LED's Sushi Mac OS
The road behind
Mac OS X 10.0 was released five years ago today, on March 24th, 2001. To me, it felt like the end of a long road rather than a beginning. At that point, I'd already written over 100,000 words about Apple's new OS for Ars Technica, starting with the second developer release and culminating in the public beta several months before 10.0. But the road that led to Mac OS X extends much farther into past—years, in fact.
- Mac OS X Leopard (version 10.5) is the sixth major release of macOS, Apple's desktop and server operating system for Macintosh computers. Leopard was released on October 26, 2007 as the successor of Mac OS X 10.4 Tiger, and is available in two editions: a desktop version suitable for personal computers, and a server version, Mac OS X Server.It retailed for $129 for the desktop version and $499.
- The actual Mac OS X GUI was briefly demonstrated during the keynote. Knowledge of that block's existence led to significant hedging about the GUI present in Mac OS X DP2, but I don't think.
- Download this app from Microsoft Store for Windows 10, Windows 8.1, Windows 10 Mobile, Windows Phone 8.1, Windows 10 Team (Surface Hub), HoloLens. See screenshots, read the latest customer reviews, and compare ratings for Magic LED Lights.
- BAIXE O APP AQUI: https://drive.google.com/file/d/16rIF.
Mac OS X 10.0 was the end of many things. First and foremost, it was the end of one of the most drawn-out, heart-wrenching death spirals in the history of the technology sector. Historians (and Wall Street) may say that it was the iMac, with its fresh, daring industrial design, that marked the turning point for Apple. But that iMac was merely a stay of execution at best, and a last, desperate gasp at worst. By the turn of the century, Apple needed a new OS, and it needed one badly. No amount of translucent plastic was going to change that.
SDLTRS - a TRS-80 Emulator for Mac OS X, Windows, and Linux sdltrs is a Radio Shack TRS-80 Model I/III/4/4P emulator for Macintosh OSX, Windows, and Linux. It has been ported from Tim Mann's excellent X-Windows UNIX emulator xtrs.
Apple was so desperate for a solution to its OS problem in the mid- to late 1990s that both Solaris and Windows NT were considered as possible foundations for the next-generation Mac OS. And even these grim options represented the end of a longer succession of abortive attempts at technological rejuvenation: OpenDoc, QuickDraw 3D, QuickDraw GX, Taligent, Pink, Copland, Gershwin, Dylan—truly, a trail of tears. (If you can read that list without flinching, turn in your Apple Extended Keyboard II and your old-school Mac cred.)
In retrospect, it seems almost ridiculously implausible that Apple's prodigal son, thrown out of the company in 1985, would spend the next twelve years toiling away in relative obscurity on technology that would literally save the company upon his return. (Oh, and he also converted an orphaned visual effects technology lab into the most powerful animation studio in the US—in his spare time, one presumes.)
So yes, Mac OS X marked the end of a dark time in Apple's history, but it was also the end of a decade of unprecedented progress and innovation. In my lifetime, I doubt I will ever experience a technological event that is both as transformative and as abrupt as the introduction of the Macintosh. Literally overnight, a generation of computer users went from a black screen with fuzzy green text and an insistently blinking cursor to crisp, black text on a white background, windows, icons, buttons, scrollbars, menus, and this crazy thing called a 'mouse.'
I see a lot more Mac users today than I ever saw in the pre-Mac OS X era, but few of them remember what it was like in the beginning. They've never argued with someone who's insisted that 'only toy computers have a mouse.' They didn't spend years trying to figure out why the world stuck with MS-DOS while they were literally living in the future. They never played the maze. (Dagnabbit!)
AdvertisementToday's Mac users appreciate the refinement, the elegance, the nuances of Mac OS X. Today, the Mac grows on people. It seeps into their consciousness until they either break down and buy one or retreat to familiarity, perhaps to be tempted again later.
The original Mac users had a very different experience. Back then, the Mac wasn't a seductive whisper; it was a bolt of lightning, a wake-up call, a goddamn slap in the face. 'Holy crap! This is it!' Like I said, transformative. For the rest of the computing world, that revelatory moment was paced out over an entire decade. The experience was diluted, and the people were transformed slowly, imperceptibly.
That era ended on March 24th, 2001. Mac OS X 10.0 was the capstone on the Mac-That-Was. It was the end of the ride for the original Mac users. In many ways, it was the end of the Mac. In the subsequent five years (and over 200,000 more words here at Ars), the old world of the Mac has faded into the distance. With it, so have many of the original Mac users. Some have even passedon. Mac OS X 10.0 had a message: the Mac is dead.
Long live the Mac
Mac OS X arose, phoenix-like, from the ashes of the Mac-That-Was. Okay, maybe more like an injured phoenix. Also, Apple didn't light the bird on fire until a few years later. But still, technically, phoenix-like.
A side-by-side test-drive of Mac OS X 10.0 and 10.4 is shocking. The eternal debate is whether this gap exists because 10.4 is so good, or because 10.0 was so, so bad. That said, Apple's ability to plan and execute its OS strategy is not open for debate. In five short years, Apple has essentially created an entirely new platform. Oh, I know, it's really just the foundation of NeXT combined with the wreckage of classic Mac OS, but I think that makes it even more impressive. Two failing, marginalized platforms have combined to become the platform for the alpha geeks in the new century.
Today's Mac users span a much wider range than those of the past. Mac OS X's Unix-like core reached out to the beard-and-suspenders crowd (and the newer source-code-and-a-dream crowd) while the luscious Aqua user interface pulled all the touchy-feely aesthetes from the other direction. In the middle were the refugees from the Mac-That-Was, but they aren't the story here. Mac OS X is about new blood and new ideas—some good, some bad, but all vibrant. The Mac is alive again!
After spending half my life watching smart, talented people ignore the Mac for reasons of circumstance or prejudice, it's incredibly gratifying to live in a post-Mac OS X world. When I encounter a tech-world luminary or up-and-coming geek today, I just assume that he or she uses a Mac. Most of the time, I'm right. Even those with a conflicting affiliation (e.g., Linux enthusiasts) often use Apple laptops, if not the OS.
AdvertisementIn the media, the Mac and Apple have gone from depressing headlines on the business page to gushing feature stories everywhere. Even traditional strongholds of other platforms have fallen under the translucent fist of Mac OS X. Just look at Slashdot, long a haven for Linux topics, now nearly living up to the frequent accusation that it's become 'an Apple news site.' Here at Ars Technica, the story is similar. The 'PC Enthusiast's Resource' from 1999 is now absolutely swimming in Apple-related content.
As much as I like to think that I brought on this transformation here at Ars with my avalanche of words, the truth is that Mac OS X is responsible. Yes, Apple's shiny hardware helped, but it was the software that finally won over those stubborn PC geeks. It helped that the software was shiny too, but it would have all been for nothing if not for one word: respect.
Mac OS X made the alpha geeks respect the Mac. My part, if any, in the transformation of a green-on-black den of PC users into a clean, well-lighted home for Apple news and reviews was merely to explain what Mac OS X is, where it's coming from, and where it appears to be going. The rest followed naturally. It's Unix. It's a Mac. It's pretty, stable, novel, innovative, and different. Mac OS X was powerful geeknip; it still is.
During the first few years of Mac OS X's life, I began my reviews with a section titled, 'What is Mac OS X?' That seems quaint in retrospect, but it really was necessary back then. (The pronunciation tips contained in those sections might still be useful. Even Steve Jobs still says 'ecks' instead of 'ten' sometimes. He also said 'PowerBook' during the last press event. I'm just saying...'MacBook'? Come on.)
Today, Mac OS X has achieved escape velocity. After five years and five competently executed major releases, Apple has earned the right to take a little more time with Mac OS X 10.5 Leopard. Users need a break from the upgrade cycle too. (Well, the software upgrade cycle, anyway.) For all my complaints about the Finder, file system metadata, user interface responsiveness, you name it, I've always been rooting for Mac OS X. I've always wanted to believe. After five years, that faith is finally paying off.
Complacency's not my style, though. I still think Mac OS X can be better, and I continue to hold Apple to a very high standard. I've even got a head start on worrying about Apple's next OS crisis. (See parts one, two, three, and four.) Maybe I've been scarred by Apple's late-1990s dance with death...or maybe I've just learned an important lesson. Maybe Apple has too. I sure hope so, because I don't know if I can go through all that again.
Mac OS X is five years old today. It's got a decade to go before it matches the age of its predecessor, and perhaps longer before it can entirely escape the shadow of the original Mac. But I'm glad I'm along for the ride.
On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows systems. We then analyzed the sample, and in this blog we are going to explain how it works, step by step.
When the Word file is opened, it shows notifies victims to enable the Macro security option, which allows the malicious VBA code to be executed.
Malicious Word File is Opened
Figure 1. Asks victim to enable Macro security option
Once the malicious VBA code is executed, the AutoOpen() function is automatically called. The first thing it does is read the data from the “Comments” property of the Word file.
Figure 2. The property “Comment” of the Word file
The value of the “Comments” is base64 encoded, which can be read out and decoded by the VBA code below:
After it’s base64-decoded, we can capture the code in plaintext, which is python script, as shown below.
Next, it takes a different route depending on the OS type, Apple Mac OS X or Microsoft Windows, that it is running on. You can see this in the the flow chart in Figure 3.
Figure 3. Calling different route according to OS type
We have found that this malicious VBA code uses slightly modified code taken from a metasploit framework which you can find at hxxps://github.com/rapid7/metasploit-framework/blob/master/external/source/exploits/office_word_macro/macro.vba
How it Works for Apple Mac OS X
As you probably know, Mac OS X comes with Python pre-installed by Apple. This allows it to execute python scripts by default. As you can see above, the base64-decoded python script is passed to the ExecuteForOSX function that is going to execute it at the bottom of the function (see Figure 3).
The python script is easy to understand. It extracts the code from a base64-encoded string, and then executes it. It is decoded below, and as you can see, it is a very clear python script.
When the python script is executed, it downloads a file from “hxxps://sushi.vvlxpress.com:443/HA1QE”, and executes it. The downloaded python script is a slightly modified version of the Python meterpreter file, which is also part of the Metasploit framework. The source code of the project can be downloaded from the following URL: hxxps://github.com/rapid7/metasploit-payloads/blob/master/python/meterpreter/meterpreter.py.
The major changes between the downloaded file (HA1QE) and the original file are the following:
Figure 4. Differences between HA1QE and meterpreter.py
The HTTP_CONNECTION_URL constant (hxxps://sushi.vvlxpress.com:443/TtxCTzF1Q2gqND8gcvg-cwGEk5tPhorXkzS0gXv9-zFqsvVHxi-1804lm2zGUE31cs/) is set to the Metasploit end-point that the script will be connecting to.
The PAYLOAD_UUID constant is used as an identifier for the client, which we believe is also being used by the attackers for campaign-tracking purposes.
Led's Sushi Mac Os Download
Once the script is executed, it attempts to connect to the host “sushi.vvlxpress.com” on port 443. But at the time the request was made during our analysis, the listener (server) was not answering client requests.
Figure 5. Wireshark showing TCP retransmission error while connecting to the server
The python process remains active on the system while trying to connect to a reachable server.
Figure 6. Python script attempting connection to listener
How it Works for Microsoft Windows
Although the argument of the ExecuteForWindows function is as same as the ExecuteForOSX function, it does not use it. What it does instead is making a DOS-style command string starting with cmd.exe. When it is executed, powershell.exe is started without window (-w hidden), and it executes the base64-encoded code (-e base64-encoded code.) For more details, see the following screenshot.
Figure 7. Dos-style command
It’s base64 again. This malware’s author likes using base64 to encode the sensitive code. We will see more base64 encoded data in the rest of the analysis.
Decoding the base64-encoded data, we get the following powershell script:
The main job of the above powershell script is to decompress a piece of gzip data, which is in base64-encoded code, to get another powershell script (by calling FromBase64String() and GzipStream()) and execute it (by calling Start($s)).
Next, let’s move on to see the decompressed powershell code. To improve understanding, I modified some of the function and variable names.
Here is the code snippet:
From the above powershell code we can see that it first decodes the base64-encoded data. In fact, it is 64-bit binary code that is going to be executed later. Then, it allocates a buffer in the current process (powershell.exe) and copies the 64-bit code into the buffer by calling the VirtualAlloc and Copy functions. Finally, it calls the CreateThread function, whose thread function points to the new buffer. That means that the 64 bit code is the thread function and is executed. Based on our analysis, this malware only affects 64-bit Windows.
Figure 8. 64-bit ASM code
We analyzed the 64-bit code in IDA Pro, as shown in the above screenshot. Once it starts, it downloads a file from “hxxps://pizza.vvlxpress.com:443/kH-G5” into a newly allocated buffer. The downloaded file is actually a 64-bit DLL file. Before the thread function finishes, its stack return address is set to the newly allocated buffer that holds the downloaded 64-bit DLL. That means that the 64-bit DLL gets executed when the thread function is returned.
Next, we see that the DLL can communicate with its server, such as “hxxps:// pizza.vvlxpress.com:443/5MTb8oL0ZTfWeNd6jrRhOA1uf-yhSGVG-wS4aJuLawN7dWsXayutfdgjFmFG9zbExdluaHaLvLjjeB02jkts1pq2bR/”. We can see it in the debugger, as shown below.
Figure 9. Communication with its server
At this point, we are still working on analyzing the downloaded DLL and trying to gather more information from it. We’ll share more details about this malware later as we uncover more interesting details.
Mitigation
The original Word sample file has been detected as “WM/Agent.7F67!tr” by FortiGuard AntiVirus service.
IoCs
URL:
hxxps://sushi.vvlxpress.com:443/HA1QE
hxxps://pizza.vvlxpress.com:443/kH-G5
hxxps://pizza.vvlxpress.com:443/5MTb8oL0ZTfWeNd6jrRhOA1uf-yhSGVG-wS4aJuLawN7dWsXayutfdgjFmFG9zbExdluaHaLvLjjeB02jkts1pq2bR/
hxxps://sushi.vvlxpress.com:443/TtxCTzF1Q2gqND8gcvg-cwGEk5tPhorXkzS0gXv9-zFqsvVHxi-1804lm2zGUE31cs/
Sample SHA256:
Sample.doc 06A134A63CCAE0F5654C15601D818EF44FBA578D0FDF325CADFA9B089CF48A74
Led's Sushi Mac Os Update
HA1QE.py 3A0924D55FB3BF3C5F40ADCE0BD281D75E62D0A52D8ADFA05F2084BA37D212C8
kH-G5.dll C36021A2D80077C2118628ED6DB330FEF57D76810FF447EF80D2AB35B95099BC
Led's Sushi Mac Os Catalina
Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.
LED's Sushi Mac OS