or Connect
AppleInsider › Forums › Software › Mac OS X › Latest 'MAC Defender' malware attacks Mac OS X without password
New Posts  All Forums:Forum Nav:

Latest 'MAC Defender' malware attacks Mac OS X without password - Page 2

post #41 of 94
Quote:
Originally Posted by ernstcs View Post

I've always hated and never understood why the option existed in Safari to automatically 'Open "Safe" files after downloading'. I don't think Safari really knows what's SAFE and what's not. Bad Apple!

So turn it off.

It's not rocket science.
post #42 of 94
Quote:
Originally Posted by Archipellago View Post

Great post...and bang goes Apple's marketing...


Win PC user installs trojan = Win PC bad
OSX user installs trojan = User bad

????

Excuse me but you have no idea what you are talking about. The knock on MSFT is viruses and malware which is epidemic on the PC. This is actually a phishing scam that attempts to get you to enter your credit card info. Totally different from the former.
post #43 of 94
Quote:
Originally Posted by camroidv27 View Post

Because users trust their Apple products. They have been told that no matter what, there is no malware written for their computers.

I've never seen this anywhere.
I have heard there are no virii in the wild for Macs.
Quote:
What I don't get, is why people are downloading an AV program for an OS that touts it not needing one.

The people saying this are not downloading anti-virus programs.
Most of the Mac owners who do download anti-virus programs are previous Windows users because, "Of course, you do need AV for Windows."
post #44 of 94
Quote:
Originally Posted by camroidv27 View Post

Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
True a Trojan isn't a computer virus by definition, so I'll give you that one. But, when you are advertising to the general public, most don't know the difference between a Virus, Worm, or Trojan, or Spyware, or Malware, or any of the other kinds I didn't list. Its that general public who have been downloading the Mac Defender in the first place, not people who visit sites like this.

[EDIT] Just saw the post above with the web page. Nice find. Clearly states, its not 100%. Does it say that Macs are Secure... Yes. Are they? Not as much as the general public perceives it to be. Hence, the problem. Apple says its secure, so people trust it.

So where WAS MACdefender when those commercials USED TO run?
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #45 of 94
How many hundreds of thousands of times has this virus conversation happened? Not just for Macs, but for Windows too. Who is at fault etc. Why don't the TPB fix this? Change the way the the Internet works so that people can't do this sort of thing. And while they are at it fix email too so there is no such thing as junk mail. And yes I know the argument that this would be pointless since criminals would find a way to break the new system. I don't accept that. The internet and email is broken and has been for 15 years. Someone needs to step up and fix it.
post #46 of 94
Quote:
Originally Posted by MacRulez View Post

Apparently:
http://www.google.com/search?q=most+dangerous+OS

It's more risky for the general population browsing on Windows though. Reading beyond the sensational headline, they state that:

"The security experts at Trend Micro have crowned Apple's Mac OS X as the riskiest operating system to be used based on the long patch cycles."

That criteria alone means little because there have been far fewer holes to patch. This isn't a technical vulnerability relying more on social engineering. The UI designers designed the hole. It's not bad code, per se.

Looking at different criteria you'll find that Mac OS X's code base has far more reported vulnerabilities, but "[i]f you consider only the critical and high operating system disclosures, Microsoft dwarfed all the other players with 73 percent."

The truth is that if you browse a malicious web site on a Mac using Safari it seems that for now you may get a request to install an application. Windows you likely won't get that. Simply visiting is enough to have the malware installed and it's very hard to remove and likely requiring a reinstall of your OS. This malware targeting Mac OS X requires stopping the App and dragging it to the trash.

Last point - what Iworry about is that the next obvious evolution for Mac Defender is to download more malware.
post #47 of 94
Quote:
Originally Posted by camroidv27 View Post

Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.

They do say that, but they dont say its impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldnt be needed if its impossible for Macs to get viruses.

Note the clever wording in their ads. Its stated that Macs cant get PC viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apples position on this makes it very clear to what they are referring.

Ive chose the UK version with David Mitchell and Robert Webb because Im a fan:
http://www.youtube.com/watch?v=avFdcKUnbEs (Virus)
http://www.youtube.com/watch?v=AzXRZqZhMwQ (Disguise)
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #48 of 94
What I don't understand here is that this thing "...is downloaded automatically when a user visits a specially crafted web site." That web site must have a registered domain, whoever is doing this must be leaving their IP address when uploading it and so on. Can't the perpetrator therefore be easily traced? If not outright fraud, then surely it contravenes consumer legislation? Why isn't the site shut down and the perps prosecuted?
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #49 of 94
Quote:
Originally Posted by allblue View Post

What I don't understand here is that this thing "...is downloaded automatically when a user visits a specially crafted web site." That web site must have a registered domain, whoever is doing this must be leaving their IP address when uploading it and so on. Can't the perpetrator therefore be easily traced? If not outright fraud, then surely it contravenes consumer legislation? Why isn't the site shut down and the perps prosecuted?

1) If your an access a system to upload malware and rewrite the site its possible you could delete records of your presence, too.

2) Even if you can trace their IP address what does that get you? This doesnt sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if its not, its not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #50 of 94
Quote:
Originally Posted by solipsism View Post

1) If your an access a system to upload malware and rewrite the site its possible you could delete records of your presence, too.

2) Even if you can trace their IP address what does that get you? This doesnt sound like a 13yo in a basement in Wisconsin, this sounds more like a team of people in one of the poorer countries. Even if its not, its not hard to anonymously use free WiFi or an internet café. You can even change your MAC address so any router or server records at the point of origin could still be a dead end.

OK, thanks. Perhaps Apple should employ a team of hackers and just bring the site down!
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #51 of 94
I just hit this link today (DO NOT CLICK) from within a Google search I made;
http://ldr.zeobit.com/paramss=sbbY37...yMK4r5g=&trt=2

Without the link, zeobit.com doesn't do anything --
traceroute to http://ldr.zeobit.com/ (67.215.65.132), 64 hops max, 52 byte packets
...
3 75.94.255.161 (75.94.255.161) 104.961 ms 89.322 ms 95.287 ms
4 66.162.21.1 (66.162.21.1) 100.462 ms 89.785 ms 89.764 ms
5 dal2-pr2-xe-1-2-0-0.us.twtelecom.net (66.192.240.94) 119.649 ms
dal2-pr2-xe-2-2-0-0.us.twtelecom.net (66.192.241.78) 119.476 ms 125.630 ms
6 ae-23-70.car3.dallas1.level3.net (4.69.145.69) 125.117 ms 129.539 ms
ae-33-80.car3.dallas1.level3.net (4.69.145.133) 129.900 ms
7 splice-comm.car3.dallas1.level3.net (4.71.120.66) 134.553 ms 130.320 ms 134.405 ms
***
(at this point, it just sits and waits -- I suppose for the coded command string from the poisoned link)

The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.

I don't think it requires a STUPID user in this case -- it's more of someone not paying attention. There is nothing visually to show what is going on. And the "workaround" is not obvious. Forcing the "OK" button click coerces the "user interaction."

>> The big question is; how can something be ON the internet, and yet, invisible? Some intermediary has to blindly take the code and pass it to a server. URL-shortening services or using the basic switching codes of the hubs. Ultimately, this seems like a problem with the backbone and routers, because the "link" is made almost entirely of router commands.

I would suppose that an EASY fix for this, would be to have links that RESOLVE to an IP address before loading the page. These "poisoned pages" are passed to the browser by router commands.

>> Hopefully, I won't be hitting another link like this.
post #52 of 94
Quote:
Originally Posted by Fake_William_Shatner View Post

I just hit this link today (DO NOT CLICK) from within a Google search I made;
[]

The annoying thing is, that it puts up a dialog that you CANNOT escape out of, so the "user OK" is fairly mandatory. I could not get to preferences, or another Safari window. I basically had to "force quit" the application.

I clicked the link. I also hit the OK button in the popup without the app downloading.

The software and company appear to be legit, which is collateral damage from the malware scare.
www.zeobit.com
http://www.macworld.com/article/1514...mackeeper.html
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #53 of 94
Who is Intego?

They seem to be the only ones finding this stuff. I suspect it is they who are writing this crap.

Never trust a virus checker or computer security company. They don't have anyone's best interests at heart except their own.

I wouldn't trust them as far as I can throw them and considering I'm not superman able to lift buildings I'm going to say I can't throw them therefore I can't trust them.
post #54 of 94
Quote:
Originally Posted by solipsism View Post

They do say that, but they dont say its impossible. In the screen shot below they even state they are actively protecting against viruses and spyware which wouldnt be needed if its impossible for Macs to get viruses.

Note the clever wording in their ads. Its stated that Macs cant get PC viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apples position on this makes it very clear to what they are referring.

Ive chose the UK version with David Mitchell and Robert Webb because Im a fan:
http://www.youtube.com/watch?v=avFdcKUnbEs (Virus)
http://www.youtube.com/watch?v=AzXRZqZhMwQ (Disguise)

And yet there are still 0% viruses for the Mac. How is this not getting into your head?

This is NOT a virus. It doesn't have the properties of a virus. It doesn't replicate like a virus. Nor does it install without the user's knowledge like a virus.
post #55 of 94
Quote:
Originally Posted by solipsism View Post

I clicked the link. I also hit the OK button in the popup without the app downloading.

The software and company appear to be legit, which is collateral damage from the malware scare.
www.zeobit.com
http://www.macworld.com/article/1514...mackeeper.html

>> I'd say "legit" is sort of like "not prosecutable" in this case. I didn't know about this poisoned link BEFORE I got to this website.

To me -- it's a good example of how these poisoned links are formed. When I clicked in my Google search list, I was EXPECTING to go to a website about setting up a USB device to make it bootable for newer Powerbooks.

The other thing is that you CANNOT get off their page, without clicking the "OK" button. A button like that can "OK" all sorts of things, like setting some FLASH-based spyware, setting your home-page, or forcing you to agree to a standard EULA

Make sure you scan your "cookies" and check any cached flash files to be sure...
It's good to know it was mostly harmless -- but I imagine this is EXACTLY like the scam links. Their web address also doesn't allow you to get any information about them. The WEB PAGE is not what you should be trusting for "legit" sites -- it's the WHOIS information based on their IP address. If I get to some website I didn't expect, and I cannot discern the URL or IP address -- it's a red flag and I NEVER deal with that website.

>> So on the odd chance this is a company that isn't up to no good -- with or without this new scare on Macs, I would avoid it like the plague.
post #56 of 94
Running an installer isn't required and it can run from the downloads folder for that matter. You will get a warning the first time you run something from OS X that the program was downloaded from Safari though. That should still be enough warning. It isn't like the program downloaded and ran itself.

You protect against Malware by educating people not by securing software. The AppStore should help with the hand holding in the future for those who need it though.
post #57 of 94
Quote:
Originally Posted by ernstcs View Post

I've always hated and never understood why the option existed in Safari to automatically 'Open "Safe" files after downloading'. I don't think Safari really knows what's SAFE and what's not. Bad Apple!

A safe file is a file that can't contain embedded executable code. In other words, there is no way a safe file can contain malware. So, yes Safari does know what is safe and not in this situation. Good Apple! You should really try not to hate things you don't understand.
post #58 of 94
Quote:
Originally Posted by Gwydion View Post

What have to clean Google, or Bing, or Yahoo. All of three can be cheated by SEO techniques.

Why should Google be rewarded with our clicks if it's no better than the rest?
post #59 of 94
This article is pure click-bait. Dammit, I clicked it.
post #60 of 94
Quote:
Originally Posted by Fake_William_Shatner View Post

Make sure you scan your "cookies" and check any cached flash files to be sure...

Those Flash files being Local_Shared_Objects. Frankly, I don't know how Adobe get away with these. Your browser preference can be set to 'Accept no Cookies', but unbeknownst to you, unless you find a fairly obscure preference within the Flash player itself, these trackers will secrete themselves within your system folder, and they are (or at least can be) permanent. There is a Firefox add-on called 'Better Privacy' which will deal with these, and the first time I ran it was shocked to discover that there were over 800 of these things infesting my hard drive.
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #61 of 94
Quote:
Originally Posted by spliff monkey View Post

and it makes me wonder why people click "OK" to begin with. I mean seriously. I've seen macdefender ads all over. It's a classic scam, why would anyone think it is in fact ok?

Quote:
Originally Posted by jpellino View Post

Would anyone download an unknown, untested, un-vouched-for "defender" or "guard" or anything else for that matter, but especially something that claims to be a defender, guard, etc....?

Sadly, new Mac users are getting dumber and dumber. They're smart enough to run businesses, marry rich spouses, or work smart/ hard/ whatever at well-paying jobs.

But when it comes to computers, they are dumb, dumb, dumb.

I forsee Lion having to incorporate some sort of built-in anti-malware/spyware/"virus" that is updated from a central database run and maintained by Apple itself. Otherwise Apple's reputation and support costs are going to move in an inverse direction to each other.

Yes, Apple says there's "built in protection" and software updates but this will have to be improved and it will have to check daily for new threats.
post #62 of 94
Quote:
Originally Posted by camroidv27 View Post

Didn't they say in the ads that there are no viruses or spyware for macs? I distinctly heard that.
True a Trojan isn't a computer virus by definition, so I'll give you that one. But, when you are advertising to the general public, most don't know the difference between a Virus, Worm, or Trojan, or Spyware, or Malware, or any of the other kinds I didn't list. Its that general public who have been downloading the Mac Defender in the first place, not people who visit sites like this.

[EDIT] Just saw the post above with the web page. Nice find. Clearly states, its not 100%. Does it say that Macs are Secure... Yes. Are they? Not as much as the general public perceives it to be. Hence, the problem. Apple says its secure, so people trust it.

The next time someone drives a Volvo into a brick wall and dies, you will be that moron on the Volvo Insider forum blaming Volvo because they market their cars as safer than others. Your argument being mostly thatthe marketiing claim leads some people to believe that safer equates with invincibility.
post #63 of 94
Quote:
Originally Posted by lowededwookie View Post

This is NOT a virus. It doesn't have the properties of a virus. It doesn't replicate like a virus. Nor does it install without the user's knowledge like a virus.

It is clearly not a virus. It is rogueware based purely on social engineering.
post #64 of 94
Quote:
Originally Posted by bitWrangler View Post

I wish the press would stop using words like "virus" and "attack". The software doesn't attack anything (other then the intelligence of those who install it) and it is not a virus nor is it a trojan. It's a phishing attack, a software con artist that depends on users making at least one conscious decision to actually install the thing onto their systems.

I agree with you they just want to make the public more scared than it really is.
post #65 of 94
As Apple increases market share this issue is inevitable. Get use to it. PCs have been dealing with this for years, not because the systems are horrible but because the quantity and availability of potential infections/installations. Now it is starting to become Apple's issue with their steadily increasing market share.....over half the people I know who were PC 5 years ago are now Mac. With the increase communication of Mac to Mac we will see a lot more of this.
post #66 of 94
Quote:
Originally Posted by lowededwookie View Post

And yet there are still 0% viruses for the Mac. How is this not getting into your head?

I called MAC defender a virus? Try reading my post.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #67 of 94
Quote:
Originally Posted by OskiO View Post

As Apple increases market share this issue is inevitable. Get use to it. PCs have been dealing with this for years, not because the systems are horrible but because the quantity and availability of potential infections/installations. Now it is starting to become Apple's issue with their steadily increasing market share.....over half the people I know who were PC 5 years ago are now Mac. With the increase communication of Mac to Mac we will see a lot more of this.

Macs had virus before Mac OS X yet they sell more units and have a greater marketshare today which means what you say is a false argument.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #68 of 94
deleted
post #69 of 94
Quote:
Originally Posted by solipsism View Post

Macs had virus before Mac OS X yet they sell more units and have a greater marketshare today which means what you say is a false argument.

Solipsism, I imagine you're already aware of the "16% market share" as it relates to malware for OS X. For others here's the related article.

http://www.cultofmac.com/security-re...l-threat/94720
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #70 of 94
deleted
post #71 of 94
Is a brand new world where your mac needs protection. The funny thing is, there are no Trojans for the mac osx in the wild, and the only reason people believe and download this program is because they are used to the Windows experience.

The best course of action is not giving your less computer savvy spouse (male or female) the admin password.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #72 of 94
deleted
post #73 of 94
Quote:
Originally Posted by solipsism View Post

Note the clever wording in their ads. It’s stated that Macs can’t get “PC” viruses and spyware. We could argue that Macs are personal computers and therefore fall under the PC label, but Apple’s position on this makes it very clear to what they are referring.


They have to say PC viruses, because there are no OSX viruses in the wild. What we now have is malware, designed to steal your money not a virus design to erase your files and damage the OS.

On the other hand this is worrying that perhaps people will attempt to write more sinister apps for OSx in the future.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #74 of 94
Quote:
Originally Posted by spliff monkey View Post

and it makes me wonder why people click "OK" to begin with. I mean seriously. I've seen macdefender ads all over. It's a classic scam, why would anyone think it is in fact ok?

Because they bought into the fallacy that Macs are "Secure". And to most people they believe that means a lot of "warm & fuzzy" things that cause them to have blind faith in a platform. The Spin Doctors are going to have to sharpen their pencils now that more Macs are selling.
post #75 of 94
I got this yesterday from a google link that was completly unrelated.

The thing that bothers me was it downloaded automaticly without asking anything then it also automatictly open up. I then got a confirmation box for the install.

imo nothing should be able to download automaticly without asking. This reminds me a lot of windows.
post #76 of 94
Quote:
Originally Posted by Archipellago View Post

Win PC user installs trojan = Win PC bad
OSX user installs trojan = User bad

????

Not that simple, though. 'Windows Defender' installed on our computer simply because my dear S.O. visited a phoney site [which wasn't his fault - appeared *1st* in a Google search result]. No clicking 'OK' or 'Install' necessary.

Second, the majority of Apple *and* PC users are not the sort of people who visit AI. Think of your parents or your cousins in the flyover states [no offense; I was born there too]. Something that looks like an Apple OS or Windows notice appears, and all they want to do is get to their search result / FB page / game, so they hastily click "OK".
post #77 of 94
Quote:
Originally Posted by MacRulez View Post

What exactly is "cheating", and what specifically would you propose to prevent it?

One thing is Google could bring back user ratings or feedback on their search pages - a simple button by each search result, so if you click on a link and find that it's a faux site, a compiler, it tried to download something, etc., then you could click the button and flag that site. And then a human at Google could check it out, and delete the site from results pages in the future if there's a problem.

At least once a day I get a highly-ranked search result that turns out to be a junk site - unless I go through the cumbersome process of giving Google 'feedback' and cutting-and-pasting the link into an email, there's no way to push back against this threat from the user's perspective.

And after all, isn't user feedback and rankings *exactly* Google's response to malapps for Android phones?!?!
post #78 of 94
Quote:
Originally Posted by Sierrajeff View Post

One thing is Google could bring back user ratings or feedback on their search pages - a simple button by each search result, so if you click on a link and find that it's a faux site, a compiler, it tried to download something, etc., then you could click the button and flag that site. And then a human at Google could check it out, and delete the site from results pages in the future if there's a problem.

Oh, dear heavens. Finally I'm not the only person in the world who thinks this is a good idea.

Or not even this. Since Google tracks everything you do anyway, just have it be user-specific.

Have a button next to each result: REMOVE.

And then you personally NEVER see this site or any of its pages in results ever again.

It can't be that hard; Google already lies about results depending on if you're logged in or not, why not make that a good thing?

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #79 of 94
The Register has a related article with a bit more detail on the variants and timelines.

http://www.theregister.co.uk/2011/05..._game_changer/

EDIT: Sorry, a post linked from that article has the timeline.
http://nakedsecurity.sophos.com/2011...word-required/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #80 of 94
deleted
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Latest 'MAC Defender' malware attacks Mac OS X without password