Os X Virus

[THC]

Not sure if this was posted before but what the heck!!!!
http://www.sophos.com/security/blog/2007/11/729.html

[MJ]

eh ....

2007?

and a trojan is not a virus....

[Pleasuretek]

dude that counts as 8th layer social engineering. If people are dumb enough to install a codec to view hardcore porn, then yeah you just got rooted and don't deserve to own a machine.

Now if you want to exploit built in java in OSX over a tiny applet in a forum targeting OSX users, then that could count as something to fear.

You macintosh users should not fear virii, you should fear the 'rootkit'.. every mac has SSH built in and installed, this is very easy to turn on if someone can bind and spawn a shell after an overflow like the one mentioned above... from there they will probly crack your password, turn on root account (since most people dont know what that is and in OSX you have to enable it...), and from there start renting out your machine for pennies to perform distrubuted denial of service attacks (DDoS) in which companies networks are shut down for a period of time. When looking at this from a corporate view, they loose a lot of money from being non productive for a day...

This is what OSX users should fear thier expensive machines doing. not a pornMafia scam, or phishers, or a virus (which virii were mainly targeted at corporate data, home users just happened to be using the same OS)...
fun stuph...

ps. http://www.milw0rm.com/platforms/osX <--known exploits; local needs physical access.

[makemassair]

You seem to know a lot. Which is good as I have a question.

Recently I've noticed an influx of spam messages coming from other users into my MSN Messenger (which I use Adium rather than the Microsoft software). My girlfriend (who is a PowerPC iMac) has been sending me spam messages about losing weight despite her machine being switched off. Now is this because her actual hotmail account has been hacked? (She hasn't been told of any emails being recieved by her friends, unlike the spam her profile has sent them thru MSN Messenger) Or is it because there is some kind of spyware present on her machine?

Is it possible that a PC/Windows infected machine could infect her email? I've tried searching on Google but can't come up with any upto date info, just out of date stuff from years ago that doesn't really cover this.

[Motionreactor]

Make massair: Email doesn't necessarily come from the source it says it does. In an email, there is actual text data which is not encrypted that is called a 'header' this is what the email client (Hotmail, Outlook, Thunderbird, Gmail, Yahoo etc...) sees and it beleives it. Which basically means there is a way to spoof an email and make it look like it is coming from someone it isn't. So it could not be coming from her machine at all.

[sleepytom]

Hotmail is uttley rubbish and possibly the most exploited email system in the world. Get rid of your hotmail email address and either get a googlemail which is a lot more spam proof (at the moment) or go for a smaller company (i like www.fastmail.fm)

[Gumby]

Quote:

Originally Posted by sleepytom

Hotmail is uttley rubbish and possibly the most exploited email system in the world. Get rid of your hotmail email address and either get a googlemail which is a lot more spam proof (at the moment) or go for a smaller company (i like www.fastmail.fm)

I have to disagree with you there. The new live hotmail has really good spam protection. I hardly get any, and the ones i do just get filtered into my junk folder.

Just don't go putting your email address everywhere and if you have to just display it as "me AT Me DOT COM"

On the subject of people's Live Messenger getting spammed, thats because their whole account has been infected and is being accessed from another system. Just delete the person from your account and tell them to set up a new one and not to click on strange looking links people send them in conversations.
I always ask the person sending the link what it is before opening it, not fool proof but its a sensible thing to do.

Some tips from Windows Live Help:
About reducing junk e-mail

Windows Live Hotmail offers several options to help reduce the amount of junk e-mail (Unwanted, unsolicited, or illicit e-mail or other electronic messages, including spam.) that you receive. Microsoft recommends that you follow these guidelines to help reduce junk e-mail:

• Don't reply to junk e-mail, even to ask to be removed from the sender's mailing list. The sender may simply use that response to confirm that your e-mail address is valid, and continue to send you junk e-mail. To block further e-mail from a sender, at the top of the message, click Mark as unsafe. To report the message as junk e-mail, select the message, on the Action bar, click Junk, and then click OK.
• To report the e-mail message as a suspected phishing (Falsely claiming to be a legitimate business to send you to a fake website or scam you into giving out private information.) scam, on the Action bar, click Mark as, click Phishing scam, and then click OK.
• Remove your e-mail address from any web page, newsgroup, or bulletin board available on the Internet.
• To remove your e-mail address from newsletters or mailing lists that are on your safe senders list, you can click Unsubscribe. Microsoft notifies the people who created the newsletter to stop sending it to you.

Note

If you receive junk e-mail that looks as if it was sent from your Windows Live Hotmail account, someone may have spoofed (Sending messages with fake or stolen account information.) your account information.


Set the junk e-mail filtering level

You can use the junk e-mail filter to help decrease the amount of junk e-mail that appears in your Inbox.

1. Sign in to the Windows Live Hotmail website with your Windows Live ID (The e-mail address and password that you use to sign in to Windows Live programs and services such as Windows Live Hotmail and Windows Live Messenger; Microsoft services such as Xbox, MSN, and Office Live; and anywhere else that you see the Windows Live ID logo.) .
2. On the Action bar, click Options, and then click More options.
3. Under Junk e-mail, click Filters and reporting.
4. Under Filters and reporting, select the options that you want, and then click Save.

Notes

• If you choose Exclusive for your junk e-mail filter, only messages from e-mail addresses on your Contacts or Allowed senders lists appear in your Inbox. Messages from senders not on those lists are automatically sent to the Junk folder.
• You should occasionally check your Junk folder to make sure that good messages are not sent to there by mistake. If you notice a message that was inadvertently put in the Junk folder, open the Junk folder, select the message, and then, on the Action bar, click Not junk.

[sleepytom]

Quote:

Originally Posted by Gumby

On the subject of people's Live Messenger getting spammed, thats because their whole account has been infected and is being accessed from another system.

well there you go.
by using hotmail you make yourself vulnerable to the constant hacking and trojan attacks which are aimed at the hotmail system. In the past month there have been massive amounts of these kind of issues, accounts hacked and then used to spread viruses and gain access to even more hotmail accounts.

Why use microsofts webmail when simply by doing so you make yourself a target for hackers? Hotmail has more exploits than any other webmail service simply because it is run by microsoft and so is a target of hackers, because of mircosofts inability to write secure code many of these exploits are successful and so the problem get worse and worse.

Hotmail is the least secure webmail that you can get. If you care at all about security then you won't have a hotmail account. Simple as that really.

[makemassair]

Quote:

Originally Posted by sleepytom

well there you go.
by using hotmail you make yourself vulnerable to the constant hacking and trojan attacks which are aimed at the hotmail system. In the past month there have been massive amounts of these kind of issues, accounts hacked and then used to spread viruses and gain access to even more hotmail accounts.

Why use microsofts webmail when simply by doing so you make yourself a target for hackers? Hotmail has more exploits than any other webmail service simply because it is run by microsoft and so is a target of hackers, because of mircosofts inability to write secure code many of these exploits are successful and so the problem get worse and worse.

Hotmail is the least secure webmail that you can get. If you care at all about security then you won't have a hotmail account. Simple as that really.

This is what I was thinking. Thanks for clearing it up. I'll advise her and get her to use her Gmail account.

[Pleasuretek]

how real spammers spam : sit back, drink coffee, smoke cigarettes and wait.

think of a program that manages thousands of computers... Now tell it to test the 1,000,000 most popular passwords (which is an easy dic to find) against a set of email addresses collected by automatic page crawlers.

Now the (somewhat) tricky bit is that after 5 attempts from the same IP you get locked out. That is where thousands of boxxes come in handy, you tell each box to test a single userName/passwd combo each pass and wait 3 seconds between each login attempt on the same account (same IP can test multiple accounts without waiting).

Now this is not a complicated program, 16yr kids have written things like this in visualBasic. there are many automated toolkits that you can download that will do this for you, I would not advise visiting the websites such tools are located on...

Your GF had weak password (anything under 24char to me is weak...) that could be cracked easily. That account is hosed, toss it and get a new gmail as there login is one of the toughest to run distrubuted bruteforce attacks against. The other side of my life is IT guy...