|
|
Focus on Apple
several news stories on Macs being zombies Jan 08 2007 04:03AM kevhoy (kevhoy gmail com) (2 replies) Re: several news stories on Macs being zombies Jan 08 2007 04:57PM Dave Schroeder (das doit wisc edu) |
|
Privacy Statement |
and distributing spam. Each time the machines were compromised via SSH
brute force attacks. The systems would have SSH enabled and local user
accounts with usernames and passwords such as test or temp. The
attacker didn't exploit a vulnerability in these cases, just a bad
configuration. We do not enable SSH on our workstations as a rule,
however, some faculty and staff take it upon themselves to do so. As a
result we've begun putting in our own custom sshd_config files that
prevent root login via SSH and restrict SSH logins to our admin accounts
only.
Don't forget that at its heart OS X is UNIX. Apple also uses open
source software such as OpenSSH and Samba which makes OS X as
susceptible as any UNIX or Linux box to attacks utilizing flaws in that
software. However, as far as I know, we've never had a compromise that
was the direct result of true vulnerability exploitation on the Apple
platform.
-Derek
Derek Spransy
Emory College of Arts and Sciences
Emory University
Derek.spransy (at) emory (dot) edu [email concealed]
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of kevhoy
Sent: Sunday, January 07, 2007 11:04 PM
To: focus-apple (at) securityfocus (dot) com [email concealed]
Subject: several news stories on Macs being zombies
This weekend, I have seen several stories that say some version of the
following.
While some zombie computer crimes have been linked to computers running
Linux or Macintosh operating systems, officials have warned that Windows
systems are the most susceptible.
http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r
So far botnets have predominantly infected Windows-based computers,
although there have been scattered reports of botnet-related attacks on
computers running the Linux and Macintosh operating systems.
http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&oref=slogin
Is there any real true to these reports? I haven't seen this reported
here or anywhere else. Are these just repeating the same story? Could
some one please elaborate if this is truly happening?
Kevin Hoyland
Iowa City Community School District
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;
-khtml-nbsp-mode: space;-khtml-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We’ve has several instances where Macs have been used for
DDoS attacks and distributing spam. Each time the machines were
compromised via SSH brute force attacks. The systems would have SSH
enabled and local user accounts with usernames and passwords such as test or
temp. The attacker didn’t exploit a vulnerability in these cases,
just a bad configuration. We do not enable SSH on our workstations as a
rule, however, some faculty and staff take it upon themselves to do so. As
a result we’ve begun putting in our own custom sshd_config files that
prevent root login via SSH and restrict SSH logins to our admin accounts only.
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Don’t forget that at its heart OS X is UNIX. Apple
also uses open source software such as OpenSSH and Samba which makes OS X as susceptible
as any UNIX or Linux box to attacks utilizing flaws in that software. However,
as far as I know, we’ve never had a compromise that was the direct result
of true vulnerability exploitation on the Apple platform.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Derek<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Derek Spransy<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Emory College of Arts and Sciences<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Emory University<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Derek.spransy (at) emory (dot) edu [email concealed]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span><
/b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]] <b>On Behalf Of </b>kevhoy<br>
<b>Sent:</b> Sunday, January 07, 2007 11:04 PM<br>
<b>To:</b> focus-apple (at) securityfocus (dot) com [email concealed]<br>
<b>Subject:</b> several news stories on Macs being zombies<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>This weekend, I have seen several stories that say some
version of the following.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><span class=apple-style-span><span style='font-size:8.5pt;
font-family:"Lucida Grande","serif"'>While some zombie computer crimes have
been linked to computers running Linux or Macintosh operating systems,
officials have warned that Windows systems are the most susceptible.</span></span><o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><span class=apple-style-span><span style='font-size:9.0pt;
font-family:"Helvetica","sans-serif"'><a
href="http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177
r">http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r</
a></span></span><o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><o:p> </o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><span class=apple-style-span><span style='font-size:10.0pt;
font-family:"Georgia","serif"'>So far botnets have predominantly infected
Windows-based computers, although there have been scattered reports of
botnet-related attacks on computers running the Linux and Macintosh operating
systems. </span></span><o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><a
href="http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&o
ref=slogin">http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1
&oref=slogin</a><o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><o:p> </o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'>Is there any real true to these reports? I haven't seen this
reported here or anywhere else. Are these just repeating the same story? Could
some one please elaborate if this is truly happening?<o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'><o:p> </o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'>Kevin Hoyland<o:p></o:p></p>
<p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:8.25pt;
margin-left:0in'>Iowa City Community School District<o:p></o:p></p>
</div>
</div>
</body>
</html>
[ reply ]