History of the article
Close
This article was published March 7, 2016 at 15:41 hours.
the last change is the March 7, 2016 at 18:21.
Gone are the days when an Apple computer keeps safe from malware? Maybe. According to some reports in a few hours ago in the media industry, in fact, it has been found the first complete ransomware for Mac OS X. It’s called KeRanger and seems to have already hit with “success” some machines made in Cupertino, leaving users with a ‘ single screen with the payment mode to unlock the computer. To find out were researchers security company Palo Alto Networks.
A story in Microsoft orbit is established for years and instead had spared, so far, the Apple galaxy. Here are at least two schools of thought. The first is that Apple has remained in the shade against attacks because its so closed systems are much more difficult to pierce. The second is that, being that of malware a real business, the attacks are increasingly focused on Windows environments as a matter of numbers and distribution (more users equals more potentially infected machines). May both be true, because also in support of the second hypothesis is the strong diffusion of the Apple device in recent years. But first things first.
What is a ransomware
When we talk about ransomware we are faced with a type of malware that, for some reason, illegally installed on the user’s computer, without this has given an authorization. The effects are harmful. The crackers (term coined by Richard Stallman to indicate the bad hackers), thanks to the ransomware can take possession of the machine (or some files) and it locks. For the user, the result is a window pop-up asking for the payment of a sum of money to unlock the computer. A kind of redemption. Insult (to injury) is that very often behind the payment of “redemption” does not correspond to unlock your computer.
How has spread KeRanger
Ransomware that affected Macs has spread, such as Trojans, through a torrent client: the Transmission. It is one of those software that are used to download content from the Web with P2P protocol. More precisely, the malware was present in the installer of version 2.90. It is not yet clear how cyber criminals were able to pierce the application. It is known with certainty, however, that infection took place on March 4, the release date of version 2.90. While less than 24 hours later, Apple was already at the incident current. So let us just that the Cupertino company that the same company that makes Transmission have solved the case almost immediately. Apple engineers have withdrawn the digital certificate of the program (making it therefore not installable), while the Transmission has already been released the 2.92 version eradicated the virus.
What can Mac users
Owners of a Mac, however, they can check if their system is infected by some quick passing, reported by the various sectoral sites. First of all it is good to find whether there is a file on General.rtf soundings in /Applications/Transmission.app/Contents/Resources/ /Volumes/Transmission/Transmission.app/Contents/Resources/ and folders. This file uses an icon that looks like a standard RTF file, but is actually a Mach-O executable files compressed with UPX 3.91. It is also known that the first time you run it, KeRanger creates three files “.kernel_pid”, “.kernel_time” and “.kernel_complete” in the / Library. The malware will then dormant for three days before attacking the system.
© ALL RIGHTS RESERVED
Permalink
No comments:
Post a Comment