I Smell a RAT

ByMike Moffit

Back in February, the Apple world was rocked by the announcement of a Trojan called BlackHole RAT (Remote Access Trojan) that could allow someone to access a machine remotely, without the knowledge or permission of the user. (Okay, so maybe “rocked” is an exaggeration; more likely a couple of people yawned and clicked through to the next article.) A report came out today that BlackHole RAT has been updated to 2.0. In addition to the standard backdoor type access, now it can allow remote commands and put up a fake password prompt, which then sends your administrator password to the hacker. Most of the time, the announcement of a Trojan on Mac OS X doesn’t upset anyone because, unlike a virus that spreads on its own, a Trojan has to be installed by the user, and who would do something like that?

The term “Trojan” comes from the tale of the Trojan Horse: During the Trojan War, Greek soldiers left a giant wooden horse outside the gates of Troy, which the people brought into the city as a victory trophy. That night, Greek soldiers hidden inside the horse opened the city gates to allow the rest of the Greek army inside. This is in essence how a Trojan works on your computer: you install an application that appears to be one thing, but it carries hidden code (called a “payload”) that does something unexpected and usually harmful. Trojan Horse programs tend to make more news on Windows systems, since larger percentage of computer users are running Microsoft’s OS. Most hackers go for the largest return on their time, which is always Windows users. On a Mac, it’s harder to infect the operating system, but it is still possible if you don’t practice “safe surfing.” (I know the term sounds silly, but really, it’s true.) Key point—watch what you install.

While viruses often come in various forms (as e-mail attachments or through unsecured ports), Trojans come packaged with another program. More often than not, Trojans are attached to “pirated” software. Here is a typical scenario: you find a copy of Microsoft Office:mac 2011 on the Internet, and it comes with a “serial crack” (which allows you to activate the software without paying for it). You run the serial number generator, it prompts you for a password, and then it gives you a fake serial number, which you enter into Office. Wow, you just got a $190 program for free!

A few days later, your friends tell you that they are receiving spam from your e-mail address. You try to log into your mail to check, but your password doesn’t work. Frustrated, you go to Facebook to post about it, except you can’t log into your page anymore, and all your pictures are gone. Later, you try to buy groceries, but your credit card is overdrawn. Checking your statement online, you find that someone bought a widescreen television and several iPads from Best Buy in some state you’ve never been to. Then the realization hits—you’ve been hacked. That serial number generator you installed had a program attached that allowed someone to grab all your personal information, so now everything you had on your computer—including your passwords and bank account information—is being used by someone else. You might think, “But I have a Mac, this can’t happen!” Remember that any program that attaches to the OS requires a password to install, and when the serial number generator asked for it, you happily provided it.

This is not intended to be a sermon reminiscent of “don’t copy that floppy.” It does, however, illustrate how even a computer as secure as a Mac can still be “hacked.” It’s akin to giving a stranger your keys and then wondering what happened to your car. Best way to prevent this? Watch what you install. As I have said in previous articles, don’t install “warez” —a generic term for commercial software that you did not pay for. If you see programs claiming to remove copy protection or fake “serialz” or “cracks,” avoid them. Most of the time they do what they claim, but there is no way to know what else they do until it’s too late. Sophos has a free scanner that can watch out for these things, but really, the best protection is to just not go there. If you don’t want to get mugged, don’t go down a dark alley at night. If you don’t want your data to get mugged, stay out of the dark alleys of the Internet.

Similar Posts

  • Wireless Sync with iTunes

    A few days ago, a friend asked if I’ve played around with iOS 5 and what my favorite feature is. Since I have…

  • Worms, Viruses, and Trojans, Oh My!

    You have probably heard the terms “viruses, trojans and worms,” which are all under the umbrella term for malicious software called malware. These…

  • Lingering Data

    A significant concern was brought up after we posted the article Clean Install vs. Deleting Users’ Accounts a few weeks ago. The question…

  • Backing Up vs Data Recovery Costs

    One of the toughest things a technician has to do is tell customers that their hard drive has failed and recovering the data will likely cost thousands of dollars. A Small Dog customer brought in her 24-inch iMac earlier this month because it would not start up. It was on the bench and diagnosed as a failed hard drive a few hours later, and we contacted her with a few options: replace the hard drive under warranty and return the failed drive to Apple, or send the drive to DriveSavers for professional recovery.

    DriveSavers is widely acknowledged as the most capable and best-equipped data recovery firm in the world, and our customer was happy to receive an external hard drive with 100% of her data mere days after sending in the toasted one. She was not happy about the bill, though, which was more than the cost of her computer!

    We spoke at length on the phone about how all hard drives fail eventually and how she needs to have a backup system in place. She clearly understood what I was saying, and I made it clear that our conversation was not really about sales but about her protection. No backup drive was purchased.

    Three weeks later, the warranty hard drive replacement has failed again. She didn’t back it up and has lost three weeks of work and simply cannot afford the pricey recovery again.

    David Lerner, an owner of the preeminent New York City Apple Specialist and repair shop Tekserve, has in his email signature “May you have 1,000 backups and never need one.” It’s a mantra we all should take seriously.

    This is just one more sad story about 100% preventable data loss. Do yourself a favor and get a Time Capsule, an external drive, even email important documents to yourself or stash them on your iDisk. A $200 Time Capsule is much cheaper than a $2200 data recovery!

    Do yourself a favor… (be sure to click the green links on the product page to view all specials)
    Time Capsule 500GB from $199.99
    Time Capsule 1TB from $349.99