Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

10/31/2011

The Worst Kind of Cross-Platform Porting

Filed under: Apple,Linux,News and Current Events,Rotten Apples,The Dark Side — Posted by the Network Geek during the Hour of the Rooster which is in the early evening or 6:58 pm for you boring, normal people.
The moon is Waning Gibbous

Hackers are porting Linux viruses (virii ?) to OS X.

Last week Monday, ZDNet reported that hackers have ported code for a trojan from Linux to Apple’s OS X.  For those of my readers who don’t know what a trojan is I’m referring to a malicious program that opens the door for other, usually even worse, programs to come into the infected operating system, like the Greeks did in the classic stratagem known as the Trojan Horse.  It hasn’t been seen in the wild yet, but apparently the C source code for this has been available for quite some time.

Frankly, I’m surprised that this doesn’t happen more often than it does.  In the old days, virus writers had to really know something because they used assembly to create them.  Now, with Windows and all the other object-oriented programming languages filled with bloated libraries of programming calls, along with the availability of existing code on the internet, they hardly have to know anything to write fairly nasty malware.  And, as I’ve mentioned before, as Apple laptops become more popular, more malware will start to show up there.  I’m sure it’s only a matter of time before they figure out how to infect iPads and iPhones, too, if they haven’t already.

I hate people like this.
I spent most of my day today cleaning a malware infection off a machine.  This little bugger had not only disabled the Windows Task Manager, which is pretty common these days, but it also cleaned out the Start Menu, including all the built-in things like the link to Control Panel and My Documents and all those things on the right side of the Windows XP default Start Menu.  But, it also flagged most of the drive as Hidden and System, making it even more difficult to load the software I used to clean it.  I had to go into Safe Mode just to get the system clean enough to restart into Safe Mode with Networking so I could update Malwarebytes, which is what I eventually used to get rid of the beastie.   (I used Spybot Search and Destroy to keep the malware from loading to make the machine useable with networking support so I could update Malwarebytes, incidentally.)
So, yeah, these slimeballs keep me in a job, but, really, I’d appreciate it if they stopped helping me stay employed.  I promise I can find plenty of other things to do!

So, look lively out there people!  Be suspicious of what you download and click on!

UPDATE:  Apparently, this has been found out in the wild now.  And, according to TechWorld, it has a purpose; to use your system to generate BitCoins for it’s evil masters.  Very clever.  Nasty, but, still, very clever.

2 Comments

  1. Hmmm…

    This one wonders if the bug hasn’t already hit this WordPress installation. (See extract below.)

    ~Speaker

    ________________________________
    10/31/2011
    The Worst Kind of Cross-Platform Porting
    Filed under: Apple,Linux,News and Current Events,Rotten Apples,The Dark Side — Posted by the Network Geek during the

    WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE id = 3584’ at line 1]
    SELECT unix_timestamp(post_date) as pdate FROM WHERE id = 3584
    Hour of the Rat which is

    WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE id = 3584’ at line 1]
    SELECT unix_timestamp(post_date) as pdate FROM WHERE id = 3584
    in the wee hours or 6:58 pm for you boring, normal people.

    WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE id = 3584’ at line 1]
    SELECT unix_timestamp(post_date) as pdate FROM WHERE id = 3584
    The moon is a First Quarter Moon

    Hackers are porting Linux viruses (virii ?) to OS X….
    ________________________________

    Comment by DJ — 11/3/2011 @ 8:15 am

  2. Can you refresh the page in your browser? I’m not getting any errors when I look at the page.

    Comment by the Network Geek — 11/3/2011 @ 8:23 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.