Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: MrShoop
OSX is harder to attack (i have an iMac, BTW), but not impossible. You are wrong that there are zero instances of worms/malware/spambots. In fact there were recently numbers released that macs made up 16% of the infected computers in the Jnanabot network.
Threat Assessment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy

16% of 0-49 infections = a maximum of eight Macs. My hypothesis is that those infected Macs were running Windows in boot camp. As described in the technical details on the Symantec site, Jnanabot only affects Windows; it infects a system by writing to the registry and downloading and installing several .exe files. The numbers in that pie chart are "from artifacts of the file system."

14 posted on 05/05/2011 11:19:27 PM PDT by ReignOfError
[ Post Reply | Private Reply | To 8 | View Replies ]

To: ReignOfError

At the time of the article (~5 months old), the folks at Symantec said the number of Jnanabot infections so far is “measured in the thousands.”. What you are looking at is the state of trojan 5 months later, after it has been detected and removed from many systems.


18 posted on 05/06/2011 11:00:27 AM PDT by Wayne07
[ Post Reply | Private Reply | To 14 | View Replies ]
To: ReignOfError
Also, you can see Jnanabot has code specific to the Mac to allow it to run. It is definitely not windows only..

http://www.symantec.com/connect/blogs/trojanjnanabot-trojanaffecting-multiple-platforms

This particular Trojan (that Symantec detects as Trojan.Jnanabot) is one such attempt to target multiple platforms. Jnanabot has numerous functionalities that include key logging, connection to IRC servers, and posting malicious links on social networking sites, affecting users on Windows, Mac OSX, and Linux platforms.

The threat is composed of multiple files. I will address them as components throughout this blog. Each component is meant for a specific task. Some components are compiled Java files whereas others are platform specific executable files.

  1. Library component:  Contains Library files needed to run the threat on various platforms namely: Mac OSX, Linux with AMD 64 machines, Linux with x86 machines, Windows with x86 machines
  2. Main component: The main .jar file that controls execution of all the components.
  3. Install/update component: Installs and updates the threat.
  4. IRC component:Connects to remote IRCs and waits for further commands from the master.
  5. Key logging component.
  6. Crypt component: Windows and Mac executable files to decrypt the packaged files.
  7. Facebook component: We are currently analyzing this component. From our brief analysis it seems as if the threat can read cookies of logged on user and may post malicious links on the social networking site.

20 posted on 05/06/2011 11:26:42 AM PDT by Wayne07
[ Post Reply | Private Reply | To 14 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson