First successful malware on Macs?

adox

http://samsung.getblogs.info/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/

My sister rang me last night to say this had popped up on her MacBook and it took here a while to get rid of it.

Is this a major breakthrough for hackers or just something that could have happened anytime and can be easily dealt with?

Either way surely it's a first?

barryj

adox wrote: »

http://samsung.getblogs.info/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/

Is this a major breakthrough for hackers or just something that could have happened anytime and can be easily dealt with?

What a poorly written article - there's nothing particularly new here - it's a piece of scareware/malware. Classic wallet-inspector software. You search for some images on google, end up on some site you've never heard of that, then asks to install some security software, asks for you password and then suggests you fork out money! There's a few major alarm bells there in that process.

The article referred to makes it sound like it's an epidemic and ultra sophisticated, neither of which are true.

- barry

Apple computer owners are being subjected to a number of specialised malware attacks that insists Mac users download a malware version of the popular MacDefender antivirus application, infecting their computers as a result.

News of the malware campaign surfaced as scores of Mac computer owners flooded the Apple Discussion Forums, asking members for advice on how to delete the MacDefender application from their systems.

PeakOutput

adox wrote: »

http://samsung.getblogs.info/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/

My sister rang me last night to say this had popped up on her MacBook and it took here a while to get rid of it.

Is this a major breakthrough for hackers or just something that could have happened anytime and can be easily dealt with?

Either way surely it's a first?

This, the user could always install something on their computer, if they install stupid dangerous stuff then there isn't much any operating system maker can do to make the system more secure against that.

K.O.Kiki

By definition, this appears to be a true trojan horse (malware) program.

However, it is NOT a virus/worm/root kit, since it appears to require the user to download & install it themselves (unwittingly).

Tips to defend against this:

1. Switch from Safari to Chrome-based browsers
2. Don't automatically open attachments/downloads (EVER) -- only open what you specifically downloaded
3. If "infected", do not insert your credit card details you utter tool

Sad Professor

K.O.Kiki wrote: »

Switch from Safari to Chrome-based browsers

I agree with everything else you said, but this isn't necessary. The same thing could potentially happen with other browsers. If people are stupid enough to install a strange application that pops up out of nowhere they are stupid enough to do anything. The only thing I'd recommend to Safari users is that they disable the automatic opening of "safe" files.

Beyond that there's no defending against user error. Trojans will always be a problem and there's not much Apple or anyone else can do about them except warn people.

holystungun9

Sad Professor wrote: »

I agree with everything else you said, but this isn't necessary. The same thing could potentially happen with other browsers. If people are stupid enough to install a strange application that pops up out of nowhere they are stupid enough to do anything. The only thing I'd recommend to Safari users is that they disable the automatic opening of "safe" files.

Beyond that there's no defending against user error. Trojans will always be a problem and there's not much Apple or anyone else can do about them except warn people.

Just unchecked that now, is there other stuff I should switch off? Java, javascript, extensions? those are other options on that page and I have to say that I am not sure what effect they have on my day to day computing (mail, net, youtube, music, nothing too unusual) Also, after looking at the preferences in Chrome, there doesn't seem to be too much to change there. Even the 'under the hood' part doesn't seem to have anything useful for helping my security. Am I right in this? Is there something obvious that I should have turned on/off?

Don't want to find out later that I had the 'share all my credit card details and banking information with contacts' option turned on!!

barryj

holystungun9 wrote: »

...is there other stuff I should switch off? Java, javascript, extensions? those are other options on that page and I have to say that I am not sure what effect they have on my day to day computing (mail, net, youtube, music, nothing too unusual) .. Is there something obvious that I should have turned on/off?

I wouldn't turn off Javascript. You won't be able to do a lot on the web without it - java is not required as much, but some sites require it including a lot of banking sites. I'd leave it on. For extensions, just make sure you only have the ones you actually need enabled.

The most important thing for keeping your machine safe is to use common sense. Don't agree to install anything you didn't go out looking for and if you want to install an application, make sure it's from a reliable source - google for reputation of anything you're not sure off.

Also make sure you have passwords enabled on any admin account you use on your mac, and think twice anytime you get prompted for your password.

- barry

Talisman

adox wrote: »

Is this a major breakthrough for hackers or just something that could have happened anytime and can be easily dealt with?

In terms of a malware installation on OS X it isn't a first. In the past few years there have been warez versions of applications such as MS Office and Adobe Creative Suite seeded with such unwanted guests. This is simply the next step - delivering it to the uneducated and unsuspecting masses via a web browser.

Talisman

holystungun9 wrote: »

Also, after looking at the preferences in Chrome, there doesn't seem to be too much to change there. Even the 'under the hood' part doesn't seem to have anything useful for helping my security. Am I right in this? Is there something obvious that I should have turned on/off?

Don't want to find out later that I had the 'share all my credit card details and banking information with contacts' option turned on!!

Disable the "Form autofill" functionality in "Personal stuff".

Hobbes

barryj wrote: »

I wouldn't turn off Javascript.

Safari needs an "NoScript" addon.

Liameter

holystungun9 wrote: »

Is there something obvious that I should have turned on/off?

Just your brain. All Mac malware requires you to type your password for installation. DON'T type your password for anything unless it's something you are certain you want to install, which came from a known safe source.

holystungun9

Liameter wrote: »

Just your brain. All Mac malware requires you to type your password for installation. DON'T type your password for anything unless it's something you are certain you want to install, which came from a known safe source.

Ehmm, thanks, but for clarity, is that switch your brain on or off??:p

Just joking, think everything is under control now and yes, the best line of defense between you and viruses etc., is you.

jay93

You see this is what happens when Apple lies about their OS not been able to get malware or viruses .

Its totally possible no OS is 100% secure no matter how much apple brag about it and thats a fact.

Ok yeah Mac OSX does seem to be the least affected by malware etc.
But with more people using MAC OSX hackers are going to be turning their consatant attention from Windows to OSX its only a matter of time people.!

Liameter

jay93 wrote: »

You see this is what happens when Apple lies about their OS not been able to get malware or viruses .

Apple don't claim this. In fact they sell AV software on their site!

On the other hand, Mac users point out that there are no OSX viruses and that the number of "malware" exploits can be counted on the fingers of one hand - and that, for those exploits to have any effect, someone in possession of the Admin password has to install them.

Consequently, for any Mac user with a brain cell, the risk is too small to be worth contemplating. It's about as high as the risk of catching dengue fever in the UK. (Very small indeed.)

muggyog

@ jay93

https://www.youtube.com/watch?v=Id_kGL3M5Cg

loldog

In the article, it says some user claims:

Hi I am new to this, but something called Mac Defender has downloaded itself and now I cannot get it off my computer.

I take it the user downloaded the app themselves without realizing it?

.

Sad Professor

Yes, and if "open safe files" is enabled in Safari, the file will open by itself and an installer window with MacDefender on it will pop up. But it CANNOT install without the user telling it do so and entering their admin password. The users who reported that it installed by itself are either lying or too embarrassed to admit they installed it.

challengemaster

I SWEAR, IT KNOWS MY ADMIN PASSWORD AND INSTALLED ITSELF! :pac:

Liameter

Not possible.
All it does is to download a zip file to your "Downloads" folder.
If you open that folder (Home -> Downloads) then you can trash the file(s). DO NOT click on the Downloads folder in the Dock to access the file(s)!

thecommander

From Gruber.

Ed Bott, ZDNet, three days ago: “Coming Soon to a Mac Near You: Serious Malware”:
Now I am seeing evidence that the next target is OS X. That’s potentially very bad news for Mac owners who have abandoned their PCs in the belief that switching to a Mac somehow immunizes them from malware.

Security experts know, of course, that there’s nothing magical about Macs when it comes to security. They just haven’t been targeted because Windows has been such a big juicy target for so long.

But now that Macs have achieved a critical mass of success in the marketplace, they’ve attracted the attention of malware authors. According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform.

Tony Bradley, PCWorld, December 2010: “Apple No Longer Flying Under the Security Radar”:
The McAfee report explains, “McAfee Labs saw malware of increasing sophistication that targets Mac this year; we expect this trend to increase in 2011. The popularity of iPads and iPhones in business environments and the easy portability of malicious code between them could put many users and businesses at risk next year and beyond,” adding “We anticipate threats of data and identity exposure will become more pronounced.” […]

If McAfee is right, 2011 could be a bittersweet year for Apple and Apple fans.

Nick Farrell, The Inquirer, September 2009: “Hackers Target Macs”:
A bunch of Russian hackers are offering 43 cents for each Mac that their partners in crime can infect with bogus video software. The move has been cited by insecurity experts at Sophos as a sign that Mac users’ security by obscurity days are coming to an end. […]

This is because most Mac users believe that faith in Steve Jobs protects them from all malware. To them, malware is only for Windows users because OS X is perfect and totally secure. The fact that Mac OS X’s security is the stuff of jokes at security experts’ parties does not matter to the Apple faithful.

Bernhard Warner, The Sunday Times, July 2008: “Hackers Start to Target Apple Macs”:
The company [Sophos] reports today that two new Mac-ware Trojans that emerged in February and June ought to shake Mac users of their misconceptions that their computers (and, eventually, iPods and iPhones) are impenetrable. To put this in perspective, the first really pernicious piece of Mac malware emerged only in October, 2007, Mr Cluley adds, suggesting that a worrisome trend is about to get worse.

Roger L. Kay, Businessweek, March 2008: “Apple’s Icarus Effect”:
Just as those living in shiny houses of self-righteous glass often end up surrounded by shards of their former sanctimony, so Apple Inc. now finds itself the increasingly appealing target of software hackers.

Kevin Allison, GNT, December 2007: “Apple’s Rising Popularity Lures Hackers”:
“Over the past two years, we had found one or two pieces of malware targeting Macs,” said Patrik Runald, an F-Secure security researcher. “Since October, we’ve found 100-150 variants.”

The rising security threat could present a challenge to Apple, which has long touted the security advantages of its platform over those of Microsoft, whose software is a perennial target for hackers.

“As Apple’s platform becomes more visible, it will increasingly come under the gun,” said Roger Kay, an analyst at Endpoint Technologies.

Bill Snyder, Infoworld, December 2007: “Hackers Take Aim at Mac OS X”:
It’s not often that an analyst covering computer security issues tells you that he doesn’t do much to protect his systems. But one reputable analyst I know said just that as we talked about the rising threat of malware aimed at Apple’s hardware. I won’t mention his name, but the gentleman is dead wrong. The days when you can assume that Apple’s products are exempt from harm are over.

Ryan Singel, Wired, November 2007: “New Apple Trojan Means Mac Hunting Season Is Open”:
Evron sees more problems for Apple users than just new Trojans that try to trick users. Hackers will find it profitable and all too easy to find holes in Apple software, because the company hasn’t paid sufficient attention to security, said Evron. He predicts Apple will experience a full-range of attacks, just as Microsoft did a decade ago when Windows machines and the internet first met.

“It’s Mac season. The next two years will be interesting.”

Kim Zetter, Wired, October 2007: “iPhone’s Security Rivals Windows 95 (No, That’s Not Good)”:
With Apple’s announcement Monday that it shipped 1.12 million iPhones in the three months after its launch, the gadget’s apparent popularity rivals some PCs. That has security experts warning of trouble, following revelations that Apple built the iPhone’s firmware on the same flawed security model that took rival Microsoft a decade to eliminate from Windows.

“It really is an example of ‘those who don’t learn from history are condemned to repeat it’,” says Dan Geer, vice president and chief scientist at security firm Verdasys.

Steve Hargreaves, “special” to CNN, October 2006: “Hackers Look to Crack the Mac”:
Apple computers have long been prized for being virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware.

John McCormick, TechRepublic, May 2006: “X Marks the Spot: Hackers Turn Attention to Apple’s OS”:
But that may all be about to change. The number of newly discovered Mac OS X vulnerabilities has surged by more than 220 percent (annualized) from 2003 to 2005. Compare that to an 80 percent increase in the number of Windows vulnerabilities.

Of course, McAfee is in the business of selling antivirus software, so it’s important to take its reports with a grain of salt (as with any antivirus vendor).

Bob Johnson, CNet, May 2006: “Say Good-Bye to Apple Security?”:
While Microsoft’s vulnerabilities might let intruders into the castle, Apple is giving them the keys to the kingdom and rolling out the welcome mat.

Apple also happens to make the world’s most popular music devices: iPods. Essentially large hard drives, they also have the potential to deliver all kinds of security threats into any environment, even Windows. Once a virus infiltrates the iPod, plug and play becomes plug and plague. Did anyone really believe the security nirvana for Apple would last? It’s now more vulnerable than ever, and things can only get worse.

Munir Kotadia, Silcon.com, March 2005: “Symantec: Mac OS X a Hacker Target”:
Symantec’s concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.

“The iPod, PowerBooks and mini Macs are cool products,” Turner said. “The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but don’t secure it. As Apple increases its market share, it will be a legitimate target”.

Eric Hellweg, MIT Technology Review, October 2004: “Hackers Target Apple? Congratulations!”:
The Apple community has, since its inception, been largely immune to nefarious hackers bent on spreading harm. If you are a Windows user, as I am, you know the routine. You complain about the latest spyware or virus attack, and Apple devotees respond with good-natured teasing — they don’t have worry about such nonsense. Well, now they do.

Predictably, posts on various Apple-related message boards have been offering varying levels of concern, ranging from mild disappointment to utter gloom. I think this reaction is fundamentally misguided. MAC users should not be upset about this malware news; they should rejoice.

Liameter

More scaremongering. All this malware relies upon the Mac user entering his admin password to install it. It will affect only those users who have not bothered to set up a non-admin account for everyday use and who are daft enough to install stuff without checking what it really is.

What we need is a *proper* OSX virus that downloads and installs itself without intervention or knowledge of the user. We've been waiting 11 years for this!

(BTW I think you've breached the forum's rules on copyright by quoting such a large chunk. You should quote one sentence and link to the rest.)

Sad Professor

Gruber hit the nail on the head. He summed up what I've been saying for ages. These doomsayers have no credibility. Mac users still need to be vigilant but all this crying of wolf ain't helping matters.

thecommander

Liameter wrote: »

(BTW I think you've breached the forum's rules on copyright by quoting such a large chunk. You should quote one sentence and link to the rest.)

Thanks for pointing that out. I'll make sure to be more vigilant in future. Or maybe I'll PM it to you first and you can have a look over it for me. Just in case.

jack presley

Did you note the dates on some of those stories linked by the Commander? Some go back to 2004!

Liameter

Yes, the story is becoming very old. They've been predicting the doom of Apple Mac users for over a decade. Has about as much credibility as this: http://www.npr.org/2011/05/07/136053462/is-the-end-nigh-well-know-soon-enough