Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 13, 2012, 09:02 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan




Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

Quote:
When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.
Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.

Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Article Link: Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan
MacRumors is offline   0 Reply With Quote
Old Dec 13, 2012, 09:03 AM   #2
Joe-Diver
macrumors 6502
 
Join Date: Aug 2009
Gotta keep on top of it.
__________________
24" iMac Aluminum; 17" uMBP (mid 09); 32Gb iPhone4;16Gb iPod Nano 6g Green; 32Gb iPad Air; ATv2
Joe-Diver is offline   0 Reply With Quote
Old Dec 13, 2012, 09:06 AM   #3
LimeiBook86
macrumors 604
 
LimeiBook86's Avatar
 
Join Date: May 2002
Location: Hanging around in NJ with his cutie. :)
Send a message via AIM to LimeiBook86 Send a message via MSN to LimeiBook86 Send a message via Yahoo to LimeiBook86
Glad to see Apple keeping things up to date. I haven't heard of this scam but it sure seems like it could be quite dangerous!
__________________
My 'How to Draw Fun Animals' iBook is now on iTunes
"Just you try and stop me..."
My Site Thrift Fails Tech Blog
LimeiBook86 is online now   0 Reply With Quote
Old Dec 13, 2012, 09:48 AM   #4
MacFoodPoisoner
Banned
 
Join Date: Dec 2012
Quote:
Originally Posted by LimeiBook86 View Post
Glad to see Apple keeping things up to date.
Not exactly keeping up to date when they managed to compromise at least 500,000 users data last year with the flashback trojan.

So far they 've only been "in talks" with security firms, unless they stop being cheapskates and start purchasing and incorporating some security companies to work on os x's security they won't be able to keep up with half measures. They 've grown way too large to keep ignoring the threats.

So, cough it up apple, we as users have been coughing up 50% margins long enough so you can afford it...
MacFoodPoisoner is offline   3 Reply With Quote
Old Dec 13, 2012, 09:07 AM   #5
mw360
macrumors 6502a
 
Join Date: Aug 2010
I don't understand how these scams can operate without the perps being instantly tracked down and thrown in a cell. Surely somebody regulates who is and isn't allowed to charge for sending SMS messages.
mw360 is online now   1 Reply With Quote
Old Dec 13, 2012, 09:14 AM   #6
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
Quote:
Originally Posted by MacRumors View Post
.....Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009.

Article Link: Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan
Always glad to read those eight words.
macs4nw is offline   0 Reply With Quote
Old Dec 13, 2012, 09:06 AM   #7
Simplicated
macrumors 65816
 
Simplicated's Avatar
 
Join Date: Sep 2008
Location: Ingsoc
So did this Trojan manage to bypass Gatekeeper?
Simplicated is offline   0 Reply With Quote
Old Dec 13, 2012, 09:08 AM   #8
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by Simplicated View Post
So did this Trojan manage to bypass Gatekeeper?
No it doesn't. You have to put in your password into the warning that says "this application isn't approved by apple and may cause unintended operation" or something like that.
spyguy10709 is offline   4 Reply With Quote
Old Dec 13, 2012, 09:18 AM   #9
DeathChill
macrumors 68000
 
Join Date: Jul 2005
Quote:
Originally Posted by spyguy10709 View Post
No it doesn't. You have to put in your password into the warning that says "this application isn't approved by apple and may cause unintended operation" or something like that.
I don't think it gives you any option to open it if Gatekeeper is active. You can right click it and hit 'Open' or turn off Gatekeeper but I don't think it gives you an option to run it as most people would click okay anyways.
DeathChill is offline   1 Reply With Quote
Old Dec 13, 2012, 09:08 AM   #10
jwsmiths
macrumors member
 
Join Date: Jul 2006
Quote:
Originally Posted by Simplicated View Post
So did this Trojan manage to bypass Gatekeeper?
They must be using some other installer that some legitimate companies have used... But this does seem like something gatekeeper should be able to stop if that isn't the case!
jwsmiths is offline   0 Reply With Quote
Old Dec 14, 2012, 10:56 AM   #11
charlituna
macrumors 604
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by Simplicated View Post
So did this Trojan manage to bypass Gatekeeper?
Pre mountain on software. Or non App Store software. Remember that you can have both on the computer without jailbreaking it.

----------

Quote:
Originally Posted by ArtOfWarfare View Post
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
You signed up for this service so there's no reason for the phone company to question it.

Common sense on the user part is a big factor in this. If you use some you are generally safe. If you don't, oh well.

----------

Quote:
Originally Posted by PowerPCMacMan View Post
. Now Apple is getting viruses and malware. Terrible if u ask me.
Malware sure, if the users are dumb enough to fall for these kind of stunts. But viruses, not really. There's been perhaps 1 Mac ox virus in the wild, the rest were Trojans. And most the same phishing stunt style
charlituna is offline   1 Reply With Quote
Old Dec 13, 2012, 09:07 AM   #12
Sony311
macrumors member
 
Join Date: Feb 2012
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Sony311 is offline   4 Reply With Quote
Old Dec 13, 2012, 09:09 AM   #13
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
spyguy10709 is offline   20 Reply With Quote
Old Dec 13, 2012, 09:11 AM   #14
mw360
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
From wikipedia:

Quote:
A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.
Quote:
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.
This is neither. Its a plain old scam.
mw360 is online now   11 Reply With Quote
Old Dec 13, 2012, 09:15 AM   #15
Joe-Diver
macrumors 6502
 
Join Date: Aug 2009
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL.
LOL....please learn what a virus is.....and take a look at file permissions (UID/GID)....then maybe you'll understand what is actually happening here.
__________________
24" iMac Aluminum; 17" uMBP (mid 09); 32Gb iPhone4;16Gb iPod Nano 6g Green; 32Gb iPad Air; ATv2
Joe-Diver is offline   4 Reply With Quote
Old Dec 13, 2012, 09:15 AM   #16
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Since this application is neither a virus nor spyware I'd say people are quite right.
gnasher729 is offline   12 Reply With Quote
Old Dec 13, 2012, 09:15 AM   #17
PowerPCMacMan
Banned
 
Join Date: Jul 2012
Location: PowerPC land
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

Last edited by dejo; Dec 13, 2012 at 11:40 AM. Reason: Fixed quote.
PowerPCMacMan is offline   1 Reply With Quote
Old Dec 13, 2012, 09:20 AM   #18
mw360
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
How'd you explain Android malware, or iOS malware then? It's really not the CPU that's vulnerable, is the OS. And by the way, OSX, Windows 7/8, and Android aren't even that vulnerable now, it's the users that are the weak link in the chain.

Last edited by dejo; Dec 13, 2012 at 11:40 AM. Reason: Fixed quote.
mw360 is online now   3 Reply With Quote
Old Dec 13, 2012, 09:27 AM   #19
0815
macrumors 65816
 
0815's Avatar
 
Join Date: Jul 2010
Location: here and there
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
No no no ... the 'processor' has nothing to do with viruses or like in this case lame phishing attempts.

It is only that MacOS has finally reached the critical mass that it is more interesting to target mac os users. This would also happened on PowerPC if it would have been more successful during that time.

But anyway - this is still not a real virus - it requires that user to download something, click the installer, enter the password, click through the warnings, enter the SMS and reply to it (or use it's 'code') ... all user initiated, nothing happens hidden in the background.
__________________
sent from my computer

Last edited by 0815; Dec 13, 2012 at 09:38 AM.
0815 is offline   4 Reply With Quote
Old Dec 14, 2012, 12:29 AM   #20
tech4all
macrumors 68030
 
tech4all's Avatar
 
Join Date: Jun 2004
Location: NorCal
Quote:
Originally Posted by 0815 View Post
No no no ... the 'processor' has nothing to do with viruses or like in this case lame phishing attempts.

It is only that MacOS has finally reached the critical mass that it is more interesting to target mac os users. This would also happened on PowerPC if it would have been more successful during that time.

But anyway - this is still not a real virus - it requires that user to download something, click the installer, enter the password, click through the warnings, enter the SMS and reply to it (or use it's 'code') ... all user initiated, nothing happens hidden in the background.
Then how do you explain OS 9's viruses even though it had even less of user base than OS X?
__________________
I use OS X because of Windows. And I use Android because of iOS.
tech4all is offline   1 Reply With Quote
Old Dec 14, 2012, 03:25 AM   #21
92jlee
macrumors 6502
 
Join Date: Sep 2009
Location: Cardiff, Wales, UK
Send a message via MSN to 92jlee
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
Hardware has nothing to do with osx having viruses, its all down to popularity. why write a virus when macs are only 5% of PCs? Apple has become a lot more popular since the Intel switch, I don't have figures here but more than the % they had with PPC.

Last edited by stridemat; Dec 16, 2012 at 03:31 AM. Reason: cleanup
92jlee is offline   0 Reply With Quote
Old Dec 14, 2012, 04:02 AM   #22
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
no more trouble than Windows uses aready have now..
__________________
15" Macbook Pro i7 750Gig HD 8Gig Ram, Apple TV (3rd-Gen.), iPhone 5S 16Gig, iPad (4th-Gen.) 16Gig, Mac Mini 2.3Ghz i7 750Gig HD

"There are no stupid questions, just stupid people."

Last edited by Tech198; Dec 14, 2012 at 04:11 AM.
Tech198 is offline   0 Reply With Quote
Old Dec 14, 2012, 09:54 PM   #23
linuxcooldude
macrumors 65816
 
Join Date: Mar 2010
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
OS9 & bellow had 40 some odd viruses, trojans. Once Apple went to Mac OSX is virtually went to nil. Most of what Mac users get now is scammed by not knowing what they are doing.

In nearly all cases they have to type in their Administrators password with their own hands and in some cases their own phone numbers or sensitive data.

The operating system is working as it should to protecting the computer. But cannot protect the computer from the owner themselves blatantly typing things in without knowing what their doing or where it came from.

Quote:
Not exactly keeping up to date when they managed to compromise at least 500,000 users data last year with the flashback trojan.
Again by users themselves not knowing what they are doing.
__________________
Techshow:http://www.justin.tv/linuxcooldude
linuxcooldude is offline   1 Reply With Quote
Old Dec 14, 2012, 10:00 PM   #24
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
Quote:
Originally Posted by linuxcooldude View Post
OS9 & bellow had 40 some odd viruses, trojans. Once Apple went to Mac OSX is virtually went to nil. Most of what Mac users get now is scammed by not knowing what they are doing.

In nearly all cases they have to type in their Administrators password with their own hands and in some cases their own phone numbers or sensitive data.

The operating system is working as it should to protecting the computer. But cannot protect the computer from the owner themselves blatantly typing things in without knowing what their doing or where it came from.



Again by users themselves not knowing what they are doing.
The problem also comes from those 'random" people who just go to any website without knowing what it is, or who owns it ...... That one website you opened yesterday, could now be infected and no one would know it.... even legitimate websites could (in theory) be as well, thats why "no script" exists. While not full proof, and nothing ever is, its still up to the user to make their own decision..... I bet you anything half the people who got infected by the flashback tool never took notice of what URL they were going to.
__________________
15" Macbook Pro i7 750Gig HD 8Gig Ram, Apple TV (3rd-Gen.), iPhone 5S 16Gig, iPad (4th-Gen.) 16Gig, Mac Mini 2.3Ghz i7 750Gig HD

"There are no stupid questions, just stupid people."
Tech198 is offline   1 Reply With Quote
Old Dec 14, 2012, 10:13 PM   #25
linuxcooldude
macrumors 65816
 
Join Date: Mar 2010
Quote:
Originally Posted by Tech198 View Post
The problem also comes from those 'random" people who just go to any website without knowing what it is, or who owns it ...... That one website you opened yesterday, could now be infected and no one would know it.... even legitimate websites could (in theory) be as well, thats why "no script" exists. While not full proof, and nothing ever is, its still up to the user to make their own decision..... I bet you anything half the people who got infected by the flashback tool never took notice of what URL they were going to.
Yeah, I remember going to some random website, a popup would tell me my windows PC is infected with a virus ( I was Running Linux at the time...lol ) With a cheap java/flash animation.

I think the best protection & security is knowledge. If a popup tells you need to install such and such file to use/view the website would raise a red flag with me.
__________________
Techshow:http://www.justin.tv/linuxcooldude
linuxcooldude is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:43 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC