VC's automated Twitter feed spreads malware
Guy Kawasaki's Twitter page
(Credit: Twitter)Updated June 25 at 9:00 a.m. PDT with Trend Micro saying the Trojan is harmful to Macs and PCs.
Venture capitalist Guy Kawasaki got more than he bargained for from an automated feed he set up on his Twitter account.
Some of Kawasaki's more than 139,000 Twitter followers noticed something strange when they saw a particular non-VC-related tweet sent from his account on Tuesday.
The update advertised a sexy video of "Gossip Girl" star Leighton Meester and had a link leading to a site where, if the visitor clicked to view the video (and ostensibly download a necessary codec), a Trojan called OSX/Jahlav-C for the Mac OS would be installed instead, Graham Cluley wrote on his blog on Wednesday for antivirus vendor Sophos.
Windows users aren't immune as the Trojan they will receive, TROJ_JAHLAV.B, is downloaded, according to Trend Micro.
"Following the link would be a very bad idea because it will lead you to a malicious Web site designed to infect both Macs and PCs with a DNS-changing Trojan, which at the time of writing has low-to non-existent detection rates by security vendors (although Trend Micro customers would already have been protected from visiting the known malicious site using our Smart Protection Network)," Rik Ferguson of Trend Micro wrote.
Kawasaki told The Wall Street Journal his account is set up to redistribute updates from NowPublic, a user-generated news site.
The auto-published tweet was from a NowPublic feed that was not moderated by the site, NowPublic co-founder Michael Tippett told the WSJ later.
"Auto-feeds on Twitter can be quite risky," Michael Argast, a security analyst for Sophos, told CNET News.
Kawasaki's account wasn't the only one redistributing the malicious link; the same tweet was sent from other lower-profile accounts.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
The lack of widespread (i.e. viral) viruses has always been the key point of the improved security features in a unix-like operating system (of which OSX is but one). No operating system is immune to compromise and there never will be one.
You're right when you say that no one qualified to speak on the subject of security has ever said the Mac is immune. However, I'm afraid you disqualify yourself with the next statement, that the lack of widespread viruses is a key point of inherent security in Unix-based operating systems.
Security researchers agree unanimously that OS X is the most vulnerable platform on the market today (Vista represents MS today; XP doesn't count). It has been pwned 3 years in a row at CanSecWest with browser exploits, and once publicly with a drive-by downloading Java exploit (harmless, just Proof of Concept).
It's a never-ending calling for a concerned service tech, finding more Mac users who have fallen for Apple's commercial meme and busting their bubble with the cold, hard truth, but here it is: the only defense Apple has is the authentication mechanism, and that only works against executables, keeping guest users in line. It offers no defense against scripts and other Web-borne child programs, leveraging the privileges of preexisting parent programs to surreptitiously infiltrate the system. The ONE AND ONLY reason there are fewer Mac malware than Windows malware is because of obscurity; 9 out of 10 computers run Windows. Sorry.
Keep downplaying my friend.
And all is dreamy in Apple Land today...
The ISP is no more, but the general knowledge of this type of user is still around and they use Macs like anyone else.
Just because you know better, do not assume others benefit from that same knowledge.
When you say "Apple Land," I think you meant to say "La La Land," because that's where you're coming from. Sorry to bust your bubble, but OS X is THE MOST VULNERABLE OS on the market today (Vista represents MS; XP doesn't count). OS X has been pwned 3 years in a row with drive-by downloads at CanSecWest, using Safari exploits. There is also a publicly available PoC Java exploit which also circumvents authentication, although this one uses third-party software, not Safari itself. It's incredible how many Mac users are suckered in by Apple's "Macs don't get viruses" bandwagon, but as if it hasn't been said enough times already, it's only because of obscurity that the annals of Mac malware have stayed relatively quiet (until now, with new Mac malware being mentioned every week here at CNET).
That said, no one has been able to infiltrate Vista through the browser. It's only been done using Adobe Flash, and to everyone else's amazement. And these are some of the best hackers on the planet; the Russian Business Network has yet to succeed against Vista. The difference between Windows Vista and OS X is that OS X has one defense, and one defense only... authentication. But this only works against executables, preventing your visiting kid cousin from installing a Trojan horse on your Mac. It offers no defense at all against scripts and other Web-borne child programs that infiltrate your system through Internet-facing vectors. And as easy as security researchers say it is, I suspect it's only a matter of time now until the Russians get familiar enough with the IntelMac shell, and start flooding the Web with Mac-targeted drive-by downloads.
Vista has an authentication mechanism of its own, called UAC (which Windows 7 has as well). But that's not the biggest hurdle facing would-be remote attackers; the real barriers are DEP and ASLR. Even with UAC disabled, I'm not aware of any Gumblar, Conficker, or Mebroot attacks successfully circumventing Vista's main defenses. Conficker might, however, if an infected flash drive is plugged in with AutoRun enabled (and Windows Defender disabled, and no other security software/tweaks installed). But again, a lot more can be done locally than remotely. Windows 7 also adds Safe Unlinking, enabling the OS to immediately terminate a process when an overflow is detected, and then check for errors before reloading the process. Just FYI, I rarely see an infection on a Vista machine beyond a Trojan that came from LimeWire, FrostWire, or Ares; average Vista users are doing as well as you are (as are users of XP or 2K who have been turned on to Invincible Windows).
What is this "Malware Concierge Service" you talk about? I can't seem to find it anywhere on the Web.
He was being sarcastic. Don't attack your own side...
Not everyone has the common sense of a security minded issue. Remember these computers are used by people who are most of the time misled into thinking nothing will harm their Mac's i've seen even teachers with this mindset.
You guys don't realize the power of advertising and technological idiots of the generation...
People keep talking about the "pseudo-security" of Mac OS. Almost all systems have good security, but the weakest link is ALWAYS the user, unless you take the user's control away, which is never good. So we will always have these things to put up with. Seriously though, users need to be educated more.
"WHEN YOU TYPE YOUR PASSWORD, YOU ARE GIVING THE PROGRAM THE ABILITY TO CHANGE/DESTROY EVERYTHING. TRIPLE-CHECK WHETHER THE PROGRAM IS TRUSTED BEFORE YOU ENTER YOUR PASSWORD."
- by z3r0bit June 25, 2009 2:15 PM PDT
- Mac OS X has DEP enabled by default - http://www.nsa.gov/ia/_files/factsheets/I733-TR-043R-2007.pdf
- Like this Reply to this comment
-
(16 Comments)Full 64bit ASLR is coming with Snow Leopard and bitfrost will be ported to Mac OS X: http://blog.pgp.com/index.php/tag/bitfrost/
Not really too worried.