29 replies to this topic

[LilBambi]

New Mac Malware – Is Mac no longer safer? (FransComputerServices Blog):

Quote

With the equivalent of “Security Center 2011” now having a counterpart for the Mac called “MAC Defender, Mac Security, Mac Protector, or any number of knockoff names“, there is a lot of discussion as to how safe the Mac still is compared with Windows.I have not seen any Windows variant of this type of malware that is as easy to remove from Windows as it is from the Mac.

Much more in the article.I do use an antivirus for my Mac. And I have a full course of things I do on the Mac just as I would any other OS. But I still know from experience that Windows gets hit much more and with more viruses/trojans, and other malware than the Mac.

[lewmur]

LilBambi, on May 20 2011, 12:26 PM, said:

New Mac Malware – Is Mac no longer safer? (FransComputerServices Blog):Much more in the article.I do use an antivirus for my Mac. And I have a full course of things I do on the Mac just as I would any other OS. But I still know from experience that Windows gets hit much more and with more viruses/trojans, and other malware than the Mac.

Ed Bott and Adrian Kingsley-Hughes of ZDNet have both been trying to make a big deal of this and I think it is ridiculous.  Is there really anyone left who doesn't know better than to fall for scareware?  Sure, anyone browsing the web or opening emails has to exercise a modicum of caution, but to read their blogs one would think that the Mac users had just become subject to the same level of attack that Windows users are.   They ignored an article about MS admitting that one out of every fourteen downloads contain  Windows malware.While it isn't something I'd recommend to others, I don't bother with AV software on my Linux machine at home.  I'm the only one who has access to it and I'm careful about what I download.  I haven't had a single infection in seven years.  But I wouldn't dream of doing the same thing in Windows.  Even the Windows sessions I run in Virtual Box have full AV suites.

Edited by lewmur, 20 May 2011 - 01:46 PM.

[LilBambi]

Yep, definitely overblown, IMHO.But I do use AV on my Mac, but I wouldn't dream of using Windows, even in a virtual machine without it, for sure. That said, this is something that was modified to definitively hit Mac users while they surf the Internet. That is something new and different in the Mac world. Mac users do need to be aware of regardless of whether they use an antivirus or not. But as you say, it's no where near the threat that all the thousands of viruses, trojans, worms, malware for Windows poses.

[ross549]

I have never used AV in linux or my Mac. ;)Granted I use firefox with adblock plus loaded, but that is as far as I go. I can see when I mistype things in the address bar how some folks would get infected.  The thing is with this infection is that you must type your password in order for the software to install.Adam

[LilBambi]

I never used to use antivirus on my Mac either. Except for ClamXAV to make sure I didn't pass anything bad to my Windows friends accidentally.But I do now. I figure it couldn't hurt to do so and it hasn't really bogged it down that much surprisingly. Wanted to test it out anyway. And besides my Mac AV from ESET was a very nice gift from our Anniversary party here on Scot's and it was a nice gift and I wanted to make sure it would work well. Works great so far.I also use various security related addons for Firefox, including NoScript, Adblock Plus, Flashblock, Better Privacy. and WOT. I also use Main Menu and/or OnyX to keep things cleaned up.

[Tushman]

Mac users have had the luxury of not being the target of virus/malware writers for a very long time.   There's probably been one or two throughout the years, but nowhere near the level of same attack and proliferation as Windows targeted viruses.  I think that's contributed to a large complacency amongst Mac users that they're immune and "it's nothing to worry about".... This new mac version should ring an alarm bell and rightly so.  When was the last time that a windows based virus was then ported to a Mac version?  If it's happened before, I can't remember when.

[LilBambi]

Yep, definitely a wake up call.

[lewmur]

Tushman, on May 20 2011, 02:18 PM, said:

Mac users have had the luxury of not being the target of virus/malware writers for a very long time.   There's probably been one or two throughout the years, but nowhere near the level of same attack and proliferation as Windows targeted viruses.  I think that's contributed to a large complacency amongst Mac users that they're immune and "it's nothing to worry about".... This new mac version should ring an alarm bell and rightly so.  When was the last time that a windows based virus was then ported to a Mac version?  If it's happened before, I can't remember when.

But this isn't a virus/malware.  It is merely a transparent invitation to install a virus/malware.  Hardly the things Windows user face one out of every fourteen downloads.  If I were a Mac user, my response to this "wakeup call" would be to hit the snooze button.

Edited by lewmur, 21 May 2011 - 10:16 AM.

[ross549]

Indeed. It is analogous to a linux user being tricked into installing some kind of garbage on their system. In that case, the user still has to initiate the action. Usually, linux users are very familiar with this type of social engineering, so it is useless as a tactic to compromise a system.Adam

[LilBambi]

For sure!I remember not just 2 weeks ago, a box opening up while browsing on a site (can't remember which one, but a legit one). The box looked like a download window that I didn't ask for. It was for iOS 4.3 and my iPod Touch won't even upgrade to iOS 4.3!

[Tushman]

ross549, on May 21 2011, 10:28 AM, said:

Indeed. It is analogous to a linux user being tricked into installing some kind of garbage on their system. In that case, the user still has to initiate the action. Usually, linux users are very familiar with this type of social engineering, so it is useless as a tactic to compromise a system.Adam

I disagree.  Only on the point that Linux users and Mac users are equally aware or savvy about these things.  Although I'd like to think that Mac users are smarter than Windows users, my experience in the field and supporting users in a corporate environment tells me otherwise.  Victims that fall prey to these types of infections are usually quite clueless about security and lack computer savvy in general.  I don't think there's any studies out there that show Mac users are on par footing with Linux users.

[LilBambi]

Particularly those that were Windows users that moved to Mac solely for what they thought were safety features they didn't find in Windows when they got hit with this type of thing.

[ross549]

Tushman, on May 21 2011, 12:27 PM, said:

I disagree.  Only on the point that Linux users and Mac users are equally aware or savvy about these things.  Although I'd like to think that Mac users are smarter than Windows users, my experience in the field and supporting users in a corporate environment tells me otherwise.  Victims that fall prey to these types of infections are usually quite clueless about security and lack computer savvy in general.  I don't think there's any studies out there that show Mac users are on par footing with Linux users.

I did not mean to imply that Mac and linux users are in the same category as far as computer knowledge. I meant to say that the method of infection between the two OSs would be similar.Adam

[LilBambi]

Quite true.

[Tushman]

ross549, on May 21 2011, 01:51 PM, said:

I did not mean to imply that Mac and linux users are in the same category as far as computer knowledge. I meant to say that the method of infection between the two OSs would be similar.Adam

Alright I got'chya.It's been suggested that this virus is nothing to worry about or that it's not so dangerous because it requires a user to deliberately download & install a piece of software.  That line of argument doesn't hold water.  Just about every type of virus or trojan infection requires some type of user action to initiate.  You don't wake up one morning and suddenly find some virus on your hard drive unless you (or someone in your household) has done something like... download an applic. or click on an link in your e-mail, etc. etc.  (There might be a couple of exceptions to that such as sharing an infected file on a flash drive with your buddy or downloading a file through a p2p program).  Therefore, I still inclined to say that this should be a wake up call for Mac users.  Not many Windows based viruses have been redesigned to cause damage to Mac users.  The criminals and/or virus authors are moving more more towards web based attacks as opposed to sending SPAM/or trying to propagate their malware through e-mails.

Edited by Tushman, 21 May 2011 - 05:56 PM.

[LilBambi]

I have updated my posting to include a few more links, and one in particular from a great article by Andrew Jaquith at SecurityWeek entitled, "Don't Panic Over the Latest Mac Malware Story":

Quote

Now that we’ve established who benefits from Mac malware predictions — security companies and a certain type of IT professional — the second question is, do we care about the prediction that “serious” malware is coming to Macs? Only a little. It is true that Macs aren’t dusted with some sort of magic unicorn Unix-y pixie powder that makes it less vulnerable to security flaws than Windows. But it is equally true that the Mac remains a less risky platform than Windows because of the fewer strains of malware written for OS X. By "fewer" I mean 99% fewer: a hundred malware samples versus 50 million. The Mac also has a much less evolved malware supply chain. By "less evolved" I mean "nonexistent," this one example notwithstanding.

The rest of the article is just as good as this quote. A must read. IMHO.

[LilBambi]

I added the Apple Support HT4650 article for removal instructions for the malware on my posting New Mac Malware - Is Mac no longer safer? posting.Full instructions are very easy for users to do if they follow the instructions.And easier yet, if they aren't sucked in by the social engineering in the first place, of course. ;)This was posted at USAToday: Apple to issue Mac update to halt malware attacks

[LilBambi]

Well...Newest MacDefender installs without password (Fran's Computer Services Blog):

Quote

Newest MacDefender scareware installs without a password (Computerworld)    Criminals ‘give Apple the finger,’ says security researcher, by releasing new version just hours after Apple warned of fake AV softwareJoy…This just hours after Apple decided to finally help users defend against these fake AV scams, as well as provide a way to rid the Mac of the problem.

And as I noted in the posting, the new scammers, errr, spammers URL shortening scheme is going to make this so much easier, and not just for Macs either, but Windows as well.More in the posting. Read it and weep...

[ross549]

Seems that the source article indicates it is an issue with Safari auto-running installers. I don't think this problem exists with Firefox.

[LilBambi]

Course ... Firefox with NoScript should still keep one safe ... it's that allowing things to be installed/unzipped automatically in Safari that appears to be the biggest problem on this one ... but who knows...

[LilBambi]

Using the ubiquitous browsers in any OS seems to be hit hardest and first anyway ... whether it's Mac (Safari) or Windows (Internet Explorer)

[goretsky]

Hello,So far, nine variants of this fake Mac antivirus program have been identified since it was discovered about a month ago.  Also, one new Smid exploit for OS X as well.While this is trivial compared to the amount of malware one sees targeting Windows installations, it does mean that someone feels there is a value proposition out there for compromising computers running OS X.  Regards,Aryeh Goretsky

[Corrine]

Introducing the BleepingComputer Mac Rogue Remover ToolAt present, the Mac Rogue Remover Tool will remove the following:

•   Mac Security - Mac Security Removal Guide
•   Mac Defender - Mac Defender Removal Guide
•   Mac Protector - Mac Protector Removal Guide
•   Mac Guard - Mac Guard Removal Guide

[LilBambi]

Excellent Corrine! Thanks for posting it here!Also, I have posted about it here on Fran's Computer Services blog. The more places Mac users can hear about it, the better!

[Corrine]

LilBambi, on May 26 2011, 09:05 PM, said:

The more places Mac users can hear about it, the better!

That's what I thought and wrote a quick blog post about it also. Mac Rogue Remover Tool