PDA

View Full Version : New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins




Pages : [1] 2

MacRumors
Jun 1, 2011, 11:26 AM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2011/06/01/new-variant-of-mac-defender-quickly-evades-apples-security-update-as-cat-and-mouse-game-begins/)


http://images.macrumors.com/article-new/2011/06/macdefender_dialog_box.jpg


As we noted (http://www.macrumors.com/2011/05/31/apple-addresses-mac-defender-threat-with-security-update-2011-003-for-snow-leopard/) yesterday, Apple released Security Update 2011-003 for Mac OS X Snow Leopard, a system update addressing the "Mac Defender" (http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/) malware threat that has been running in the wild under several different variants for the past month. The update provides tools for automatically removing the malware, as well as protection against future infections. But as reported by ZDNet (http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396), a new variant of the malware capable of circumventing Apple's update has already appeared. popping up within hours of Apple's software release.Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple's malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That's less than 8 hours after Apple’s security update was released.Apple has prepared for this eventuality by including automatic daily updates of malware definitions (http://www.macrumors.com/2011/05/31/mac-os-x-now-updates-malware-definitions-daily/) with the software update, enabling it to quickly deploy protection as new variants and entirely different pieces of malware surface. Consequently, Apple should be able to respond to the new threat relatively quickly, although the speed with which the new variant appeared suggests that those responsible for the malware will not be going away easily.

Article Link: New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins (http://www.macrumors.com/2011/06/01/new-variant-of-mac-defender-quickly-evades-apples-security-update-as-cat-and-mouse-game-begins/)



GFLPraxis
Jun 1, 2011, 11:29 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

BLACKFRIDAY
Jun 1, 2011, 11:30 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

Popeye206
Jun 1, 2011, 11:31 AM
LOL! Funny.... looks like the crooks are hard at work to stir the pot on the Mac side.

Doesn't scare me. I don't install what I don't know. Malware is just annoying.

BLACKFRIDAY
Jun 1, 2011, 11:31 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

laurim
Jun 1, 2011, 11:31 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I'm amazed people have nothing better to do than create viruses and malware all day. Imagine what could be achieved if people used their time and skills to do something useful for society. Hope they goof up, get traced and held accountable.

chrono1081
Jun 1, 2011, 11:31 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

Nice troll attempt. If MS was serious about security they would start by removing the registry.

Cheffy Dave
Jun 1, 2011, 11:32 AM
To bad the crtetins that are that mentally enabled to create this, as well as the work around, don't put their minds to work for the good of humanity;)
be a better world, hopefully when they grow up.:cool:

Dr McKay
Jun 1, 2011, 11:32 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

Most of this news is on tech orientated sites, the average consumer base likely to fall for this software most likely aren't going to visit these sites.


Nice troll attempt. If MS was serious about security they would start by removing the registry.

Stating Microsoft take security seriously is a troll attempt? And what do you have against the registry, I'd prefer an easily searchable central registry of files rather than a million .ini files scattered the length and breadth of my hard drive.

ten-oak-druid
Jun 1, 2011, 11:32 AM
Well hopefully the cat and mouse game leads to clues to finding who actually is behind the malware.

We need a survey asking people who actually run this thing if they:
A. Have always been Mac OS users.
B. Have converted from Windows OS.

laurim
Jun 1, 2011, 11:34 AM
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

Or obsessively reading mac news articles...

BLACKFRIDAY
Jun 1, 2011, 11:34 AM
Nice troll attempt. If MS was serious about security they would start by removing the registry.

Troll?

:(

I use Windows 7 for some of my work. My main machines are OS X and SunOS.

What I am trying to say that MS has showed a lot of effort on the security side which Apple has not, yet.

If you think I'm wrong, fine. But I don't see how I am biased towards Microsoft in this regard.

.Joel
Jun 1, 2011, 11:36 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

This would have to be the dumbest, most ignorant post I have read all week on here. Apple has addressed the first instance, and is now doing rolling updates pushing them straight through to your Mac to update the malware/virus definitions.

"Join date May 2011" next to your name tells me everything I need to know. Just another late comer who thinks he knows everything. I'm sure you will concoct some story as ignorant as your statement above.

segfaultdotorg
Jun 1, 2011, 11:37 AM
I guess it's time for Apple to catch up to Microsoft by including Microsoft Security Essentials on OS X.

Popeye206
Jun 1, 2011, 11:37 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

The thing is, Malware is user initiated. Unless MS, Apple or whoever knows about a specific threat, you can't stop someone from offering a user the opportunity to download something. If they say yes, they invite the crooks in. Viruses is another story. These have to go around security in the OS to install themselves and extract information or change system settings to cause harm. Obviously the second is way more dangerous because you don't see it coming.

I only point this out because what the heck is Apple suppose to do any different? If you don't know what to not allow, or look for, you can't stop someone from wanting to install software.

i.mac
Jun 1, 2011, 11:37 AM
LOL! Funny.... looks like the crooks are hard at work to stir the pot on the Mac side.

Doesn't scare me. I don't install what I don't know. Malware is just annoying.

Makes you wonder if nokia/ms are behind this! :)

kerryb
Jun 1, 2011, 11:37 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

How can you even compare the 2 companies' OS's? Microsoft has had to plug the Swiss cheese Windows due to a shabby legacy code. Unix (Mac OS X) has always been more secure than DOS, it was designed as a network OS unlike DOS.

I'm surprised the police cannot track the perps in this case considering the credit card info taken from its victims, then again there might be a huge well funded organization behind most kinds of phishing and malware.

Themaeds
Jun 1, 2011, 11:37 AM
Troll?

:(

I use Windows 7 for some of my work. My main machines are OS X and SunOS.

What I am trying to say that MS has showed a lot of effort on the security side which Apple has not, yet.

If you think I'm wrong, fine. But I don't see how I am biased towards Microsoft in this regard.

You provided a well written opposing view point. You are obviously a troll

*Sarcasm alert

juicedropsdeuce
Jun 1, 2011, 11:39 AM
Apple has no incentive to take this threat seriously. They will use it to leverage people into only using the App Store. It will prepare people for the merging of iOS and Mac OS.

Žalgiris
Jun 1, 2011, 11:40 AM
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

I doubt that one needs to be very smart or a genius. If something happens what you didn't do or didn't want to do better click 'Cance/No/Deny'

Luis Ortega
Jun 1, 2011, 11:40 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

That's not what's happening.
At work, for the past two days, several times a day when I open Safari and go to a site like the drudge report, the screen gets taken over by the malware attack and fake scan and it won't allow you to click cancel or navigate elsewhere.
You can only accept the download or shut down Safari and try again.
I found 18 downloads of the malware file in my downloads folder and I never accepted any download. Naturally, I deleted them all, but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.

BLACKFRIDAY
Jun 1, 2011, 11:40 AM
This would have to be the dumbest, most ignorant post I have read all week on here. Apple has addressed the first instance, and is now doing rolling updates pushing them straight through to your Mac to update the malware/virus definitions.

"Join date May 2011" next to your name tells me everything I need to know. Just another late comer who thinks he knows everything. I'm sure you will concoct some story as ignorant as your statement above.

And you are a newbie?

I may be a late comer but I do have a life like most others and haven't been able to get an account and chat with you all.

I am 39 years old; that does not mean I am new to Apple or their products.

Suddenly, when I have an opinion against Apple, I am wrong? I think, they are not as serious about security as Microsoft are. Simple.

I maybe wrong, but that's how I feel.

BaldiMac
Jun 1, 2011, 11:40 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

What is Microsoft doing that Apple is not that would currently prevent a Mac Defender type attack? Daily definition updates of an anti-malware scanner is the most appropriate strategy. Outside of preventing the user from installing unapproved applications, I'm not sure what else you can do.

Menge
Jun 1, 2011, 11:41 AM
Aw, crap. This kind of sucks. I wonder if Apple's just going to update the definitions or actually look at a different solution.

Popeye206
Jun 1, 2011, 11:41 AM
Makes you wonder if nokia/ms are behind this! :)

LOL!

I've always wondered is the Virus protection companies aren't the ones that hire suspect engineers from places like Russia to keep the need for them rolling. Wouldn't be too surprising if it was true.

TheLee
Jun 1, 2011, 11:42 AM
Stating Microsoft take security seriously is a troll attempt? And what do you have against the registry, I'd prefer an easily searchable central registry of files rather than a million .ini files scattered the length and breadth of my hard drive.

you obviously don't know much about system design. a central registry is a single point of failure. distributed config files (whether .plist, .ini, or what have you) is much more fault-tolerant. plus, if you were trying to maintain a system, having to open up regedit/do key manipulation is much more annoying and error-prone versus copying over configs or swapping in and out various files

EDIT: also, "searching" domains like HKEY_CURRENT_USER etc is a joke. using distributed configuration files plugs into a much wider array of search tools than having to rely on a registry-editing-specific one. ie for example in OS X i can use spotlight, google desktop, grep, slocate, etc to quickly find what config files i need.

EDIT2: i just noticed that you refer to it as a "registry of files". uh, if that's what you think it is, you may be beyond help...

Popeye206
Jun 1, 2011, 11:43 AM
Aw, crap. This kind of sucks. I wonder if Apple's just going to update the definitions or actually look at a different solution.

Yeah... they could force all installs to go through the App store... but do you really want that?

You can't stop someone from downloading and installing unless you want a totally walled garden with guards at the gate.

BLACKFRIDAY
Jun 1, 2011, 11:43 AM
I doubt that one needs to be very smart or a genius. If something happens what you didn't do or didn't want to do better click 'Cance/No/Deny'

I remember, when I was a kid, I didn't know how to tackle these things. Most of time, I'd just press enter and move on. I think that's the case here.

I know, user actions need to be controlled in case of Malware and I love OS X for being super secure in this regard.

ouimetnick
Jun 1, 2011, 11:43 AM
Seems like Apple will need to push out another malware definition or something.

OllyW
Jun 1, 2011, 11:44 AM
Makes you wonder if nokia/ms are behind this! :)

Do you think Apple spread all the Windows malware? :rolleyes:

powers74
Jun 1, 2011, 11:46 AM
Troll?

:(

I use Windows 7 for some of my work. My main machines are OS X and SunOS.

What I am trying to say that MS has showed a lot of effort on the security side which Apple has not, yet.

If you think I'm wrong, fine. But I don't see how I am biased towards Microsoft in this regard.

Apple has. They hired one of the top security experts (http://forums.appleinsider.com/showthread.php?t=98199) in the country as well as a handful of others to their OSX security team. Not that this is technically a security issue.

ten-oak-druid
Jun 1, 2011, 11:47 AM
LOL!

I've always wondered is the Virus protection companies aren't the ones that hire suspect engineers from places like Russia to keep the need for them rolling. Wouldn't be too surprising if it was true.


It's run by a big eastern syndicate, you know.
http://3.bp.blogspot.com/_juA16UhwBDU/TA74Xf5tkOI/AAAAAAAAArM/JY77fvNGcTk/s1600/7%2Bpeanuts_lucy.png

Menge
Jun 1, 2011, 11:47 AM
Yeah... they could force all installs to go through the App store... but do you really want that?

You can't stop someone from downloading and installing unless you want a totally walled garden with guards at the gate.
Yeh! Marco Arment and Dan Benjamin have been discussing that option in their podcast and they seem to think it's a pretty good option to have "walled by default" and optionally allow you to enable external apps, kind of like Android does.

I think having a selectively walled system would make it safer, but not really as elegant a solution as I'd expect from Apple. If they can find a way to make it so that your boxed software keeps working AND downloaded software is only available through the App Store, then I guess it's a good solution.

acslater017
Jun 1, 2011, 11:47 AM
Nice troll attempt. If MS was serious about security they would start by removing the registry.

Just because someone disagrees with you doesn't make them a troll. If you disagree, state your reasons why and move on.

Let's keep MacRumors a civil place!

Small White Car
Jun 1, 2011, 11:47 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

They did tighten up. It's called iOS.

Fact is, that's the only real solution here. As iPads grow and do more you'll see more people shift to them as their primary computer and they'll be happy that they don't have these problems.

Those of us who still need Macs and PCs will just have to put up with stuff like this. It's part of the trade-off.

mobilehavoc
Jun 1, 2011, 11:47 AM
And so...it begins.

BaldiMac
Jun 1, 2011, 11:48 AM
Do you think Apple spread all the Windows malware? :rolleyes:

:) I prefer the conspiracy theory that Apple is financing MacDefender, so they can stir up enough concern to justify making the Mac App Store the exclusive source of Mac Apps. :D ;)

haruhiko
Jun 1, 2011, 11:48 AM
If I'm a company selling anti-virus software, the very first thing I will do now is to write several malwares and anti-virus for the Mac and then (freely) advertise it through techblogs like this.:D

0815
Jun 1, 2011, 11:48 AM
Cat and Mouse game has truly began ...

... but as long as this malware depends on user interaction with an installer I still feel pretty safe

foodog
Jun 1, 2011, 11:49 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

You can't secure a system completely from its user. If someone chooses to download and install something harmful not much the OS can do to stop it with out playing a cat and mouse with signatures.

nagromme
Jun 1, 2011, 11:49 AM
The creators of this won’t go away easily, but they may when their labor and trouble isn’t worth it. The number of Mac users who are not updated, were not savvy before this story and didn’t get any savvier after the media storm, would fall for this and click blindly, but haven’t already done so, is a shrinking market! Whoever is paying to invade that market probably isn’t getting much long-term benefit.

Obscurity AND design benefit the Mac—and I’m glad for both! Both are advantages that will remain for years.


Cat and Mouse game has truly began ...

... but as long as this malware depends on user interaction with an installer I still feel pretty safe

Me too. If I want to install a program that erases my hard drive or stores a copy of my passwords, I can do it. But I won’t install things from non-trusted sources. Over the years, Apple has been slowly moving towards more hand-holding in this regard, and for many people that’s a great thing. But it doesn’t matter much to my own security either way!

Thunderhawks
Jun 1, 2011, 11:50 AM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

No props to anybody who creates SH%$% like that and Apple is tightening up, hence the updates.

They will figure this out IMO even up to a point where they will even send some police or whoever handles this authority to catch these people.

Someplace somebody picks up the money. They'll be there.

Go James Bond:-)

rockosmodurnlif
Jun 1, 2011, 11:50 AM
And so...it begins.
Agreed. How's security on the Linux variants?

ten-oak-druid
Jun 1, 2011, 11:50 AM
Do you think Apple spread all the Windows malware? :rolleyes:

Adding more malware to Windows would be over egging the malware pudding.

zmonster
Jun 1, 2011, 11:50 AM
Apple -- permanently disable auto-open in safari... Duh.

Žalgiris
Jun 1, 2011, 11:52 AM
I'm more worried about how they manage to inject that download code into so many sites.

LegendKillerUK
Jun 1, 2011, 11:52 AM
What is Microsoft doing that Apple is not that would currently prevent a Mac Defender type attack? Daily definition updates of an anti-malware scanner is the most appropriate strategy. Outside of preventing the user from installing unapproved applications, I'm not sure what else you can do.

It checks every day for an update. It doesn't actually update every day.

NAG
Jun 1, 2011, 11:52 AM
They did tighten up. It's called iOS.

Fact is, that's the only real solution here. As iPads grow and do more you'll see more people shift to them as their primary computer and they'll be happy that they don't have these problems.

Those of us who still need Macs and PCs will just have to put up with stuff like this. It's part of the trade-off.

That is why I think OS X needs a locked down mode (and probably default). Quite a few people just flat out do not need all of the freedom of a contemporary computer OS. They usually end up wrapping that leash around their necks. Yes, it would unfortunately require usage of the Mac App Store but it is honestly the only way to really prevent this kind of attack. The cat and mouse game will continue until they no longer get anyone with the latest variant (which could go on for a very long time).

FrizzleFryBen
Jun 1, 2011, 11:52 AM
Most of this news is on tech orientated sites, the average consumer base likely to fall for this software most likely aren't going to visit these sites.

It auto-downloaded from a pop-up when I was on MSNBC.com about a week ago. I didn't install it of course and immediately let them know. And my mom would have totally installed it.

OllyW
Jun 1, 2011, 11:53 AM
:) I prefer the conspiracy theory that Apple is financing MacDefender, so they can stir up enough concern to justify making the Mac App Store the exclusive source of Mac Apps. :D ;)

*LTD* has already suggested that's the answer. :eek:

al256
Jun 1, 2011, 11:53 AM
Wow, this reminds me of Jurassic Park. The velociraptors systematically went around testing the perimeter fence, one piece at a time.

"Clever girl." lol.

ten-oak-druid
Jun 1, 2011, 11:53 AM
That's not what's happening.
At work, for the past two days, several times a day when I open Safari and go to a site like the drudge report, the screen gets taken over by the malware attack and fake scan and it won't allow you to click cancel or navigate elsewhere.
You can only accept the download or shut down Safari and try again.
I found 18 downloads of the malware file in my downloads folder and I never accepted any download. Naturally, I deleted them all, but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.

Malware on the Drudge report. Another reason to ignore that site.

0815
Jun 1, 2011, 11:53 AM
Well hopefully the cat and mouse game leads to clues to finding who actually is behind the malware.

We need a survey asking people who actually run this thing if they:
A. Have always been Mac OS users.
B. Have converted from Windows OS.

My guess would be 'A' ... windows users were trained over many many years to expect this **** to happen, Mac users feel safe. (I feel safe too, but I use common sense and lived in the Windows world for too long)

discounteggroll
Jun 1, 2011, 11:53 AM
im confused...is the image shown what the new mac defender virus window looks like (that then installs when you click it), or are they just showing the legit removal window to really remove it.

Astro7x
Jun 1, 2011, 11:54 AM
We had an intern somehow get this on a Mac at work... thankfully the uninstallation process was relatively painless and took about a minute.

Every time I get them on a PC I feel like it's an all day chore. Sometimes system restore doesn't even fix it.

Northgrove
Jun 1, 2011, 11:55 AM
you obviously don't know much about system design. a central registry is a single point of failure. distributed config files (whether .plist, .ini, or what have you) is much more fault-tolerant. plus, if you were trying to maintain a system, having to open up regedit/do key manipulation is much more annoying and error-prone versus copying over configs or swapping in and out various files

EDIT: also, "searching" domains like HKEY_CURRENT_USER etc is a joke. using distributed configuration files plugs into a much wider array of search tools than having to rely on a registry-editing-specific one. ie for example in OS X i can use spotlight, google desktop, grep, slocate, etc to quickly find what config files i need.

EDIT2: i just noticed that you refer to it as a "registry of files". uh, if that's what you think it is, you may be beyond help...
This is no longer talking about security though, but stability. The whole registry discussion is off-topic here...

LegendKillerUK
Jun 1, 2011, 11:55 AM
We had an intern somehow get this on a Mac at work... thankfully the uninstallation process was relatively painless and took about a minute.

Every time I get them on a PC I feel like it's an all day chore. Sometimes system restore doesn't even fix it.

You should be disabling System Restore. Malware can live in there and reinfect the system.

BaldiMac
Jun 1, 2011, 11:55 AM
It checks every day for an update. It doesn't actually update every day.

Why is that distinction important to what I said???

chrono1081
Jun 1, 2011, 11:55 AM
Troll?

:(

I use Windows 7 for some of my work. My main machines are OS X and SunOS.

What I am trying to say that MS has showed a lot of effort on the security side which Apple has not, yet.

If you think I'm wrong, fine. But I don't see how I am biased towards Microsoft in this regard.

Sorry my apologies, I did come off a bit harsh. Windows has a huge problem with security and Microsoft knows it, but really doesn't do much about it. Sure they have the security essentials and updates but these are of little use when there are serious problems with the underlying OS. Its like trying to plug a whole in a ship that has the bottom missing. What they need to do is give Windows a re-write and drop some of the extreme legacy code. They don't want to do this for obvious reasons that businesses may have legacy systems, but in all honesty it needs to be done.

This is one of the reasons, note the fact Microsoft never replied to this guy for months:

http://www.zdnet.com/blog/security/microsoft-confirms-17-year-old-windows-vulnerability/5307


Stating Microsoft take security seriously is a troll attempt? And what do you have against the registry, I'd prefer an easily searchable central registry of files rather than a million .ini files scattered the length and breadth of my hard drive.

I shouldn't have said it was a troll attempt, my bad but the registry does need to go. The average user doesn't need it and the fact that programs can go an access each others keys is a big problem. Malware almost always manifests itself in the registry and goes and messes with other programs registry settings. Unfortunately these programs don't rewrite their registry settings so whatever has been changed by malware stays changed until removal (which usually results in reinstalling the affected software) or having to go through tons of registry keys and change values manually.

ten-oak-druid
Jun 1, 2011, 11:56 AM
My guess would be 'A' ... windows users were trained over many many years to expect this **** to happen, Mac users feel safe. (I feel safe too, but I use common sense and lived in the Windows world for too long)

The training wasn't good though. The problem goes on and on. Most of the problem is due to people going all over the internet looking for pirated software and media. Microsoft has said that some malware problems are in fact due to pirated copies of their OS.

0815
Jun 1, 2011, 11:56 AM
. Naturally, I deleted them all, but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.

No it wouldn't have been a disaster. It would have been a disaster if you clicked through the installer to install it and than enter your credit card information.

Thunderhawks
Jun 1, 2011, 11:56 AM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

Not at all amazing.

Joe MAC Average will click on anything, until it goes away as it interrupts what they are doing.

Not a sign of intelligence, just impatience!

jlyanks85
Jun 1, 2011, 11:56 AM
Can this malware happen on any web browser or just safari? I mainly use chrome and Mozilla, but my gf uses safari when she comes over my house.

LegendKillerUK
Jun 1, 2011, 11:57 AM
Why is that distinction important to what I said???

Because if Apple don't update the signatures for a month then the daily checking isn't going to help.

Just because it checks daily doesn't mean it actually does anything.

0815
Jun 1, 2011, 11:57 AM
The training wasn't good though. The problem goes on and on. Most of the problem is due to people going all over the internet looking for pirated software and media. Microsoft has said that some malware problems are in fact due to pirated copies of their OS.

People looking for pirated software is another story - they play with the fire and will get burned. I was more thinking about users that don't do illegal stuff.

0815
Jun 1, 2011, 11:59 AM
Can this malware happen on any web browser or just safari? I mainly use chrome and Mozilla, but my gf uses safari when she comes over my house.

It can happen on any ... but I think only Safari has this stupid option to automatically open 'safe' attachments (which by now everybody should have turned off)

Les Kern
Jun 1, 2011, 11:59 AM
Know why no Russians were ever kidnapped in 1970's Lebanon or Syria? Well actually one was, and they were killed by terrorists. So the Russian KGB found out who was responsible, kidnapped THEM, cut of their heads and sent the heads to their families. The kidnappings stopped.
Just sayin'.

Dr McKay
Jun 1, 2011, 11:59 AM
It auto-downloaded from a pop-up when I was on MSNBC.com about a week ago. I didn't install it of course and immediately let them know. And my mom would have totally installed it.

Sorry, I meant the people who are most likely to be hit by this, are the people who dont visit tech sites so they can be warned about it. Not visit tech sites and be hit by it.

I shouldn't have said it was a troll attempt, my bad but the registry does need to go. The average user doesn't need it and the fact that programs can go an access each others keys is a big problem. Malware almost always manifests itself in the registry and goes and messes with other programs registry settings. Unfortunately these programs don't rewrite their registry settings so whatever has been changed by malware stays changed until removal (which usually results in reinstalling the affected software) or having to go through tons of registry keys and change values manually.

Fair enough, that is the first reasoned argument I've heard against the registry, normally I get people just hating on it without backing anything up.


The training wasn't good though. The problem goes on and on. Most of the problem is due to people going all over the internet looking for pirated software and media. Microsoft has said that some malware problems are in fact due to pirated copies of their OS.

Are you going to persistently blame anyone falling for Mac Malware, on being a former Windows User? You should know that probably most Mac Users were Windows users at one point or another. Until you can back up your argument with facts, there's no sense spouting it at every opportunity.


you obviously don't know much about system design. a central registry is a single point of failure. distributed config files (whether .plist, .ini, or what have you) is much more fault-tolerant. plus, if you were trying to maintain a system, having to open up regedit/do key manipulation is much more annoying and error-prone versus copying over configs or swapping in and out various files

EDIT: also, "searching" domains like HKEY_CURRENT_USER etc is a joke. using distributed configuration files plugs into a much wider array of search tools than having to rely on a registry-editing-specific one. ie for example in OS X i can use spotlight, google desktop, grep, slocate, etc to quickly find what config files i need.

EDIT2: i just noticed that you refer to it as a "registry of files". uh, if that's what you think it is, you may be beyond help...

I didnt mean files, I had .ini files on the brain when I was writing that. As someone who hasn't been hit by Malware since 1998, for me, the benefits of a Registry outweigh the negatives.

foodog
Jun 1, 2011, 12:00 PM
Apple has no incentive to take this threat seriously. They will use it to leverage people into only using the App Store. It will prepare people for the merging of iOS and Mac OS.

How much more seriously do you want them to take it? Send out black vans loaded with a strike force of anti-malware commandos?

BaldiMac
Jun 1, 2011, 12:01 PM
Because if Apple don't update the signatures for a month then the daily checking isn't going to help.

Just because it checks daily doesn't mean it actually does anything.

Super. Obviously true. Still not sure how that shows Microsoft is currently doing more to prevent MacDefender type attacks then Apple.

maflynn
Jun 1, 2011, 12:02 PM
The problem is that Mac users have been lulled into a false sense of security, many apple folks have long proclaimed that Macs don't get viruses.

Now I know this is not a virus but to the average consumer, its the same thing. So they continually hear how you don't need antivirus software and you don't have worry about that stuff on the mac platform. They don't think twice about downloading something or clicking on a link. Why worry since Macs are immune.

Many of us knew this was coming and the Mac Defender malware is just the beginning.

0815
Jun 1, 2011, 12:03 PM
I'm more worried about how they manage to inject that download code into so many sites.

MS Windows Server :rolleyes:

ten-oak-druid
Jun 1, 2011, 12:04 PM
Know why no Russians were ever kidnapped in 1970's Lebanon or Syria? Well actually one was, and they were killed by terrorists. So the Russian KGB found out who was responsible, kidnapped THEM, cut of their heads and sent the heads to their families. The kidnappings stopped.
Just sayin'.

Right. That was the reason. :rolleyes:

0815
Jun 1, 2011, 12:05 PM
Apple has no incentive to take this threat seriously. They will use it to leverage people into only using the App Store. It will prepare people for the merging of iOS and Mac OS.

Here we go again ... people spreading fear of closed MacOS based on nothing.

kmmvols
Jun 1, 2011, 12:06 PM
My mom, like most of the older generation, is not aware of stuff like this and this morning actually pointed out to me that on her mac something called mdinstaller popped up and tried to install it, I think she installed it because she didn't realize what it was. I was unsure whether or not it was the mac defender virus (now I'm aware it is though). I made her update her computer last night so she already has the new update, does this mean it will automatically remove the software for her or does she have to do something to get it to uninstall.

jlyanks85
Jun 1, 2011, 12:06 PM
It can happen on any ... but I think only Safari has this stupid option to automatically open 'safe' attachments (which by now everybody should have turned off)

What do you have turn off in preferences? Like I said I only used chrome, so I haven't really checked the safari preferences in a while.

gkpm
Jun 1, 2011, 12:06 PM
This is looking more and more like a MS smear campaign, maybe they're even paying people to write this malware.

Why is it always the MS shill (Ed Bott) reporting this on his "Ed Bott's Microsoft Report" regular articles on ZD Net?

Shouldn't he be, well, reporting on Microsoft instead?

TheLee
Jun 1, 2011, 12:06 PM
This is no longer talking about security though, but stability. The whole registry discussion is off-topic here...

i'm not sure how you made that distinction. the "single point of failure" is not just an issue of stability (ie something gets corrupt on your hard drive where the registry is located) but also security (malware attacks). i'm not sure how true this is anymore, but a piece of malware, for example, could inject bad registry keys to get windows update to go to a remote 3rd party server. the point is that because the registry is so central, successful malware damage has further-ranging implications than if your system settings were scattered across an /etc folder under an admin lock.

EDIT: that being said, MS has made a lot of moves to shore up the registry, but it remains one of several key chinks in their security armor.

Kwill
Jun 1, 2011, 12:06 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.
Oooh. Where can I get a copy of Mac Defender? :rolleyes:

LOL! Funny.... looks like the crooks are hard at work to stir the pot on the Mac side.
Lodsys, Samsung (or whomever), give us a break.

Yeah... they could force all installs to go through the App store... but do you really want that?
If that's what it takes.

Apple -- permanently disable auto-open in safari... Duh.
Didn't know that.

LegendKillerUK
Jun 1, 2011, 12:10 PM
Super. Obviously true. Still not sure how that shows Microsoft is currently doing more to prevent MacDefender type attacks then Apple.

The way you worded your initial post didn't make it sound like you did.

A full a/v solution in the form of Security Essentials is a good deal more than Apple is doing.

Z-Bro
Jun 1, 2011, 12:11 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Amen!

supmango
Jun 1, 2011, 12:11 PM
My mom, like most of the older generation, is not aware of stuff like this and this morning actually pointed out to me that on her mac something called mdinstaller popped up and tried to install it, I think she installed it because she didn't realize what it was. I was unsure whether or not it was the mac defender virus (now I'm aware it is though). I made her update her computer last night so she already has the new update, does this mean it will automatically remove the software for her or does she have to do something to get it to uninstall.

If she has the security update, it should eventually download a definition update and remove the thing for her. I am not sure how exactly what this will look like to her, it may be totally transparent to the user.

TheLee
Jun 1, 2011, 12:12 PM
I didnt mean files, I had .ini files on the brain when I was writing that. As someone who hasn't been hit by Malware since 1998, for me, the benefits of a Registry outweigh the negatives.

i would have the exact reverse outlook. used to have to deal with antiviruses a lot, etc moved to *nix systems (incl os x) and not having a registry is way way preferable.

part of that might be because windows didn't have a security model for system .ini's back in the day, so i can understand in that context why a registry (which has controlled system calls iirc) may be preferable to having 1000 windows .ini files that any program could edit. but in that case, that's a bandaid on a bigger problem (which MS has moved away from by, ironically, adopting *nix style access controls) and *not* a sign of security.

nwcs
Jun 1, 2011, 12:12 PM
LOL!

I've always wondered is the Virus protection companies aren't the ones that hire suspect engineers from places like Russia to keep the need for them rolling. Wouldn't be too surprising if it was true.

That has been rumored for many years. I remember when VirusScan was at version 60 or something in the early 90s and was told of the 500 or so viruses it scanned for that over 400 were written in Eastern Europe by the virus software people to justify the app.

0815
Jun 1, 2011, 12:13 PM
What do you have turn off in preferences? Like I said I only used chrome, so I haven't really checked the safari preferences in a while.

If you are using only Chrome, there is nothing you really need to do. I still would recommend turning it off in Safari (e.g. in case someone else uses your machine and prefers Safari)
1. start safari
2. open safari preferences (safari/preferneces menu)
3. in the general tab, uncheck the "Open "safe" files after downloading
4. enjoy

fishmoose
Jun 1, 2011, 12:15 PM
LOL!

I've always wondered is the Virus protection companies aren't the ones that hire suspect engineers from places like Russia to keep the need for them rolling. Wouldn't be too surprising if it was true.

That is more than likely the case, I, and many others, have believed this for years.

ThunderSkunk
Jun 1, 2011, 12:17 PM
Can we find these people?

I mean, if nothing else, there's got to be a money trail.

TheLee
Jun 1, 2011, 12:17 PM
That is more than likely the case, I, and many others, have believed this for years.

http://en.wikipedia.org/wiki/Conspiracy_theory

do you also think that doctors go around infecting people with illnesses so that they can stay in business? firemen go around setting houses a fire?

Westyfield2
Jun 1, 2011, 12:18 PM
I still don't know anyone to have actually got Mac Defender.

LegendKillerUK
Jun 1, 2011, 12:18 PM
http://en.wikipedia.org/wiki/Conspiracy_theory

do you also think that doctors go around infecting people with illnesses so that they can stay in business? firemen go around setting houses a fire?

>he thinks infecting people is equal to infecting computers.

I can't hahaohwow hard enough sir.

fishmoose
Jun 1, 2011, 12:19 PM
http://en.wikipedia.org/wiki/Conspiracy_theory

do you also think that doctors go around infecting people with illnesses so that they can stay in business? firemen go around setting houses a fire?

Well in terms of doctors, when was the last time you had a doctor actually cure anything? They delay things like cancer and AIDS but they sure as hell don't cure it, no money in that.

As for firefighters, no I don't think so they are employed by the state and get's paid regardless of fires.

cubbie5150
Jun 1, 2011, 12:20 PM
:popcorn: LOVE watching all the slap-fighting & virtual muscling-up that happens in these threads. :D

TheLee
Jun 1, 2011, 12:20 PM
>he thinks infecting people is equal to infecting computers.

I can't hahaohwow hard enough sir.

thanks, i'm here all night.

seriously though, are they not teaching metaphor in schools these days? let me be more literal: just because the incentive may exist does not mean that the reality is there.

OllyW
Jun 1, 2011, 12:20 PM
I still don't know anyone to have actually got Mac Defender.

I don't know anyone who owns an iPad but I'm sure there are some people who do. :)

Sodner
Jun 1, 2011, 12:20 PM
Damn these people. Nothing better to do then write crap like this. Find em and lock em up.

Appslover
Jun 1, 2011, 12:21 PM
let's keep macrumors a civil place!

lol!

jlyanks85
Jun 1, 2011, 12:21 PM
If you are using only Chrome, there is nothing you really need to do. I still would recommend turning it off in Safari (e.g. in case someone else uses your machine and prefers Safari)
1. start safari
2. open safari preferences (safari/preferneces menu)
3. in the general tab, uncheck the "Open "safe" files after downloading
4. enjoy

Thanks I rarely use safari at all but I have to other people that use my imac every now and then. My mom uses mozilla and my gf likes to use safari but I told her about this macdefender malware so she isn't completely clueless about it.

Apple...
Jun 1, 2011, 12:21 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)

Apple -- permanently disable auto-open in safari... Duh.

Safari 6? It's just around the corner...

Full of Win
Jun 1, 2011, 12:22 PM
The writers of these things are attention whores. Seeing the lengths that Apple is going to stop one malware threat (and it's variants), there are likely several other attacks being planned. The parallels between Microsoft if the early 00's and Apple today is stunning.

TheLee
Jun 1, 2011, 12:23 PM
Well in terms of doctors, when was the last time you had a doctor actually cure anything? They delay things like cancer and AIDS but they sure as hell don't cure it, no money in that.

As for firefighters, no I don't think so they are employed by the state and get's paid regardless of fires.

i know i shouldn't feed the troll, but, there are plenty of flaws in what you just said (ie you think tax payers would keep funding firefighters ie employ them by the state if they didn't think they were getting their money's worth? there are jurisdictions that have ditched their formal fire departments; what about surgeons? do you honestly think that surgery accomplishes nothing?).

more to the point, see my other post. just because you can imagine that the incentive system exists does not produce reality.

Yamcha
Jun 1, 2011, 12:23 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

Lord Appleseed
Jun 1, 2011, 12:23 PM
Nice troll attempt. If MS was serious about security they would start by removing the registry.

That would be a very big issue.

I can't even count how often i needed to fix something in the registry in order to make something (program, device,...) work properly on Windows.
Should they remove it a lot of people would be stuck with immense problems.

ghostface147
Jun 1, 2011, 12:24 PM
Excellent. These malware people need to step up and become more aggressive on the Mac. Hopefully that will force Apple to be more transparent with their security and not be secret and leave us guessing when they are going to release the update. Before yesterday, we all assumed it was coming in 10.6.8, which itself isn't too far away. We had no idea they were going to randomly release a fix for it.

As for MS, we know every month they are releasing patches and updates. We know that if there an issue with security, they'll address it (although sometimes they are a little slow).

In the end, the end user has final say (unless a drive-by install) over what is installed on their machine.

gkpm
Jun 1, 2011, 12:24 PM
A full a/v solution in the form of Security Essentials is a good deal more than Apple is doing.

How does Security Essentials help when trojans are changing hours after the detection signatures were updated?

Hint: it doesn't. They signatures not updated in real time.

No need to bring in the anti-virus when the problem aren't viruses, they're trojans.

fishmoose
Jun 1, 2011, 12:25 PM
more to the point, see my other post. just because you can imagine that the incentive system exists does not produce reality.

Well, I can't prove it and you can't disprove it therefor our posts are equal and all we can do is to leave it there.

TheLee
Jun 1, 2011, 12:25 PM
That would be a very big issue.

I can't even count how often i needed to fix something in the registry in order to make something (program, device,...) work properly on Windows.
Should they remove it a lot of people would be stuck with immense problems.

i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Repo
Jun 1, 2011, 12:26 PM
Safari 6? It's just around the corner...

"... we've added a really great new feature: the ability to turn off a feature..."

Full of Win
Jun 1, 2011, 12:27 PM
Well in terms of doctors, when was the last time you had a doctor actually cure anything? They delay things like cancer and AIDS but they sure as hell don't cure it, no money in that.

As for firefighters, no I don't think so they are employed by the state and get's paid regardless of fires.

Two weeks ago I had an ear infection. My doctor gave me a prescription for antibiotics, which aided in the removal of the problem microbes...hence curing me.

fishmoose
Jun 1, 2011, 12:28 PM
"... we've added a really great new feature: the ability to turn off a feature..."

You can turn off "open safe files", Apple should either make it so it's off from scratch or preferably remove the option to auto open files entirely.

Mr. Gates
Jun 1, 2011, 12:28 PM
http://i.testfreaks.com/blog/wp-content/uploads/2009/04/windowslivewriternewappleadsaimtojustifytheirpricetags-8fd0appleads-2.jpg

LOL ....


This picture takes on a whole new meaning. It's like the Microsoft guy is scared of the Mac user because he doesn't know how to use a computer and might be contagious.

All fooling around aside, I think this is going to be a problem for most Mac Users who are not that tech savoy because of the smug and irritating slogans Apple has been shoving in peoples faces for while now. (Shot in the Foot!)

The truth is Mac users represent such a small percentage of users that most "bad guys" couldn't care less about writing a code to attack such a small amount of hits....

but.....

with Windows 7 and the majority of PC users knowing what's up with Anti-Virus, security is pretty damn good and the targets are less and less....

Compare that to the growing number of Mac Users who have been told over and over that they have the immunity of gods....


And Well....


Let me ask you ,...If you were writing a malicious code ......


Who would you choose ? :rolleyes:


This isn't even the beginning !

EmbraceNext
Jun 1, 2011, 12:28 PM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

There is nothing to tighten up on. You have to MANUALLY install this. Its no different than installing Office or iWork. This program just happens to do bad things.

If it installed 100% silently then there would be a security problem. For this issue I think Apple is going above what they should be doing for this.

TheLee
Jun 1, 2011, 12:29 PM
Well, I can't prove it and you can't disprove it therefor our posts are equal and all we can do is to leave it there.

this ain't a philosophy course where we just deal with relative assertions of equal merit. i don't have to the disprove it because the empirical default is that there isn't a relationship between the two (so i'm not "disproving" anything). because you are trying to assert that there is a relationship, the burden of proof is on you. http://en.wikipedia.org/wiki/Null_hypothesis

ArchaicRevival
Jun 1, 2011, 12:29 PM
Does Sophos detect that and get rid of it? If not, what is another software I can download that will identify MD?

GroundLoop
Jun 1, 2011, 12:29 PM
It auto-downloaded from a pop-up when I was on MSNBC.com about a week ago. I didn't install it of course and immediately let them know. And my mom would have totally installed it.

The download started for me when I visited finance.yahoo.com yesterday. Even funnier, I was viewing an article about Apple at the time.

GL

MacAddict1978
Jun 1, 2011, 12:30 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

Who would click the qutoed post negative unless they are idiots who downloaded it and feel stupid? I agree with the above statement! Even before the press coverage, you had to be an idiot to download it.

Steps to stupidity:

1. Believe some random site you clicked on has managed to scan instantly for viruses on your system. Or in some cases, let it... (which took it 2 seconds, an amazing feat since it should take a long time to do such a scan)
2. Actually click the link to download.
3. You never had porn pics popping up before you went to said website... coincidence? I think not. But yet, common sense isn't your friend and instead of just closing your browser while you're downloading the file you don't reconsider as the software downloads.
4. Now you actually run the installer... which needs your admin password. Most curious there too huh? Since only things that want root access need that. And it wants your private credit card information? Really... maybe I should search for a review on this software since this is kind of uncommon and screams scam before I go further. Or if you're an older person not savvy, call someone who is.
5. No. Idiot runs installer and enters their admin password! Brillance!
6. Now the malware is holding you hostage and you wonder why? And you gave it your credit card??? REALLY!??!?!?
7. Do these people answer emails from alleged lawyers in Ethiopia who claim someone with the same last name died and you can have all their money?

And as you stated, that was BEFORE all the media attention. If you do it now, you are probably a contender for the next Darwin award when you bungee jump with a 5 foot cord that stretches to 20 feet from a 10 foot high space.

Brillance.

Repo
Jun 1, 2011, 12:30 PM
You can turn off "open safe files", Apple should either make it so it's off from scratch or preferably remove the option to auto open files entirely.

It's not the "open safe files" feature specifically, more that Apple puts in place default settings that many users really shouldn't use. This is very prevalent in iOS.

fishmoose
Jun 1, 2011, 12:31 PM
Two weeks ago I had an ear infection. My doctor gave me a prescription for antibiotics, which aided in the removal of the problem microbes...hence curing me.

But there's no permanent solution for you not to get another ear infection. And there's no permanent solution to eliminating malware problems no matter the platform.

this ain't a philosophy course where we just deal with relative assertions of equal merit. i don't have to the disprove it because the empirical default is that there isn't a relationship between the two (so i'm not "disproving" anything). because you are trying to assert that there is a relationship, the burden of proof is on you. http://en.wikipedia.org/wiki/Null_hypothesis

The burden on proof isn't on anyone, I simply said the theory that anti-virus companies hires people to write malware have been around for years and I subscribe to it. I never said you, or anyone else, have to agree with it, thus, I don't need to prove it.

It's not the "open safe files" feature specifically, more that Apple puts in places default settings that many users really don't need or shouldn't use. This is very prevalent in iOS.

Other than disabling Java from default I don't see much more Apple could do in Safari feature wise to secure it.

TheLee
Jun 1, 2011, 12:32 PM
There is nothing to tighten up on. You have to MANUALLY install this. Its no different than installing Office or iWork. This program just happens to do bad things.

If it installed 100% silently then there would be a security problem. For this issue I think Apple is going above what they should be doing for this.

the 'tightening up' is, i agree with others, that apple should just disable the automatic open safe files in safari by default. leave it as a switch for more savvy users to enable (because i don't want to have to manually mount disk image files all the time).

this is *not* like office or iwork per se. if you download a straight up application, safari is not going to suddenly launch it. rather, this is a loophole in the safari open safe file mechanism that these malware writers have managed to exploit quite well.

MacAddict1978
Jun 1, 2011, 12:32 PM
Does Sophos detect that and get rid of it? If not, what is another software I can download that will identify MD?

Well, if you have Mac Defender.... you'd probably know. See my above post. You'd actually have to have followed my 5 step plan to stupidity to have it on your machine. It didn't put itself there. You actually have to do it yourself.

stephenxiii
Jun 1, 2011, 12:33 PM
why the **** are people clicking on instal files that they didnt request

Eidorian
Jun 1, 2011, 12:33 PM
Sorry my apologies, I did come off a bit harsh. Windows has a huge problem with security and Microsoft knows it, but really doesn't do much about it. Sure they have the security essentials and updates but these are of little use when there are serious problems with the underlying OS. Its like trying to plug a whole in a ship that has the bottom missing. What they need to do is give Windows a re-write and drop some of the extreme legacy code. They don't want to do this for obvious reasons that businesses may have legacy systems, but in all honesty it needs to be done.

This is one of the reasons, note the fact Microsoft never replied to this guy for months:

http://www.zdnet.com/blog/security/microsoft-confirms-17-year-old-windows-vulnerability/5307It is a thing of beauty when I can run 12 year old software in its original NT4 mode.

Repo
Jun 1, 2011, 12:33 PM
Other than disabling Java from default I don't see much more Apple could do in Safari feature wise to secure it.

I'm not just talking about Safari. It's a mentality.

ArchaicRevival
Jun 1, 2011, 12:33 PM
Two weeks ago I had an ear infection. My doctor gave me a prescription for antibiotics, which aided in the removal of the problem microbes...hence curing me.

There one very rare type of ear infection that can actually kill you... But the guy was right. There is too much money in drugs and pharmaceuticals to completely eradicate the virus. Do some research.

gkpm
Jun 1, 2011, 12:33 PM
The difference between anti-virus companies and doctors is that the anti-virus companies employ the same people who can write viruses. Most are actually ex-black hat and did so in the past (tend to be the best at figuring out how to detect them)

Doctors don't employ viruses/bacteria/etc that cause diseases. They also don't need to because those patogens can replicate and mutate themselves, so there will never a shortage of them.

It's pretty clear that with today's complex viruses someone is bankrolling them, they're not done by bored teenagers anymore. Detecting such viruses before the competition is a big money business, therefore it's quite safe to assume the AV companies are behind many of them.

Mr. Gates
Jun 1, 2011, 12:34 PM
i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Or the Users methods and practices :rolleyes:

dagamer34
Jun 1, 2011, 12:34 PM
The reason Apple doesn't want to directly address this is what happens when there are 10 or 100 malware apps like this? Are they really going to have Security Updates for them all? Apple's current solution won't scale unless they put significant amount of resources into it like Microsoft has. If not, they are going to get horribly burned by the multitude of malware variants.

TheLee
Jun 1, 2011, 12:35 PM
But there's no permanent solution for you not to get another ear infection. And there's no permanent solution to eliminating malware problems no matter the platform.

you're talking about something different here. there's "cure" and then there's "immunize". no one's talking about immunity here. and for that matter, there *are* vaccinations against illnesses.

DanMan93
Jun 1, 2011, 12:37 PM
If I don't run in admin mode and run in standard mode instead, will I be safe from the malware? Also will installing iAntivirus help at all? :confused:

LegendKillerUK
Jun 1, 2011, 12:38 PM
thanks, i'm here all night.

seriously though, are they not teaching metaphor in schools these days? let me be more literal: just because the incentive may exist does not mean that the reality is there.

That was too easy. But really, if you're going to use a metaphor, use one that suits.

If I don't run in admin mode and run in standard mode instead, will I be safe from the malware? Also will installing iAntivirus help at all? :confused:

The latest version can install without an admin password so I imagine standard user accounts are also affected.

MacAddict1978
Jun 1, 2011, 12:38 PM
The reason Apple doesn't want to directly address this is what happens when there are 10 or 100 malware apps like this? Are they really going to have Security Updates for them all? Apple's current solution won't scale unless they put significant amount of resources into it like Microsoft has. If not, they are going to get horribly burned by the multitude of malware variants.

Sorry to be a broken record, but it's not like the malware puts itself there. You have to do it yourself for the most part.

It's like meeting a nympho outside an STD clinic. What do you think is going to happen if you have an encounter there? Odds are...

kiljoy616
Jun 1, 2011, 12:39 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

Yes people are that dumb. :D

rjtyork
Jun 1, 2011, 12:39 PM
I can totally imagine Steve Jobs getting news of this, clapping his hands together and saying: "Well, team... Looks like we got a challenger. How bad should we kill him??"

lol

taxiapple
Jun 1, 2011, 12:39 PM
Nice troll attempt. If MS was serious about security they would start by removing the registry.


I put the troll on my ignore list a long time ago. ......

TheLee
Jun 1, 2011, 12:40 PM
The difference between anti-virus companies and doctors is that the anti-virus companies employ the same people who can write viruses. Most are actually ex-black hat and did so in the past (tend to be the best at figuring out how to detect them)

Doctors don't employ viruses/bacteria/etc that cause diseases. They also don't need to because those patogens can replicate and mutate themselves, so there will never a shortage of them.

It's pretty clear that with today's complex viruses someone is bankrolling them, they're not done by bored teenagers anymore. Detecting such viruses before the competition is a big money business, therefore it's quite safe to assume the AV companies are behind many of them.

(bolded part in question) Really? jump from vague contingencies to a firm conclusion? and i don't know where you get your numbers that "most are actually ex-black hat."

obviously someone is bankrolling malware writers. how about, i don't know, organized crime? there's big money in getting cc information and getting people to fork over their cash under false pretenses. and aside from organized crime, the only major counterexample i can think of is Stuxnet which may have been bankrolled by the US government.

you realize that many computer malware actually *do* replicate and mutate themselves (at least more sophisticated ones)?

people really need to read up more about the AV industry and security issues before tossing around wild theories.

LegendKillerUK
Jun 1, 2011, 12:41 PM
How does Security Essentials help when trojans are changing hours after the detection signatures were updated?

Hint: it doesn't. They signatures not updated in real time.

No need to bring in the anti-virus when the problem aren't viruses, they're trojans.

I said it's a good deal more, and it is. It does more than just trojans. At no point did I say it was bulletproof.

mr.steevo
Jun 1, 2011, 12:41 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I have only heard/read about this on MacRumors. CBC radio isn't talking about it and I haven't seen it on TV either.



s.

GQB
Jun 1, 2011, 12:41 PM
Props to those guys beating Apple at this.


Yeah... these guys are flat our heroes.
Don't want to know who else you look up to.

kiljoy616
Jun 1, 2011, 12:41 PM
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

It takes very little to think if your that dumb then yes even my parents deserve it. But they don't because they actually think first.

Even in old age they ask and learn about the real world and not walk in a fog. Yes my parents are dam cool. :cool:

gkpm
Jun 1, 2011, 12:41 PM
If I don't run in admin mode and run in standard mode instead, will I be safe from the malware? Also will installing iAntivirus help at all? :confused:

You'll be safe by just turning off "Open safe files" in Safari, and not running dodgy applications that the browser downloaded without you asking.

Not running as admin helps even more.

No iAntivirus will not detect it.

TheLee
Jun 1, 2011, 12:42 PM
That was too easy. But really, if you're going to use a metaphor, use one that suits.

man, far be it from me to put the crown on here, literature ain't my thing, but come on! viruses/malware? doctors and AV people? "infection"? how is that *not* suitable. throw me a bone here.

kiljoy616
Jun 1, 2011, 12:42 PM
I have only heard/read about this on MacRumors. CBC radio isn't talking about it and I haven't seen it on TV either.



s.

You need to show some cleavage to get on those types of medium. Maybe we one of the crackers was showing off her panties we could get it on the TV. :rolleyes:

0815
Jun 1, 2011, 12:43 PM
I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

Well, I am sure you can find same same amount of 'not very compter savvy' people on windows too. Honestly, it is just stupid to label people based on their preferred OS as 'computer savvy' or not. I am using computers (programming, build my own, ...) since almost 30 years and switched a few years back to Mac ... does this make me now not 'computer savvy' ???

I think the main problem is that Mac users up to know didn't have to worry about this **** and are not expecting it. Even technical people feel safe on the Mac (Though they might use more common sense than none technical people)

LegendKillerUK
Jun 1, 2011, 12:44 PM
man, far be it from me to put the crown on here, literature ain't my thing, but come on! viruses/malware? doctors and AV people? "infection"? how is that *not* suitable. throw me a bone here.

It felt rather exaggerated that's all.

The problem with the average Windows user is they believe they are safe because they had to get an antivirus solution, whether it be from the shop they bought the computer from or from a technically minded relation. I know, I have to fix them at work.:p

jonnysods
Jun 1, 2011, 12:44 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8J2)

Trouble.

MacAddict1978
Jun 1, 2011, 12:44 PM
I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

While I agree mostly with your statement, this isn't 1991. We're talking 20 years of common knowledge and safe computing practices. Kids are now taught these basic concepts in elementry school. Seriously. My 7 year old niece had homework about viruses... computer viruses!

But that is why I think this scam has worked so well. It plays on the fear of viruses, but still... I get legit software ads (Mac Cleaner for instance) that want to scan my system and the like, and I still don't do it. UNless I willfully navigate to a site to look at software, not touching it. Anyone under the age of 60 should know better by now.

wesleyh
Jun 1, 2011, 12:44 PM
Can anyone see what it is that apple does to try and detect this malware? Is it a specific string in a plist or what?

Couldn't this malware be generated dynamically by the bad guys to do some randomization in function names and what not thereby evading any and all malware detection by apple as each app will be unique?

Mr. Gates
Jun 1, 2011, 12:45 PM
I have only heard/read about this on MacRumors. CBC radio isn't talking about it and I haven't seen it on TV either.



s.

Gizmodo, TechCrunch, Ars, Engadget......Etc. Etc.

BTW...who watches TV anymore anyway?

wesleyh
Jun 1, 2011, 12:46 PM
Also, instead of updating that list of bad malware once a day, wouldn't it be better to also download that file automatically every time a package installer or app is downloaded from the internet?

This is not a daily activity (installing new apps) so it shouldn't be too bothersome.. What do you think?

Apple...
Jun 1, 2011, 12:46 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)

I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

Well, I am sure you can find same same amount of 'not very compter savvy' people on windows too. Honestly, it is just stupid to label people based on their preferred OS as 'computer savvy' or not. I am using computers (programming, build my own, ...) since almost 30 years and switched a few years back to Mac ... does this make me now not 'computer savvy' ???

I think the main problem is that Mac users up to know didn't have to worry about this **** and are not expecting it. Even technical people feel safe on the Mac (Though they might use more common sense than none technical people)

...especially since this is just malware, and not a virus.

kiljoy616
Jun 1, 2011, 12:47 PM
Ok lets start with information:

dentified by security firm Intego, MAC Defender spreads via search engine optimization (SEO) poisoning—that is, it uses commonly searched terms to get prominent placement in search engine results. So, users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing MAC Defender instead.

So basically its not just a trojan but also uses SEO so that someone :rolleyes: looking for Mac virus software gets spoofed WTF :confused: when do Apple users look for virus software?

Things that make me go :eek:

I did a search on Google and the first thing to pop up was this.

http://antivirus.about.com/od/antivirussoftwarereviews/tp/aamacvir.htm

Could not find anything in the first two pages for mac defender so I call this one myth busted.

Went to Torrent Search and same thing nothing on Mac Defender so exactly how are these people getting it?

The comments says it all http://www.macdefender.org/index.html

gkpm
Jun 1, 2011, 12:47 PM
(bolded part in question) Really? jump from vague contingencies to a firm conclusion? and i don't know where you get your numbers that "most are actually ex-black hat."

Look I'm on the right IRC channels, I go to the right conferences, I know what's going on.

If you prefer to be blind to reality be my guest.

LegendKillerUK
Jun 1, 2011, 12:48 PM
Gizmodo, TechCrunch, Ars, Engadget......Etc. Etc.

BTW...who watches TV anymore anyway?

Yes because my parents read those blogs.

TheLee
Jun 1, 2011, 12:48 PM
It felt rather exaggerated that's all.

eh, i'll grant you that. i'm too lazy to come up with somethign particularly clever.

Couldn't this malware be generated dynamically by the bad guys to do some randomization in function names and what not thereby evading any and all malware detection by apple as each app will be unique?

i'm sure apple is using some kind of virus signature. this is now getting into vague territory for me, but i'm pretty sure you can't just rename some function calls (which probably get scrambled anyway when you compile code) and hope to evade anti-malware, or else we'd still have the same viruses from the 80's running amonk.

Reach9
Jun 1, 2011, 12:49 PM
Is this the beginning of the end for the Mac's malware protection? :eek:

iWinning
Jun 1, 2011, 12:49 PM
I'm surprised at the amount of people that are still saying people are dumb for downloading and opening this file. If you knew anything about it, out downloads and opens automatically under default settings.

Next, I hate how people, instead of placing the blame on Apple for using such idiotic settings and somehow not being able to fix the issue AT ALL, try to say Microsoft is worse. If you knew anything about Microsoft you would know how serious they are with malware.


Video of how Microsoft handles security in IE
http://www.youtube.com/watch?v=Z0YoefS-Mv8
http://www.youtube.com/watch?v=jMZ0F0HNGGM

Mobile

0815
Jun 1, 2011, 12:49 PM
Gizmodo, TechCrunch, Ars, Engadget......Etc. Etc.

BTW...who watches TV anymore anyway?

TV, TV ... TV, ... hmmm, I think I heard that name before - I think that was a big ugly box in our living room while I was a kid, almost like a computer, but it was missing the keyboard, just a monitor.

GFLPraxis
Jun 1, 2011, 12:50 PM
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

You don't have to be smart or a genius to practice safe downloading. People just operate their computer blindly.

Don't get me wrong; I could totally see my parents downloading something like this, too. Same way they get all kinds of toolbars.

Doesn't mean I don't find it incomprehensible that they do it.

The App Store is a wonderful thing in that it gives people a safe way to grab apps.

0815
Jun 1, 2011, 12:50 PM
Is this the beginning of the end for the Mac's malware protection? :eek:

What makes you think that? Stuff like that didn't stop the attempt of malware protection on windows.

TheLee
Jun 1, 2011, 12:51 PM
Look I'm on the right IRC channels, I go to the right conferences, I know what's going on.

If you prefer to be blind to reality be my guest.

feel free to enlighten us as to these right IRC channels and right conferences.

Minimoose 360
Jun 1, 2011, 12:51 PM
You would think that these corporations would be smart enough to HIRE the hackers so this **** doesn't happen. Yes, there are ALWAYS ways around security, but if the guys who were making the malware were making the protection, it would be a better situation in my opinion.

Repo
Jun 1, 2011, 12:51 PM
Is this the beginning of the end for the Mac's malware protection? :eek:

The malware protection has just begun.

BC2009
Jun 1, 2011, 12:52 PM
The thing is, Malware is user initiated. Unless MS, Apple or whoever knows about a specific threat, you can't stop someone from offering a user the opportunity to download something. If they say yes, they invite the crooks in. Viruses is another story. These have to go around security in the OS to install themselves and extract information or change system settings to cause harm. Obviously the second is way more dangerous because you don't see it coming.

I only point this out because what the heck is Apple suppose to do any different? If you don't know what to not allow, or look for, you can't stop someone from wanting to install software.

Exactly -- nobody can get in front of trojans. The only defense against a trojan is to get a hold of it, get a binary signature from the file, and update your malware detection to look for it and prevent downloading it.

One preventative defense is to turn off the "automatically run 'safe' files" option in Safari. Apple should be doing that by default and remove the option to turn it back on.

The other preventative defense is to make downloading apps off the internet a power-user option and make the default force you through the app store.

0815
Jun 1, 2011, 12:53 PM
Yes because my parents read those blogs.

do they read news?

http://articles.cnn.com/2011-05-25/tech/mac.malware.update.ars_1_malware-applecare-mac-users?_s=PM:TECH

http://abcnews.go.com/Technology/techbytes-major-banks-compete-paypal-mac-defender-computer/story?id=13691222

if you want I can post many more links for more traditional news outlets reporting about this.

Even our local newspaper had a report about it.

TheLee
Jun 1, 2011, 12:56 PM
do they read news?

http://articles.cnn.com/2011-05-25/tech/mac.malware.update.ars_1_malware-applecare-mac-users?_s=PM:TECH

http://abcnews.go.com/Technology/techbytes-major-banks-compete-paypal-mac-defender-computer/story?id=13691222

if you want I can post many more links for more traditional news outlets reporting about this.

Even our local newspaper had a report about it.

i hardly know anyone who doesn't work or deal with the tech industry who bothers to read the tech sections of news. heck, i'd wager that even a lot of younger people get their news from the daily show or from whatever's on when they're at the gym.

rtheb
Jun 1, 2011, 12:59 PM
The comments says it all http://www.macdefender.org/index.html

Which reads...

IMPORTANT NOTE
This webpage is in no way related to the scareware "MAC Defender", "MAC Protector" or "MAC Security". So please stop sending email. There is no website for this scareware and of course you can't contact the authors of this application. This webpage is just a personal website and I've been using this nickname for years. This scareware is just named after the already existing PC Defender. If you can't find the removal instructions on Google feel free to contact me (as I always will answer/help with any Mac related stuff). But please stop spamming my inbox with complaints as this is definitely the wrong place!

TheLee
Jun 1, 2011, 01:00 PM
Exactly -- nobody can get in front of trojans. The only defense against a trojan is to get a hold of it, get a binary signature from the file, and update your malware detection to look for it and prevent downloading it.

One preventative defense is to turn off the "automatically run 'safe' files" option in Safari. Apple should be doing that by default and remove the option to turn it back on.

The other preventative defense is to make downloading apps off the internet a power-user option and make the default force you through the app store.

i bolded the big part of your statement and i feel like keeps getting missed here. malware of the user-engineered variety is going to be easily prevalent on ANY system. the key crux is that apple happens to have a setting that turns user-initiated into automated, which is definitely something that has to be adjusted for most users if people are really so silly as to let a random program automatically download and install.

or put another way, what if i convinced a lot of mac users to open up their terminal to run "sudo rm -rf /" ? would i suddenly have proved that macs are an insecure system? no way. a secure system is only as secure as its user.

Bubba Satori
Jun 1, 2011, 01:01 PM
Apple should stick to their original strategy of having Geniuses deny that there is a problem and refuse to fix anything. What's the worst that can happen? Fanboiz tossing their perfectly made and invulnerable Macs for PCs?
Yeah, that's going to happen. :rolleyes:

Maven1975
Jun 1, 2011, 01:06 PM
Apple has no incentive to take this threat seriously. They will use it to leverage people into only using the App Store. It will prepare people for the merging of iOS and Mac OS.

Total control might sound good to you. Me?... Not so much.

I actually find this entertaining. Seeing as though Apple has put their Mac line and OSX in the back seat. I feel its high time for a reality check.

News flash Apple, you still sell computers in a competitive market.

PhantomPumpkin
Jun 1, 2011, 01:06 PM
The thing is, Malware is user initiated. Unless MS, Apple or whoever knows about a specific threat, you can't stop someone from offering a user the opportunity to download something. If they say yes, they invite the crooks in. Viruses is another story. These have to go around security in the OS to install themselves and extract information or change system settings to cause harm. Obviously the second is way more dangerous because you don't see it coming.

I only point this out because what the heck is Apple suppose to do any different? If you don't know what to not allow, or look for, you can't stop someone from wanting to install software.

I'm just waiting for someone to complain that Apple is "restricting them" from installing software that they want...even if it's Malware.

Ashin
Jun 1, 2011, 01:10 PM
My guess is you'll see Apple lock down Mac like the iPhone

Apple...
Jun 1, 2011, 01:14 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)

My guess is you'll see Apple lock down Mac like the iPhone

Not gonna happen.

VTMac
Jun 1, 2011, 01:17 PM
... but if the open downloads button had been ticked in Safari, it would have been a disaster.
This is a strong attack that could easily hurt some less computer-capable people.


No. It wouldn't be a disaster. If would only be a disaster if after popping up, you clicked install. it still relies on a user to do something stupid. Click cancel on the installer and all is well.

0815
Jun 1, 2011, 01:18 PM
I'm just waiting for someone to complain that Apple is "restricting them" from installing software that they want...even if it's Malware.

Some might see this as an indicator that the next Mac OS X version will be "closed" ;)

EDIT: missed that one a couple of posts above: ... (what a joke)


My guess is you'll see Apple lock down Mac like the iPhone

VTMac
Jun 1, 2011, 01:19 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)



Not gonna happen.

Bet it happens next week with Lion. Lion will ship with the Mac App Store as the only way to install software by default. it will have an option to install any software. I bet that option is called "Allow untrusted software to be installed" or something scary sounding like that.

Benjamins
Jun 1, 2011, 01:19 PM
I wonder, you'd say the same thing if your mom or dad would have caught up with this.

Not everybody is smart or a genius.

it doesn't take a genius to NOT type in their password and install something.

iSee
Jun 1, 2011, 01:20 PM
Is this the beginning of the end for the Mac's malware protection? :eek:

No, it's the beginning of the beginning. We've all been happily living without having to deal with those crappy anti-malware programs but now we're going to have to start

Well, actually I'm hoping that activity on this latest trojan horse peters out like other Mac malware in the past. But it feels like the anti-malware companies are starting to get serious about selling their crap to Mac users, so this is probably just the start of our problems.

0815
Jun 1, 2011, 01:21 PM
it doesn't take a genius to NOT type in their password and install something.

One exception: In Vista I had to type it so many times that I (almost) stopped reading the dialogs ... lucky that is fixed in Windows 7 (and I had it fixed in Vista by turning the UAC off - that way it didn't bother me with prompts for day to day stuff and I payed again more attention when a password dialog came up)

Drag'nGT
Jun 1, 2011, 01:22 PM
Looking ahead at Lion, wasn't it released to hackers/security testers? Lion should be more secure.

LegendKillerUK
Jun 1, 2011, 01:23 PM
do they read news?

http://articles.cnn.com/2011-05-25/tech/mac.malware.update.ars_1_malware-applecare-mac-users?_s=PM:TECH

http://abcnews.go.com/Technology/techbytes-major-banks-compete-paypal-mac-defender-computer/story?id=13691222

if you want I can post many more links for more traditional news outlets reporting about this.

Even our local newspaper had a report about it.

I'm not in the UK (as they are) at the minute but unless it was front cover news they wouldn't see it.

They aren't interested in tech so even the half arsed tech section of regular newspapers won't hit them.

*LTD*
Jun 1, 2011, 01:24 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Booooring. Can we get some variety here, please? Or are we going to have to wait another two years?

Same trojan over and over.

Just lock down OS X, iOS style, and be done with it. Macs will still sell in record numbers.

toxotis70
Jun 1, 2011, 01:24 PM
Is there any site, to try this malware ?
I am curious to see how stupid i can be...

Popeye206
Jun 1, 2011, 01:25 PM
I'm just waiting for someone to complain that Apple is "restricting them" from installing software that they want...even if it's Malware.

LOL! You got that right! :D

blackcrayon
Jun 1, 2011, 01:25 PM
Bet it happens next week with Lion. Lion will ship with the Mac App Store as the only way to install software by default. it will have an option to install any software. I bet that option is called "Allow untrusted software to be installed" or something scary sounding like that.

If the option is there, what would be the problem? It might be nice to secure less-savvy user systems this way. "Install stuff outside the App Store at your own risk, Aunt Sally". You know, that Aunt whose Win XP machine gets overrun with adware in between your yearly visits.

Apple...
Jun 1, 2011, 01:25 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)

Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)



Not gonna happen.

Bet it happens next week with Lion. Lion will ship with the Mac App Store as the only way to install software by default. it will have an option to install any software. I bet that option is called "Allow untrusted software to be installed" or something scary sounding like that.

Um, ok. How is that "locking down" if you can still install applications from other sources?

vartanarsen
Jun 1, 2011, 01:27 PM
It would be sooo cool to have a clamped down Mac OS (like iOS) that is not open to software except for the Mac App Store, a brick firewall that woudnt allow anything past it.

*LTD*
Jun 1, 2011, 01:28 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

It would be sooo cool to have a clamped down Mac OS (like iOS) that is not open to software except for the Mac App Store, a brick firewall that woudnt allow anything past it.

Boom.

Problem solved. This approach is working now, and will continue to work if brought to OS X.

iWinning
Jun 1, 2011, 01:30 PM
it doesn't take a genius to NOT type in their password and install something.

It DOESNT require the password anymore :rolleyes:

batchtaster
Jun 1, 2011, 01:31 PM
These *******s need to be killed.

Full of Win
Jun 1, 2011, 01:32 PM
It would be sooo cool to have a clamped down Mac OS (like iOS) that is not open to software except for the Mac App Store, a brick firewall that woudnt allow anything past it.

'Cool' is not the first word that comes to mind.

benthewraith
Jun 1, 2011, 01:34 PM
For the love of God Apple, remove "Open safe files after download." That's the whole means of attack right there.

*LTD*
Jun 1, 2011, 01:34 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

These *******s need to be killed.

*Guaranteed* Apple already has a solution in the works. They will be damned if they'll allow OS X to become as bad as Windows.

It might be a drastic solution, but it'll be for the best. So stay tuned.

ezdz
Jun 1, 2011, 01:35 PM
I'm wondering how long it will be before someone makes a malware installer that tries to look like an osx system software update

iWinning
Jun 1, 2011, 01:36 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)



*Guaranteed* Apple already has a solution in the works. They will be damned if they'll allow OS X to become as bad as Windows.

It might be a drastic solution, but it'll be for the best. So stay tuned.

This was their solution and it did work.... for 8 hours.

People probably almost got a chance to install it before it was bypassed.

*LTD*
Jun 1, 2011, 01:37 PM
Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)



*Guaranteed* Apple already has a solution in the works. They will be damned if they'll allow OS X to become as bad as Windows.

It might be a drastic solution, but it'll be for the best. So stay tuned.

This was their solution and it did work.... for 8 hours.

People probably almost got a chance to install it before it was bypassed.

No, I don't mean this particular solution.

I mean something much, much deeper. ;)

Gruber's been talking about it and it's been mentioned here a few times.

batchtaster
Jun 1, 2011, 01:38 PM
This was their solution and it did work.... for 8 hours.

People probably almost got a chance to install it before it was bypassed.

You didn't read the release notes.

Amory
Jun 1, 2011, 01:42 PM
I have a question....

I work for Apple and WANT to install Mac Defender on my machine (external HD with OS X on it).

Anyone know where to find it? I am having a heck of a time finding it!

Apple...
Jun 1, 2011, 01:43 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)

I have a question....

I work for Apple and WANT to install Mac Defender on my machine (external HD with OS X on it).

Anyone know where to find it? I am having a heck of a time finding it!

What branch are you part of?

iWinning
Jun 1, 2011, 01:44 PM
Wirelessly posted (Opera/9.80 (iPhone; Opera Mini/6.13548/24.871; U; en) Presto/2.5.25 Version/10.54)



What branch are you part of?

AppleCare. lol

batchtaster
Jun 1, 2011, 01:45 PM
Next, I hate how people, instead of placing the blame on Apple for using such idiotic settings and somehow not being able to fix the issue AT ALL, try to say Microsoft is worse. If you knew anything about Microsoft you would know how serious they are with malware.

There is no technical hole to fix. It's a social hole. "Open safe files" or no-"open safe files", people are being socially engineered into stepping through the installer.

whooleytoo
Jun 1, 2011, 01:46 PM
This may be wandering a little OT, but how is this malware being propagated to so many sites? It seems (by some accounts) to be on quite a few.

Is it possible it's infecting sites via Google adverts?

batchtaster
Jun 1, 2011, 01:47 PM
I have a question....

I work for Apple and WANT to install Mac Defender on my machine (external HD with OS X on it).

Anyone know where to find it? I am having a heck of a time finding it!

Search for "Mothers Day Poems" on Google Images. Command-click each result (into a new tab). One of them will eventually redirect to a poison website with a fake "scanner", and trigger a file download. The redirect will happen on its own, so you can close all the non-poison hits. You may have to go through 30 or 40 results. Caveat emptor.

P.S. While you're doing that, feel free to report blogspot.com pages which pretend to have a "sexy girl" in your area wanting to talk to you. Hit the Report Blog button in the top of the toolbar.

maclaptop
Jun 1, 2011, 01:47 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I'm not.

Apple has made such a big deal about never having to worry about viruses/worms/malware et al, that the general computer using public thinks there's nothing wrong with clicking on whatever is of interest to them.

The slogan "It Just Works" has become an irrelevant statement.

Therefore now that the white hot spotlight of success is trained on Apple, there is incentive for hackers that simply didn't exist a few years ago.

Steve & Company are extremely bright and very clever. He saw this coming, I believe it's one of many reasons they are integrating iOS with OS X.

The next step is to phase out OS X, or limit it to only Apples most expensive machines like the Mac Pro.

The rest will be dumbed down and locked down so tight any idiot can play and not screw it up. Notice I said "play" that's because that's all the thing will be good for.

Then Apple will dredge up the old slogan again. Just push a button and presto it's running like any good appliance does.

The label on the side will say "not dishwasher or microwave safe" LOL

Lord Appleseed
Jun 1, 2011, 01:48 PM
i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Truth has been spoken.

Yeah I might have misunderstood that then. I guess most people here agree that MS should change something...

iWinning
Jun 1, 2011, 01:48 PM
There is no technical hole to fix. It's a social hole. "Open safe files" or no-"open safe files", people are being socially engineered into stepping through the installer.

And if you look at the videos you see how Microsoft fixed the social engineering part.

djrod
Jun 1, 2011, 01:48 PM
Is this only affecting US macs?

thunderclap
Jun 1, 2011, 01:49 PM
Suddenly, when I have an opinion against Apple, I am wrong? I think, they are not as serious about security as Microsoft are. Simple.

That's how it works here. Didn't you get the memo? :)

sillypooh
Jun 1, 2011, 01:50 PM
Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw! :eek:

batchtaster
Jun 1, 2011, 01:51 PM
And if you look at the videos you see how Microsoft fixed the social engineering part.

Precisely. My point exactly.

iWinning
Jun 1, 2011, 01:52 PM
Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw! :eek:

Iknowright.

Its so funny seeing how the company that people here worship cant even patch this correctly.

GFLPraxis
Jun 1, 2011, 01:56 PM
I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

I think it's the same reaction mechanics get when they get someone who shows up who has never changed the oil on their car or refilled the coolant and then wonders why the check engine light is on.

It's a sort of resigned amazement.

AidenShaw
Jun 1, 2011, 02:00 PM
i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Is it better to keep editing configuration files, if you can find them?

By the way, in regards to malware you should read up on the virtualized registry and virtualized filesystem in current Windows system. Some of your comments are not applicable to the current version of Windows.

ratsg
Jun 1, 2011, 02:04 PM
I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..


popular email tagline - Mac OS X - because making UNIX user friendly was easier than fixing windows.

blackburn
Jun 1, 2011, 02:13 PM
Safari should never attempt to open *anything*. There are other ways like tiff overflow exploits that are more dangerous anyway.

Let's just hope that apple fixes it sooner than later. I would like to know how the mac os x firewall let's Ti device explorer open an port for "TI Navigator Hub" since I've setup it to on and to block everything.

trunten
Jun 1, 2011, 02:20 PM
edit: decided not to feed the troll

Michaelgtrusa
Jun 1, 2011, 02:24 PM
Not surprised.

IngerMan
Jun 1, 2011, 02:26 PM
I would bet whom ever it is, they are reading this thread and getting their rocks off:eek: MacDefender, go back to your porn:cool:

elgrecomac
Jun 1, 2011, 02:29 PM
And you are a newbie?

I may be a late comer but I do have a life like most others and haven't been able to get an account and chat with you all.

I am 39 years old; that does not mean I am new to Apple or their products.

Suddenly, when I have an opinion against Apple, I am wrong? I think, they are not as serious about security as Microsoft are. Simple.

I maybe wrong, but that's how I feel.

Welcome to MACRUMORS...where our first rule is, if you speak poorly of all things JOBS, then you will get flamed.

iWinning
Jun 1, 2011, 02:29 PM
I would bet whom ever it is, they are reading this thread and getting their rocks off:eek: MacDefender, go back to your porn:cool:

Hes actually probably still laughing his ass off after getting a new version out only 8 hours after the security patch release. Apple needs something better than strict anti-malware definitions.

nixonhead
Jun 1, 2011, 02:30 PM
People should install applications only from App Store. This is easier + more secure.

MacPhilosopher
Jun 1, 2011, 02:33 PM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

Did you just give props to the malware designers? That's taking trolling to a new low.

Sodner
Jun 1, 2011, 02:36 PM
Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw! :eek:

Down right embarrassing for Apple. :confused:

Demigod Mac
Jun 1, 2011, 02:40 PM
I'm surprised the police cannot track the perps in this case considering the credit card info taken from its victims, then again there might be a huge well funded organization behind most kinds of phishing and malware.

In all likelihood, the police in Russia/Eastern Europe/China/India are receiving a cut of the profit from the malware authors.

AlligatorBloodz
Jun 1, 2011, 02:41 PM
This game of Cat and Mouse will end rather quickly when the Lion shows up...

0815
Jun 1, 2011, 02:44 PM
People should install applications only from App Store. This is easier + more secure.

WRONG - people should 'cancel' any installer that pops up unexpected. Simple rule: if you didn't initiate the install, don't install.

snberk103
Jun 1, 2011, 02:45 PM
My thinking is that now Apple has addressed this particular malware, it will soon (matter of weeks) fade away.

I don't know why it took Apple as long as it did to roll out the MacDefender defense, but... now that it's been released they can updated the signature quickly.

So, over the next couple of weeks all the vulnerable Macs are updated with this security update. Over the same time period the malware authors change the package to avoid detection. To be effective they need to change the package, and seed the new package to their poisoned websites. Then they have to wait for an unpatched Mac to happen on the poisoned link.

However, Apple is now updating all the of patched Macs daily, and each day their are more Macs patched. The window of opportunity for being infected is the time between Apple updates - about 24 hours for the package change and then the seeding. How many Macs are going to hit the poisoned link in that window?

I suspect that at some point the returns will not justify the work necessary. At the moment they've got a fairly clear field. Soon, their really going to have to work for the payoff.

macnchiefs
Jun 1, 2011, 02:45 PM
Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw! :eek:

Agreed, almost kind of scary how easy it was. Let's face it, to this point Apple hasn't needed to pay a whole lot of attention to security. They scoffed at Microsoft when it went through it's big ordeal years ago in dealing with malware.

I just hope that Apple is going to be very proactive in dealing with this.(I'm sure they will) They tend to take user privacy and user rights very seriously and I hope they start to pursue legitimate ways of keeping everyone's macs safe. Because this first attempt got an A for being proactive but overall the fix was pretty weak sauce if you ask me...

0815
Jun 1, 2011, 02:47 PM
This game of Cat and Mouse will end rather quickly when the Lion shows up...

Well you are sort of right - it will turn into a game of Lion and Mouse :cool:


My thinking is that now Apple has addressed this particular malware, it will soon (matter of weeks) fade away.

I don't know why it took Apple as long as it did to roll out the MacDefender defense, but... now that it's been released they can updated the signature quickly.

So, over the next couple of weeks all the vulnerable Macs are updated with this security update. Over the same time period the malware authors change the package to avoid detection. To be effective they need to change the package, and seed the new package to their poisoned websites. Then they have to wait for an unpatched Mac to happen on the poisoned link.

However, Apple is now updating all the of patched Macs daily, and each day their are more Macs patched. The window of opportunity for being infected is the time between Apple updates - about 24 hours for the package change and then the seeding. How many Macs are going to hit the poisoned link in that window?

I suspect that at some point the returns will not justify the work necessary. At the moment they've got a fairly clear field. Soon, their really going to have to work for the payoff.


Following that logic, there shouldn't be any viruses/malware/... for windows anymore.

The game has just started and will continue forever. Now even Mac Users have to be more careful what to click on. Even if Apple updates the database as fast as they can, there will always be a 'lead' by malware programmers, it first has to show up in the wild until the signature can be put in the database.

gnasher729
Jun 1, 2011, 02:56 PM
If I don't run in admin mode and run in standard mode instead, will I be safe from the malware? Also will installing iAntivirus help at all? :confused:

The malware cannot install itself. It can start the installer, and then _you_ have to click on an "Ok" button instead of "Cancel". If _you_ don't give it permission to install, nothing can happen.

And this malware is trying to persuade you to give them your credit card number. If you don't give them your credit card number, they won't hurt you, even if the malware gets installed. It is also very easy to uninstall. (However, it would be quite possible for future malware to do damage to your computer).

As always, you should have a Time Machine backup of your computer, and not much can hurt you, only inconvenience you.

Hes actually probably still laughing his ass off after getting a new version out only 8 hours after the security patch release. Apple needs something better than strict anti-malware definitions.

That malware was prepared long before Apple released the update, and only had to be uploaded to many infected servers. (Makes you wonder what OS these servers are running, allowing malware like that to be uploaded). I'd hope for updated virus definitions tomorrow; and then Apple should be able to recognize the whole family of software. At some point they won't make money with this software anymore.

TheLee
Jun 1, 2011, 03:01 PM
Is it better to keep editing configuration files, if you can find them?

yes. the benefit of individual config files is that you can leverage way more general purpose tools for stuff like this, and the systems i can think of that use individual configuration files have a well structured file system behavior (which the registry adds an unnecessary layer on top of). some of this doesn't apply to some of os x's plist or xmls as they've been turned into binary files, but general purpose OS X/*nix/bsd configs can be piped in and out of a wide array of general purpose tools. from a malware perspective, it mitigates threats as you have a complete separation of access controls between system-level and user-level configuration. from a purely stability and user perspective, configuration becomes more resilient to failure and easily redistributable.

i mean, it's kind of the same reason why, if you're coding a major program, you don't just put everything into one flat file filled with GOTO [line number] statements.

By the way, in regards to malware you should read up on the virtualized registry and virtualized filesystem in current Windows system. Some of your comments are not applicable to the current version of Windows.

i'm aware that ms has increased security and access controls in the registry. some of what i've said i've prefaced with a "back in the day" and "may not be true anymore". all of this in general has been part of a general increase in security that MS has implemented across the board; i'm not arguing that they haven't. but i still maintain that the registry possesses a lot of systems design problems, along with other MS ideas-that-sounded-good-back-in-the-90s, that predispose it to stability/security issues. many of their "solutions" are like transitory steps to move away from the fundamental architecture decisions that they had in the first place: virtualized registry access is basically recognizing that having one gigantic binary flat file was a bad idea and now it's emulating having separate configuration files with separate access levels.

i'm not quite sure what virtualized filesystems have to do with security/stability, though if you would enlighten me i'd appreciate it.

franswa za
Jun 1, 2011, 03:02 PM
WRONG - people should 'cancel' any installer that pops up unexpected. Simple rule: if you didn't initiate the install, don't install.

hehehe.. i agree

is that you agent 0815....... err....... steve....... err...... ballmer?

i'm sure HE is behind it............ all, and what...... NO rapture?

:p

quite re-assuring to see apple launch a 2.1ish meg security update to cope with this non- issue, as far as i am concerned....

too little aapl news, far too much press coverage

let's move on........... mind the gap!

take care out there!

francois

Lesser Evets
Jun 1, 2011, 03:03 PM
I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

wtf? You never got it, did you? IT DOWNLOADS ITSELF. It keeps doing it on my system, and I have to catch it and ditch it.

phpmaven
Jun 1, 2011, 03:03 PM
You provided a well written opposing view point. You are obviously a troll

*Sarcasm alert

Well written? He started his post out by congratulating the sleezeballs who are creating this crap for circumventing Apple's security. Then goes on to praise MS. The guys had an account for 2 weeks. Sounds like a troll to me.

You never got it, did you? IT DOWNLOADS ITSELF. It keeps doing it on my system, and I have to catch it and ditch it.

True, but it doesn't install itself, does it? :D

franswa za
Jun 1, 2011, 03:06 PM
wtf? You never got it, did you? IT DOWNLOADS ITSELF. It keeps doing it on my system, and I have to catch it and ditch it.

ag man, calm down, send it to me......... nada

hobo.hopkins
Jun 1, 2011, 03:16 PM
Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

How could you actually encourage or support people creating Malware? That is absolutely terrible. Whether or not Apple should "tighten up" is debatable, but the fact that those creating malware are doing a bad thing should not be.

Full of Win
Jun 1, 2011, 03:17 PM
This game of Cat and Mouse will end rather quickly when the Lion shows up...

Based on several years of using OS X... When this cat shows up, it will be toothless and feeble for several months.

franswa za
Jun 1, 2011, 03:19 PM
Based on several years of using OS X... When this cat shows up, it will be toothless and feeble for several months.

nai man, stop being so optimistic or simply return to windoze..........

:rolleyes:

*sarcasm alert?

z3r0
Jun 1, 2011, 03:26 PM
Take down/corrupt the registry and down goes the whole OS.

Mac OS X apps are self contained, no need for a registry.


Stating Microsoft take security seriously is a troll attempt? And what do you have against the registry, I'd prefer an easily searchable central registry of files rather than a million .ini files scattered the length and breadth of my hard drive.

AidenShaw
Jun 1, 2011, 03:28 PM
WRONG - people should 'cancel' any installer that pops up unexpected. Simple rule: if you didn't initiate the install, don't install.

As has been posted, one user was working with multiple tabs, and did download software in one tab. Another tab hit the malware, and when the install dialog appeared he authorized it.

Even careful, knowledgeable people can be bit by this.


yes. the benefit of individual config files is that you can leverage way more general purpose tools for stuff like this

Any registry operation is scriptable - you never need to run regedit.


i'm not quite sure what virtualized filesystems have to do with security/stability, though if you would enlighten me i'd appreciate it.

If malware creates files in %SystemRoot%\System32 or other system directories, they are actually created in a virtualized filesystem that only the malware program can see. The files are not visible to other users, nor to system programs.

True administrator access (e.g. a popup that asks for the Administrator password) is needed to change the real on-disk files.

Clearly, preventing malware from modifying the global filesystem is a good thing for security/stability.


Take down/corrupt the registry and down goes the whole OS.

Have you ever seen a registry that's been corrupted or "taken down".

Why do Apple users so often say "trash the plists" when a problem occurs?

How is a valid registry that contains evil data different from plist files that contain evil data?

GGJstudios
Jun 1, 2011, 03:30 PM
do you also think that doctors go around infecting people with illnesses so that they can stay in business?
Too many to list.
firemen go around setting houses a fire
Volunteer fireman pleads guilty to arson (http://www.upi.com/Top_News/US/2011/03/23/Volunteer-fireman-pleads-guilty-to-arson/UPI-17951300893396/)
Firefighter who admitted to arson fires gets long state prison term (http://www.tnonline.com/node/199019)
Former firefighter pleads guilty to arson (http://effinghamdailynews.com/local/x1907081983/Former-firefighter-pleads-guilty-to-arson)
Ex-firefighter convicted of arson (http://www.nashuatelegraph.com/newsstatenewengland/900707-227/ex-firefighter-convicted-of-arson.html)

0815
Jun 1, 2011, 03:32 PM
wtf? You never got it, did you? IT DOWNLOADS ITSELF. It keeps doing it on my system, and I have to catch it and ditch it.

'catch it' makes it sound like a lot of complicated work that only experts can do. I haven't had it yet - but to my understanding it will download to your download folder (and assuming you are not using Safari with open unsafe feature) it will just sit there doing nothing. They only work involved on your side should be to check that folder every once in a while and delete everything in there (which is anyway a good practice to do, too many [good] installers are collecting in there over time and take up too much disk space.

Amory
Jun 1, 2011, 03:32 PM
AppleCare. lol

haha, that is right. I am just tech support for Apple, not a developer or anything.

Just wanted to mess around with it and see how it works. Even though i talk people through it EVERY DAY, I just wanted to see what it is like first hand.

WissMAN
Jun 1, 2011, 03:32 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Troll... You love to be the first to write that word.

z3r0
Jun 1, 2011, 03:33 PM
Lion should fix things with sandboxing.

http://cocoaheads.tumblr.com/post/3483212346/lion-sandboxing-and-privilege-separation

I'm hoping its a direct port of FreeBSD Jails (http://www.freebsd.org/doc/handbook/jails.html). Capsicum (http://www.cl.cam.ac.uk/research/security/capsicum/) (more here (http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf)) and PF (http://www.openbsd.org/faq/pf/) would be a welcome as well. PF could be used to set up incoming and outgoing firewall rules.


Agreed, almost kind of scary how easy it was. Let's face it, to this point Apple hasn't needed to pay a whole lot of attention to security. They scoffed at Microsoft when it went through it's big ordeal years ago in dealing with malware.

I just hope that Apple is going to be very proactive in dealing with this.(I'm sure they will) They tend to take user privacy and user rights very seriously and I hope they start to pursue legitimate ways of keeping everyone's macs safe. Because this first attempt got an A for being proactive but overall the fix was pretty weak sauce if you ask me...

GGJstudios
Jun 1, 2011, 03:35 PM
Does Sophos detect that and get rid of it? If not, what is another software I can download that will identify MD?
Sophos is not recommended, as it can actually increase your Mac's vulnerability. Try ClamXav.
For more details: Mac Virus/Malware Info (http://forums.macrumors.com/showpost.php?p=9400648&postcount=4)

Amory
Jun 1, 2011, 03:35 PM
Search for "Mothers Day Poems" on Google Images. Command-click each result (into a new tab). One of them will eventually redirect to a poison website with a fake "scanner", and trigger a file download. The redirect will happen on its own, so you can close all the non-poison hits. You may have to go through 30 or 40 results. Caveat emptor.

P.S. While you're doing that, feel free to report blogspot.com pages which pretend to have a "sexy girl" in your area wanting to talk to you. Hit the Report Blog button in the top of the toolbar.

Awesome, thanks!

I saw one that showed searching for Osama Bin Laden gave it, but tried a bunch of different stuff and haven't been able to find it.

dejo
Jun 1, 2011, 03:40 PM
I work for Apple...

If you really do, you've violated your employment agreement by posting here, haven't you?

GGJstudios
Jun 1, 2011, 03:41 PM
If I don't run in admin mode and run in standard mode instead, will I be safe from the malware?
It makes no difference if you run in standard or admin mode. The only way to be safe from Mac OS X malware is to use your head: don't install software that you didn't intend to install, and only get software from reputable, trusted sources.
Also will installing iAntivirus help at all? :confused:
It's not necessary and I wouldn't trust it. AntiVirus makes inaccurate claims about the existence of Mac malware, in order to hype the need for their product. This post (http://forums.macrumors.com/showpost.php?p=7174192&postcount=15) will give details.
I work for Apple
I seriously doubt that.

BLACKFRIDAY
Jun 1, 2011, 03:41 PM
If you really do, you've violated your employment agreement by posting here, haven't you?

No he hasn't.

rdlink
Jun 1, 2011, 03:41 PM
I think it's time to bring Seal Team 6 down on these guys. Two taps between the eyes. ;)

GGJstudios
Jun 1, 2011, 03:44 PM
Is this the beginning of the end for the Mac's malware protection? :eek:
No, it isn't. Mac's best malware protection has been the same for the past 10 years: an informed, prudent user who thinks before doing anything, especially when choosing and installing software. That's all that's required.