭✭
    So as a Mac user should I be worried?

    What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    flagpole wrote: »
    since you've asked about 15-16 i guess. certainly no older. possibly younger?

    you guess is laughable
  • paulj48paulj48 Posts: 1,122
    Forum Member
    ✭✭✭
    chenks wrote: »
    you guess is laughable

    you'd have been 4 or 5 when you joined according to the membership date.
  • MaxatoriaMaxatoria Posts: 17,980
    Forum Member
    ✭✭
    paulj48 wrote: »
    So as a Mac user should I be worried?

    What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.

    It uses a unicode character so when you see it on screen it ends with .pdf rather than .app so some people may click on it
  • flagpoleflagpole Posts: 44,641
    Forum Member
    paulj48 wrote: »
    So as a Mac user should I be worried?

    What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.

    not overly worried no. just add it to the list of things you know.

    but the request would not be written backwards.

    part of the file name is being written backwards to make it look like the extension is different.

    so you would download a file through whatever means and instead of appearing in your file manager as something like readme.app it would look like readme.ppa.pdf

    i would have the correct icon for a pdf too.

    it's a chink, that goes on the list. now it's out we see what people can do with it. see what intriguing word combinations they can find.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    chenks wrote: »
    you guess is laughable

    i guess from your join date i was wrong.

    you asked how old i thought you were and i told you.
  • DotNetWillDotNetWill Posts: 4,564
    Forum Member
    ✭✭✭
    flagpole, I'd take the advice of Greg King - "Don’t argue with idiots because they will drag you down to their level and then beat you with experience."
  • paulj48paulj48 Posts: 1,122
    Forum Member
    ✭✭✭
    flagpole wrote: »
    not overly worried no. just add it to the list of things you know.

    but the request would not be written backwards.

    part of the file name is being written backwards to make it look like the extension is different.

    according to the article the warning message is written backwards

    Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

  • flagpoleflagpole Posts: 44,641
    Forum Member
    paulj48 wrote: »
    according to the article the warning message is written backwards

    Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.


    I read the article.

    That is a specific example. The concept is in the file names.
  • chrisjrchrisjr Posts: 33,282
    Forum Member
    ✭✭✭
    paulj48 wrote: »
    according to the article the warning message is written backwards

    Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

    There is a screen shot of the dialog in this from F-Secure that shows the backwards text.

    http://www.f-secure.com/weblog/archives/00002576.html
  • DotNetWillDotNetWill Posts: 4,564
    Forum Member
    ✭✭✭
    paulj48 wrote: »
    according to the article the warning message is written backwards

    Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.


    That makes it more weird. Why would you not imediately press cancel and think "Well that's buggered"
  • cnbcwatchercnbcwatcher Posts: 56,681
    Forum Member
    paulj48 wrote: »
    according to the article the warning message is written backwards

    Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.


    That's sneaky :eek: Most people would be really confused by that.
Sign In or Register to comment.