Comments on: Mac Botnet: How To Ensure You’re Not Part of the Problem

By: Want a short tutorial of security on the Mac? « Chicago Mac/PC Support

Want a short tutorial of security on the Mac? « Chicago Mac/PC Support — Thu, 11 Mar 2010 17:40:56 +0000

[...] http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of-the-problem/ [...]

By: Cómo averiguar si formas parte de la red de macs “zombies” | Reflexiones IT

Fri, 01 May 2009 17:00:40 +0000

[...] | The Apple Blog Imagen | Flickr de [...]

By: Decio (beta) » Blog Archive » (Mac)Infos en vrac…

Decio (beta) » Blog Archive » (Mac)Infos en vrac… — Thu, 30 Apr 2009 14:33:46 +0000

[...] http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of-the-problem/ [...]

By: sprawdź czy Twój Mac nie jest zombie, komendy terminala do wykrywania malware w Mac OS X, programy dla Mac OS X | MacKozer

Wed, 29 Apr 2009 09:41:42 +0000

[...] daną we wcześniejszym wpisie dotyczącym programu antywirusowego ClamXav, przytaczam, za AppleBlog.com, sposób w jaki możemy sprawdzić czy nasz Mac nie jest przypadkiem zombie należącym do botnetu. [...]

By: Comprueba si tu Mac forma parte de una red de ordenadores ‘zombie’ | Appleismo

Mon, 27 Apr 2009 15:04:40 +0000

[...] | The Apple Blog Comparte este [...]

By: monoclast

monoclast — Mon, 27 Apr 2009 03:15:31 +0000

Bruce A says:
“Perhaps, but this is looking for a process which might be running under root. sudo ensures EVERY process is looked at, not just the user’s own processes.”

No, that’s incorrect – ‘sudo’ does not ensure all processes are shown by ‘ps’. The -a and -x switches to ‘ps’ do that – and they do it without ‘sudo’ being involved at all.

By: Bruce A

Bruce A — Mon, 27 Apr 2009 03:05:07 +0000

I think it’s worth saying that if you pirated the infected apps and got bit you got what you deserved.

“As a matter of practice, one should not run commands as root unless necessary.”

Perhaps, but this is looking for a process which might be running under root. sudo ensures EVERY process is looked at, not just the user’s own processes.

By: Ron Bannon

Ron Bannon — Sat, 25 Apr 2009 11:49:54 +0000

I seem to recall a story that SecureMac was a malware site. Does anyone remember this?

By: abednarz.net » Mac Botnet: How To Ensure You’re Not Part of the Problem

abednarz.net » Mac Botnet: How To Ensure You’re Not Part of the Problem — Sat, 25 Apr 2009 00:07:29 +0000

[...] Read how to detect and remove over at TAB. [...]

By: Sophto’s BloGy » Blog Archive » هل جهازك الماك مصاب

Sophto’s BloGy » Blog Archive » هل جهازك الماك مصاب — Fri, 24 Apr 2009 20:22:42 +0000

[...] المصدر [...]

By: Victor

Victor — Fri, 24 Apr 2009 19:43:00 +0000

Welcome to four months ago.

By: razmaspaz

razmaspaz — Fri, 24 Apr 2009 18:44:11 +0000

Its worth noting that if you downloaded iWork ’09 and had MacScan or any other virus protection software running it would not have done any good. this program would not have been in the definition file of any of these apps. My biggest argument against security software is that it is only as good as the definition file, and the file will never be ahead of the malware. That said its not an excuse not to run it, and as always smart downloading and emailing is the best defense.

By: sbimos

sbimos — Fri, 24 Apr 2009 18:16:14 +0000

Does ClamAV look for iWorkServices infection?

By: krye

krye — Fri, 24 Apr 2009 17:52:29 +0000

Then again, this was a trojan that you had to actually install yourself. And for the record, it doesn’t actually do anything. So, as long as you’re staying off the torrent sites and not installing crap from an unknown origin, you should be safe. This was more of a proof of concept than anything else.

By: Paul Moriarty

Paul Moriarty — Fri, 24 Apr 2009 17:48:29 +0000

As a matter of practice, one should not run commands as root unless necessary. The “sudo” in Step 1 is not required.

By: monoclast

monoclast — Fri, 24 Apr 2009 17:46:34 +0000

Note that sudo is not required for any of these commands. And if you try running them in a regular (non-administrative) user account, they will fail. It is therefore probably a better idea not to include sudo in the commands on your web page.