How-To Geek

Week in Geek: New Mac Trojan Poses as a PDF File


This week we learned how to avoid being tracked on the internet using a tracking protection list in IE9, extract .RAR files on Windows 7 and Mac OS X, learned what a full frame camera is and if you need one, learned the ins and outs of OpenSSH on a Linux PC, enjoyed the latest set of Geek Deals, and more.

Photo by ToreLo.

Weekly News Links


Photo courtesy of F-Secure.

  • Mac trojan poses as PDF to open botnet backdoor
    Malware continues to be a minimal threat to most Mac users, but that doesn’t mean attackers aren’t constantly trying to come up with new ways to steal information or turn users’ machines into botnet drones. The latter appears to be the case with a new Mac trojan posing as a PDF file, discovered by security researchers at F-Secure.
  • OS X Lion passwords can be changed by any local user
    In OS X, user passwords are encrypted and then are stored in files called “shadow files” which are placed in secure locations on the drive. Recent discoveries have shown that in OS X Lion this security structure is not intact, and any user on the system can modify the passwords of other local accounts quite easily.
  • Adobe publishes emergency patch to fix critical Flash vulnerabilities
    As previously announced, Adobe has published an unscheduled emergency patch for Flash Player to address a number of critical security issues. The Flash Player updates, version for desktop operating systems and for Android, are the company’s response to a recently discovered universal cross-site scripting (XSS) hole.
  • Security duo finds another pair of vulnerabilities in Android
    Remember the duo who released an Angry Birds spoof application last fall in effort to highlight some of Android’s vulnerabilities? If so, perhaps you also recall hearing that Google had to implement the remote kill feature in Android about the same time. Well, those guys are back and, judging by their latest finding, things still don’t look to be all that secure.
  • Malware for everyone – Aldi Bot at a discount price
    In a blog posting, anti-virus vendor G Data is reporting that a functional botnet builder, dubbed the Aldi Bot, is available on underground forums for just €10. The company says that the Aldi Bot Builder appears to be based on the ZeuS source code.
  • Lousy code opens up Bluetooth hands-free kits, smartphones to hackers
    That Bluetooth car kit you got at the big box store on sale may be opening your phone up to hacking. Research by Codenomicon, a Finnish data security company, found that each of a sample of ten new Bluetooth hands-free kits tested this year have “critical issues” with their security implementations.
  • Researchers to detail hole in Web encryption
    A pair of researchers plan to detail an attack called BEAST that they say undermines a very widely used technology for securing browser communications. Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol).
  • User privacy concerns emerge over supercookies
    The difficulty in removing supercookies and their ability to track a user’s browsing history and preferences have raised privacy issues, according to security experts, who add that supercookies are not severe security risks and have no legal implications for now.
  • Microsoft hands Rustock botnet case over to FBI
    Microsoft is hoping that federal agents will bring to justice one of the world’s most notorious spammers, known to the company only as Cosma2k. According to Microsoft, Cosma2k is the handle of the alleged ringleader of the Rustock botnet, which earlier this year was the purveyor of more e-mail spam than any other network in the world, sending as many as 30 billion messages a day at its peak.
  • Microsoft to stop Linux, older Windows, from running on Windows 8 PCs
    It doesn’t take much reading between the lines to see that Microsoft is going to try to keep Linux, older versions of Windows, and other operating systems off Windows 8 PCs.
  • Mozilla proposes not-so-rapid-release Firefox
    Mozilla, faced with business users’ stiff resistance to its new rapid update schedule for Firefox, has proposed a slower-moving version of the browser. Under the proposal, Mozilla would issue a new Extended Support Release (ESR) version of Firefox every 30 weeks.
  • DigiNotar files for bankruptcy
    Dutch certificate authority DigiNotar is closing up shop following a recent hacking attack that caused it to issue a series of phony online security certificates.
  • Google ‘rigs’ search results, rivals tell senators
    Moments after Google Executive Chairman Eric Schmidt told senators “we get it” in regard to regulatory scrutiny, the search giant’s rivals refuted the point. “Google doesn’t get it,” said Thomas O. Barnett, a lawyer for Expedia, which fought Google’s acquisition of flight data provider ITA Software. “Google won’t even admit reality.”
  • Apple, Dropbox join Electronic Privacy Act fight
    Apple and Dropbox have joined the Digital Due Process coalition, according to an announcement this past Friday from the Electronic Frontier Foundation, one of the sponsors of the group.
  • Errant character to blame for Twitter ‘hack’
    In the sometimes slippery world of the Web, it can pay to cross your “t”s and dot your “i”s.

Random TinyHacker Links


  • ZoneAlarm security products in 2012 – are they good?
    ZoneAlarm has not published major updates to their security products since 2010. This review tries to evaluate if, in two years, they made good progress or not. To find out more about the quality of their 2012 products, check out this review.
  • Bitdefender Total Security 2012 Giveaway
    Do you want to get a chance at winning a 1-year license of Bitdefender’s latest and greatest product? Check out this giveaway. Today (September 25th) is the last day for the contest, so hurry on over for the details!
  • Geeky Lunch Bag Art
    Check out this awesome art on lunch bags.

Super User Questions

See the great answers to these questions from this week’s ‘Most Popular Thread’ at Super User.


How-To Geek Weekly Article Recap

Heat up your weekend reading with our hottest HTG Main articles of the week.


Geeky Goodness from the ETC Side

Put the fun back into your weekend with our most popular ETC posts of the week.


One Year Ago on How-To Geek

Enjoy reading through these great articles from one year ago.


Photo by ginnerobot.

How-To Geek Comics Weekly Roundup


Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 09/25/11

Comments (2)

  1. xana452

    My goodness, what a brilliant disguise.

  2. Anonymous

    The one thing that is glaring out at me is the story about Microsoft wanting to stop Linux and older Windows from running on Windows 8 PCs thus essentially trying to stomp out any competition on a hardware level. This is rather like your car manufacturer telling you (and not suggesting) that you can only use one certain brand of tires and consume only one manufacturer of oil and gas. Can we say “UN-American” here?!

    I think the author said it best: Welcome back Evil Empire, I knew you couldn’t really be that far away.

Enter Your Email Here to Get Access for Free:

Go check your email!