backtop


Print 35 comment(s) - last by Azethoth.. on May 3 at 4:11 PM


MACDefender is the latest piece of malware to pop up targeting Apple's OS X platform. Its risk is minimal as it can only install via a combination of an exploit and user carelessness.  (Source: Intego)
Cybercriminal community's interest in attacking Apple users is growing, but still lacks discipline

According to a handful of dedicated hackers of Apple, Inc.'s (AAPL) computer operating system, OS X, the OS is actually less secure than Microsoft Corp.'s (MSFT) Windows.  But thanks to the OS's small market share (traditionally 5 percent or less) most cybercriminals haven't felt it worthwhile to target the platform.  Also, some hackers have misgivings about attacking Unix-like operating systems (e.g. Linux, OS X).

Still, Apple's growing market share and boastful claims of security have lead to an increased interest in attacks and some OS X malware has been popping up of late.  

The latest malware to target OS X is dubbed "MACDefender".  Attack pages for the new malware exploit the way Apple's default Safari browser handles Javascript, running a script that auto-initiates the download of a script file.  If the user has opted to open "safe" files, the archive will then auto-open and initiate an install dialogue.

The risk is minimal as users must approve of this dialogue and enter an administrative password to complete the installation.  Still it may be a bit more widespread as the attack pages have boosted themselves to near the top of many search results, thanks to search engine optimization (SEO) poisoning.

It is unclear what the software does when active, though it appears to be logging user activities.  Users who accidentally installed the software can still delete it by killing its process and dragging it from the Applications folder to the Trash bin.

Members of the Apple Support community first noted the malware last Saturday.  

On Monday, security firm Intego released an advisory, calling the risk of the malware "low".  Intego writes:

When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open.

The malware unfortunately shares its name with a legitimate OS X software firm.  MacDefender is a small software firm that makes geocaching software, including GCStatistic and DTmatrix.  The company has released a statement emphatically saying that it is not affiliated with the rogue software.

The company writes:

IMPORTANT NOTE: As it seams (sic) someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.

In recent months botnet-forming worms and trojans have targeted OS X.  Most of these pieces of malware have been amateurish efforts, though, or works in progress.  Nonetheless it remains a very real possibility that Apple could one day see a serious attack.

For its part Apple has suggested users get an antivirus program, though it still claims in advertisements that its platform does not suffer from malware like Windows.  Apple has refused to provide customers with free antimalware software like Microsoft does, so security firm Sophos Plc. has picked up the ball offering free basic protection to Mac users.  Some other smaller firms also offer free Mac antimalware suites.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: I'm not saying..
By Tony Swash on 5/2/2011 6:32:55 PM , Rating: 0
Given that I brought up the subject of Osama Bin Laden I will post this killingly funny story no pun intended).

http://rixstep.com/1/20110502,00.shtml

You cannot make up any story about how bad security on Windows is - whatever ridiculous hype you make up get's topped by reality.

Why do you Windows user put up with this crazy shit?


RE: I'm not saying..
By Pirks on 5/3/11, Rating: 0
RE: I'm not saying..
By Tony Swash on 5/3/2011 10:50:42 AM , Rating: 2
quote:
Because you Mac user keep lying. Try to read Wikipedia and stick to facts about Windows NT being multiuser from the start, see if my treatment of you Mac user changes.

Besides, Mac OS X can get infected exactly the same way if Mac user agrees to download some "web codec" just like stupid Windows users do. But you are not worried about the facts at all, are you, Tony?


Of course multi-user functionality was added to Windows - as I said Windows has improved its security incrementally. But its also still true that the OS has never been re-written from the bottom up and all the old crud has never been thrown out. If you want some back ground on how compromised many of the design decision were have a look at 'Barbarians led by Bill Gates" by Marlin Eller one of the long term lead developers on Windows. The proof of the pudding is in the eating and the fact that major zero day holes are being found in Windows all the time is an indicator of just how piss poor the architecture is.

I know you guys love to trot out the old 'security through obscurity' drivel whilst never explaining how exactly Apple, of all companies, is obscure. I am sure it reassures you in some way. But it's tosh and deep inside you know it. Malware is essentially a Windows problem. Stop using Windows and it goes away. Stop using Windows and you can dispense with anti-virus software. Stop using Windows and you can stop worrying all the time about malicious attacks. It's one of the many reasons so many people are switching to Macs.


RE: I'm not saying..
By Pirks on 5/3/2011 11:57:46 AM , Rating: 2
quote:
multi-user functionality was added to Windows
Another lie. Windows NT was designed to be multiuser from the beginning, it was not added to it later. Poor knowledge of OS history makes you looking bad Tony.
quote:
its also still true that the OS has never been re-written from the bottom up and all the old crud has never been thrown out
Yet another lie. Windows NT was this exact rewrite from scratch. If you have no idea about those basic history facts - doesn't mean they didn't happen.
quote:
The proof of the pudding is in the eating and the fact that major zero day holes are being found in Windows all the time is an indicator of just how piss poor the architecture is
Major zero day holes are being found in OS X on those PWN2OWN security conferences all the time, it is an indicator of just how piss poor the OS X architecture is.
quote:
Stop using Windows and you can dispense with anti-virus software.
Problem is we will have to dispense NOT _JUST_ WITH THE ANTI VIRUS SOFTWARE in this case, but with all the other Windows software too. How hard is it for you to understand this very basic fact, Tony?


RE: I'm not saying..
By Azethoth on 5/3/2011 4:11:53 PM , Rating: 2
"But its also still true that the OS has never been re-written from the bottom up"
Wrong. Windows NT is a written from scratch OS. Windows was layered on top of it as of Windows XP in 2001.

I followed your Osama link and its all about some guy running XP and OMG getting his 10 year old OS infected. So yeah, XP is vulnerable, but the secure version of Windows is Vista and 7. Those are the ones they released after they got serious about security.

If you can show me rampant vulnerabilities in Windows 7 then I will beat my chest as well. However, the vulnerability of the old versions are neither controversial nor relevant here. Windows XP is not even available for sale anymore. MS dumped it back in 2008 and even OEMs can no longer sell it as of last year.

Your points about real world infections are all valid and will probably remain so. I am also hopeful that the closed nature of iOS + app store keeps my iPad and iPhone malware free as well.

As for personal anecdotal experience: Mac+ = 1 virus back in the early 90's. PCs: none. However I am a programmer and do not just click on anything that moves unless its in a FPS.


"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki