Digital Spy

Search Digital Spy
 

DS Forums

 
 
 

New Mac malware confuses users with right-to-left filename tricks


Reply
Thread Tools Search this Thread
Old 17-07-2013, 13:11
cnbcwatcher
Forum Member
 
Join Date: Sep 2008
Location: Avoiding Labour Law lecturers
Posts: 47,969

http://www.infoworld.com/d/security/...-tricks-222817

And who says Macs don't get viruses? I think we have enough evidence now to prove that they do
cnbcwatcher is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 17-07-2013, 13:15
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
http://www.infoworld.com/d/security/...-tricks-222817

And who says Macs don't get viruses? I think we have enough evidence now to prove that they do
you need to get your terminology correct first.

your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

this is a malicious app that requires the user to install it before it can do anything.
it's not a virus as it doesn't spread out infecting other systems.
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 13:16
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds, UK
Posts: 6,145
you need to get your terminology correct first.

your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

this is an app that requires the user to install.
it's not a virus as it doesn't spread out infecting other systems.
Here we go. Get your IT dictionaries out folks, for yet another Mac 'malware' debate.
Stig is offline   Reply With Quote
Old 17-07-2013, 13:18
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
Here we go. Get your IT dictionaries out folks...
well there is a big difference between malware, spyware and a virus.

i don't believe macs have ever not been suspect-able to malicious apps that require manual installation - and i don't think anyone has ever claimed that not to be the case.
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 13:22
cnbcwatcher
Forum Member
 
Join Date: Sep 2008
Location: Avoiding Labour Law lecturers
Posts: 47,969
you need to get your terminology correct first.

your thread title says "malware", the thread content says "virus" and the actual article mentions "spyware".

this is a malicious app that requires the user to install it before it can do anything.
it's not a virus as it doesn't spread out infecting other systems.
I tend to use the word virus to refer to any kind of computer malware. It still seems like another nasty one though. Is there any such thing as an anti-spyware program for Mac?
cnbcwatcher is offline   Reply With Quote
Old 17-07-2013, 13:26
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
I tend to use the word virus to refer to any kind of computer malware. It still seems like another nasty one though. Is there any such thing as an anti-spyware program for Mac?
all the major AV companies (Sophos, Kaspersky, Norton) do mac software, however Little Snitch will monitor for outgoing connections etc
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 13:45
DotNetWill
Forum Member
 
Join Date: Jan 2008
Location: Cheshire
Posts: 4,390
well there is a big difference between malware, spyware and a virus.
Nope, if the Mac circle jerk club members sent less time saying we don't get viruses because a virus is this, that's a worm/malware/spyware and actually educated people as to how these happens, there might be less to argue about.
DotNetWill is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 13:54
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
Nope, if the Mac circle jerk club members sent less time saying we don't get viruses because a virus is this, that's a worm/malware/spyware and actually educated people as to how these happens, there might be less to argue about.
your circle jerk club only has one member doesn't it ???
did you find a suitable cream for those calluses?

here's some reading for you though so you know the difference between virus, spyware and other things.

http://www.cisco.com/web/about/secur...orm-diffs.html

essentially a virus "spreads from one computer to another, leaving infections as it travels."

knowing the difference between them will help you.
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 14:15
Quackers
Forum Member
 
Join Date: Nov 2001
Location: Staffordshire
Posts: 4,523
"If users agree to open the file, the malware will install itself in a hidden folder"

That being the key thing. Its not a virus.
Quackers is offline   Reply With Quote
Old 17-07-2013, 14:19
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
"If users agree to open the file, the malware will install itself in a hidden folder"

That being the key thing. Its not a virus.
could you explain the importance of the distinction?
flagpole is offline   Reply With Quote
Old 17-07-2013, 14:26
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
could you explain the importance of the distinction?
a virus self propagates without user interaction.
this piece of malware requires the end user to explicitly install it, and once installed it does not then spread itself to infect other system
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 14:28
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
prior to the internet malware had to be self-replicating in order to propagate. i'm guessing you are not old enough to remember that. these days the same effects can be achieved without self replication. the taxonomy is largely irrelevant.
and what would you guess at my age i wonder?

ps, using big words doesn't suit you.
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 15:02
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
a virus self propagates without user interaction.
this piece of malware requires the end user to explicitly install it, and once installed it does not then spread itself to infect other system
i didn't ask for someone to reiterate the distinction.
flagpole is offline   Reply With Quote
Old 17-07-2013, 15:04
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
and what would you guess at my age i wonder?

ps, using big words doesn't suit you.
since you've asked about 15-16 i guess. certainly no older. possibly younger?

i honestly have no idea which big words you are referring to.
flagpole is offline   Reply With Quote
Old 17-07-2013, 15:10
paulj48
Forum Member
 
Join Date: Jul 2007
Posts: 932
So as a Mac user should I be worried?

What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.
paulj48 is offline   Reply With Quote
Old 17-07-2013, 15:19
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 9,545
since you've asked about 15-16 i guess. certainly no older. possibly younger?
you guess is laughable
chenks is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 15:27
paulj48
Forum Member
 
Join Date: Jul 2007
Posts: 932
you guess is laughable
you'd have been 4 or 5 when you joined according to the membership date.
paulj48 is offline   Reply With Quote
Old 17-07-2013, 15:37
Maxatoria
Forum Member
 
Join Date: Apr 2011
Posts: 4,678
So as a Mac user should I be worried?

What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.
It uses a unicode character so when you see it on screen it ends with .pdf rather than .app so some people may click on it
Maxatoria is online now   Reply With Quote
Old 17-07-2013, 15:39
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
So as a Mac user should I be worried?

What would I need to be doing on the internet to prompt this 'malware' to download and attemp to trick me into installing? according to the article the install promp is written back to front, if an install request popped up written backward then if that does'nt trigger alarm bells then I dont know what would.
not overly worried no. just add it to the list of things you know.

but the request would not be written backwards.

part of the file name is being written backwards to make it look like the extension is different.

so you would download a file through whatever means and instead of appearing in your file manager as something like readme.app it would look like readme.ppa.pdf

i would have the correct icon for a pdf too.

it's a chink, that goes on the list. now it's out we see what people can do with it. see what intriguing word combinations they can find.
flagpole is offline   Reply With Quote
Old 17-07-2013, 15:40
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
you guess is laughable
i guess from your join date i was wrong.

you asked how old i thought you were and i told you.
flagpole is offline   Reply With Quote
Old 17-07-2013, 16:03
DotNetWill
Forum Member
 
Join Date: Jan 2008
Location: Cheshire
Posts: 4,390
flagpole, I'd take the advice of Greg King - "Donít argue with idiots because they will drag you down to their level and then beat you with experience."
DotNetWill is offline Follow this poster on Twitter   Reply With Quote
Old 17-07-2013, 16:13
paulj48
Forum Member
 
Join Date: Jul 2007
Posts: 932
not overly worried no. just add it to the list of things you know.

but the request would not be written backwards.

part of the file name is being written backwards to make it look like the extension is different.
according to the article the warning message is written backwards

Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

paulj48 is offline   Reply With Quote
Old 17-07-2013, 16:20
flagpole
Forum Member
 
Join Date: Jan 2003
Posts: 41,506
according to the article the warning message is written backwards

Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

I read the article.

That is a specific example. The concept is in the file names.
flagpole is offline   Reply With Quote
Old 17-07-2013, 16:23
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 20,367
according to the article the warning message is written backwards

Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

There is a screen shot of the dialog in this from F-Secure that shows the backwards text.

http://www.f-secure.com/weblog/archives/00002576.html
chrisjr is offline   Reply With Quote
Old 17-07-2013, 16:23
DotNetWill
Forum Member
 
Join Date: Jan 2008
Location: Cheshire
Posts: 4,390
according to the article the warning message is written backwards

Opening the Janicab .app file will trigger a standard Mac OS X pop-up dialog warning the user that the file was downloaded from the Internet. However, because of the RLO character in the file name, the entire warning text will be written right to left making it confusing and hard to read.

That makes it more weird. Why would you not imediately press cancel and think "Well that's buggered"
DotNetWill is offline Follow this poster on Twitter   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT. The time now is 07:23.