Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 20, 2011, 10:54 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple and 'Mac Defender' Malware Authors Continue Cat-and-Mouse Game




It has been seven weeks since the "Mac Defender" malware first gained significant publicity, and we've seen Apple in response step up its anti-malware efforts with the release of a security update late last month that not only addressed the known Mac Defender variants at that time but also introduced daily checks for new malware definitions. The action significantly expanded the rudimentary anti-malware capabilities introduced with the launch of Mac OS X Snow Leopard.

The creators of the "Mac Defender" malware have not, however, given up in the face of Apple's increased defenses, moving within hours to release a new variant evading detection. Apple responded quickly, however, adding new definitions to detect the variant within a day.




That cat-and-mouse game has continued for the past three weeks, with Apple issuing new malware definitions on a nearly daily basis and the File Quarantine functionality defined by Apple's updated Xprotect.plist file now detecting 15 different variants of Mac Defender. While reports of users falling for the ruse and installing Mac Defender have declined in recent weeks as increasing numbers of users have installed the security update and had their anti-malware definitions updated, some users are still reporting difficulties stemming from the software.

Consequently, it seems reasonable to conclude that Apple has significantly eaten into the profitability of the existing Mac Defender scam, but it is unclear whether the malware writers will simply continue to slightly tweak the existing implementation and infect however many computers they can before Apple quickly updates the definitions or if they (and undoubtedly others) have broader plans in mind now that they have determined how Apple is addressing the threat.

Article Link: Apple and 'Mac Defender' Malware Authors Continue Cat-and-Mouse Game
MacRumors is offline   1 Reply With Quote
Old Jun 20, 2011, 10:59 AM   #2
iekozz
macrumors member
 
Join Date: Nov 2009
Location: Amsterdam
Yes, OS X is more secure than Windows, but it will only be a matter of time before we will get many more virusses on OS X.

The virusses will be harder to make of course, but it's a logical result of the popularity of the mac platform.
iekozz is offline   -17 Reply With Quote
Old Jun 20, 2011, 11:02 AM   #3
Kilamite
macrumors G3
 
Kilamite's Avatar
 
Join Date: Mar 2007
Location: Scotland
This is why the Mac App Store is good.

Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
__________________
15" MacBook Pro 2GHz i7 8GB 750GB Hybrid | Mac mini 2.3GHz i7 16GB 1TB Fusion | OS X 10.10
iPhone 5 64GB | Apple TV 3 1080p | iOS 8.1
Home Theatre Hackintosh i3 3.5GHz 4GB 3TB | OS X 10.9
Kilamite is offline   3 Reply With Quote
Old Jun 20, 2011, 11:06 AM   #4
justinfreid
macrumors 6502
 
Join Date: Nov 2009
Location: NEW Jersey / USA
 
Send a message via ICQ to justinfreid Send a message via AIM to justinfreid Send a message via MSN to justinfreid Send a message via Yahoo to justinfreid Send a message via Skype™ to justinfreid
Cat vs. Cat?

Quote:
Originally Posted by Kilamite View Post
This is why the Mac App Store is good.

Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
So you're saying that Apple is behind this malware and is using it as a way to scare people into only installing software via the Mac App Store???
I'm kidding, of course, but let's see how many down arrows this post'll get.

Plenty of other file types will still need to be downloaded and double clicked and the contents of a DMG can contain executables alongside other files. Maybe more context about the opening a file and what it can do would be useful in the password challenge boxes that OS X shows would help.
__________________
inThirty.net - New, 30 minute, tech podcast on iTunes
JustinFreid.com | Twitter.com/JustinFreid | Facebook.com/JustinFreid
Think different? Install OS X on anything x86 / Jailbreak iOS

Last edited by justinfreid; Jun 20, 2011 at 11:12 AM. Reason: adding a reasonable comment
justinfreid is offline   1 Reply With Quote
Old Jun 20, 2011, 11:11 AM   #5
dukebound85
macrumors P6
 
dukebound85's Avatar
 
Join Date: Jul 2005
Location: 5045 feet above sea level
Quote:
Originally Posted by iekozz View Post
Yes, OS X is more secure than Windows, but it will only be a matter of time before we will get many more virusses on OS X.

The virusses will be harder to make of course, but it's a logical result of the popularity of the mac platform.
I don't think you know what a virus is if you think macdefender is one
dukebound85 is offline   17 Reply With Quote
Old Jun 20, 2011, 11:22 AM   #6
euphlyusUNO
macrumors member
 
Join Date: Jun 2011
It's good to see Apple is taking the Malware seriously and reacting fast, but I wonder how long will they be able to keep up with such attacks? Will we also have to deal with the madness of third-party anti-malware\virus softwares? I hope not!

@iekozz: I wouldn't say OS X is secure, I'd rather say it's safe (if you knw what i mean)
euphlyusUNO is offline   -2 Reply With Quote
Old Jun 20, 2011, 11:24 AM   #7
C00rDiNaT0r
macrumors regular
 
Join Date: Jan 2006
Send a message via AIM to C00rDiNaT0r Send a message via MSN to C00rDiNaT0r
Can't Apple build some kind of sandbox mechanism that simulates an install and scan for text strings like "credit card" from the app's popup dialog boxes? That way they can warn the users before they actually install the app.
C00rDiNaT0r is offline   0 Reply With Quote
Old Jun 20, 2011, 11:29 AM   #8
euphlyusUNO
macrumors member
 
Join Date: Jun 2011
Quote:
Originally Posted by justinfreid View Post
So you're saying that Apple is behind this malware and is using it as a way to scare people into only installing software via the Mac App Store???
I'm kidding, of course, but let's see how many down arrows this post'll get.

Plenty of other file types will still need to be downloaded and double clicked and the contents of a DMG can contain executables alongside other files. Maybe more context about the opening a file and what it can do would be useful in the password challenge boxes that OS X shows would help.

The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
euphlyusUNO is offline   2 Reply With Quote
Old Jun 20, 2011, 11:31 AM   #9
nerdo
macrumors regular
 
Join Date: Dec 2010
The most confusing part in all of this is the mac defender advertising from macupdate.
__________________
nerdo is offline   0 Reply With Quote
Old Jun 20, 2011, 11:45 AM   #10
Sjhonny
macrumors 6502
 
Join Date: Feb 2011
Location: The land of the cucumbers
Quote:
Originally Posted by Kilamite View Post
This is why the Mac App Store is good.

Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
That's just not true. How many times did an app (for iOS) included an unadvertised feature and got through the review? Just last week, this guy who said he 'just' collected passwords, set for his applications (without IP or other user information; we can be sure that not advertising the IP is ********). And about the jailbreaks? How many exploits aren't know to the public you think? The same goes for OS X.
__________________
I'm Random, you're number two
Sjhonny is offline   -6 Reply With Quote
Old Jun 20, 2011, 12:10 PM   #11
NAG
macrumors 68030
 
NAG's Avatar
 
Join Date: Aug 2003
Location: /usr/local/apps/nag
Quote:
Originally Posted by Sjhonny View Post
That's just not true. How many times did an app (for iOS) included an unadvertised feature and got through the review? Just last week, this guy who said he 'just' collected passwords, set for his applications (without IP or other user information; we can be sure that not advertising the IP is ********). And about the jailbreaks? How many exploits aren't know to the public you think? The same goes for OS X.
Compared to how many trojans in the various Android marketplaces? Like it or not, curation significantly decreases malware. Openness (or whatever it is that Google is selling) can't protect someone who is not as computer savvy.

I don't think anyone is arguing that the various Apple app stores are completely safe. Apple obviously isn't going through the programs line by line and doing a full audit before publishing an app to the store. They could do better too (too many SEO apps in the store preying on people who just do a simple search). I feel it is a better environment for most users, though.

Essentially, Apple should get rid of that stupid open "safe" preference (ignoring how it is default for some stupid reason) and default new installs to only let you get apps from the app store with a preference somewhere for you to let you use apps from elsewhere. I.E. make people show they have sufficient skill to not fall prey to trojans that go after low hanging fruit.
NAG is offline   3 Reply With Quote
Old Jun 20, 2011, 12:13 PM   #12
notjustjay
macrumors 603
 
notjustjay's Avatar
 
Join Date: Sep 2003
Location: Canada, eh?
OK, so at this point, aren't we solving the wrong problem?

Someone is out there, continually writing and rewriting variants of MacDefender to overcome each of Apple's moves to block it.

Why are we not able to find them and arrest them?

Presumably this is not some teenage hacker looking for fame and glory. There is an actual attempt to profit from this scam by "selling" MacDefender services, right? That means credit cards and bank accounts, right? Doesn't that mean they can be traced?
__________________
.
notjustjay is offline   4 Reply With Quote
Old Jun 20, 2011, 12:16 PM   #13
justinfreid
macrumors 6502
 
Join Date: Nov 2009
Location: NEW Jersey / USA
 
Send a message via ICQ to justinfreid Send a message via AIM to justinfreid Send a message via MSN to justinfreid Send a message via Yahoo to justinfreid Send a message via Skype™ to justinfreid
Quote:
Originally Posted by euphlyusUNO View Post
The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
Sure, those are two of the most important vectors, but I think you also have to consider USB memory sticks and network based file sharing, especially with the addition of AirDrop in Lion, as sources of infection.
Apple seems to have chosen to maintain an ever growing blacklist to keep known malware out of OS X. That's a pretty tall order, but hopefully they can stay ahead of the game.
__________________
inThirty.net - New, 30 minute, tech podcast on iTunes
JustinFreid.com | Twitter.com/JustinFreid | Facebook.com/JustinFreid
Think different? Install OS X on anything x86 / Jailbreak iOS
justinfreid is offline   2 Reply With Quote
Old Jun 20, 2011, 12:30 PM   #14
morespce54
macrumors 65816
 
morespce54's Avatar
 
Join Date: Apr 2004
Location: Around the World
Quote:
Originally Posted by Kilamite View Post
This is why the Mac App Store is good.

Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
The MAS may be a good idea but it's far from perfect. First off, apps and extensions like Little Snitch, Perian, Mac Fuse, Quicksilver and so on will never be available through the MAS (with the current rules) but they're essential tools for a lot of us...
__________________
..:.::.:.:.::..:.: Oh, I get it. It's very clever :.:.::.:.:.::.:..:.::..:.::.:..:.::.:.::.:.::..
DO NOT OPERATE YOUR COMPUTER UNDER THE INFLUENCE!
morespce54 is offline   1 Reply With Quote
Old Jun 20, 2011, 12:39 PM   #15
derbothaus
macrumors 601
 
derbothaus's Avatar
 
Join Date: Jul 2010
Too bad it is setup in redirects on Google Images. I have had it download at least 10-15 times in the last week. I have all previous 212.x.x.x redirected but they keep switching up the originating IP's.
__________________
Mac Pro W3680, GTX 680, 12GB DDR3, SSD; MBP, 2.6GHz Core i7, 16GB DDR3, SSD; Eizo fs2333
derbothaus is offline   0 Reply With Quote
Old Jun 20, 2011, 12:39 PM   #16
andys53
macrumors member
 
Join Date: Jun 2009
Location: U.K.
But

Quote:
Originally Posted by euphlyusUNO View Post
The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
It's already perfectly secure, users maybe aren't but you can't blame Apple for that.
__________________
15" 320 GB 2.4GHz DDR3 i5 MBP, rarely used 24" Aluminium iMac 500GB core 2 duo, 32GB iPhone 4. (Soon to be iPhone 5, hopefully)
andys53 is offline   2 Reply With Quote
Old Jun 20, 2011, 12:50 PM   #17
interrobang
macrumors 6502
 
Join Date: May 2011
Quote:
Originally Posted by notjustjay View Post
OK, so at this point, aren't we solving the wrong problem?

Someone is out there, continually writing and rewriting variants of MacDefender to overcome each of Apple's moves to block it.

Why are we not able to find them and arrest them?

Presumably this is not some teenage hacker looking for fame and glory. There is an actual attempt to profit from this scam by "selling" MacDefender services, right? That means credit cards and bank accounts, right? Doesn't that mean they can be traced?
They're typically in Russia, China, Vietnam, or another country that doesn't care what its nationals do to foreigners over the Internet and won't extradite or prosecute. Sometimes they're westerners who set up accounts and fronts overseas.

They're traceable, sure, but there's nothing you can do when you find them. And they're small-time enough that the FBI just shakes its bureaucratic head and says, "Hope you learned your lesson, be more careful next time."
interrobang is offline   1 Reply With Quote
Old Jun 20, 2011, 01:42 PM   #18
dolph0291
macrumors member
 
Join Date: Feb 2011
Quote:
Originally Posted by notjustjay View Post
OK, so at this point, aren't we solving the wrong problem?

Someone is out there, continually writing and rewriting variants of MacDefender to overcome each of Apple's moves to block it.

Why are we not able to find them and arrest them?

Presumably this is not some teenage hacker looking for fame and glory. There is an actual attempt to profit from this scam by "selling" MacDefender services, right? That means credit cards and bank accounts, right? Doesn't that mean they can be traced?
Don't worry, there are a lot of people working on doing that right now, I am sure. I ran a small commerce website that was under a DoS attach by someone trying to gain free services... anyway, the FBI was all over it and caught and arrested the guy, who was in the Caribbean. We were small time. I could only imagine what kind of power is working on Apple's behalf.
dolph0291 is offline   0 Reply With Quote
Old Jun 20, 2011, 01:46 PM   #19
dolph0291
macrumors member
 
Join Date: Feb 2011
Quote:
Originally Posted by interrobang View Post
They're typically in Russia, China, Vietnam, or another country that doesn't care what its nationals do to foreigners over the Internet and won't extradite or prosecute. Sometimes they're westerners who set up accounts and fronts overseas.

They're traceable, sure, but there's nothing you can do when you find them. And they're small-time enough that the FBI just shakes its bureaucratic head and says, "Hope you learned your lesson, be more careful next time."
You have to be kidding. Credit card fraud, especially on this level, is never small-time in the FBI's eyes. The RIAA has been successful in getting Russian MP3 sites closed, what makes you think the FBI won't be successful here?
dolph0291 is offline   0 Reply With Quote
Old Jun 20, 2011, 01:55 PM   #20
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nerdo View Post
The most confusing part in all of this is the mac defender advertising from macupdate.
I am pretty MACDefender is not being advertised on MacUpdate.

Are you sure that it is not Mac Keeper being advertised?
__________________
Mac Security Suggestions

Last edited by munkery; Jun 20, 2011 at 02:04 PM.
munkery is offline   0 Reply With Quote
Old Jun 20, 2011, 02:14 PM   #21
euphlyusUNO
macrumors member
 
Join Date: Jun 2011
Quote:
Originally Posted by andys53 View Post
It's already perfectly secure, users maybe aren't but you can't blame Apple for that.
Firstly, I'm not blaming Apple, actually, I'm not "blaming" anyone.

Next, can you define the word "perfectly secure"? I would say that's a gross overstatement. There's no software in this world that's "perfectly secure".

Apple releases "patches" which fix "exploits". Exploits are ways in which hackers/programs can bypass a security provision, like MacDefender which bypasses the admin password requirement (http://www.itechgiz.com/2011/05/mac-...d-requirements). I can give you several other examples where exploits have been written to undermine OS X's security (the iPhone/safari jail-break thing)

That said, I still think OS X is safer than Windows, and I think Apple has created a platform from where it can build to actually become a more secure system.

Last edited by euphlyusUNO; Jun 20, 2011 at 02:27 PM.
euphlyusUNO is offline   0 Reply With Quote
Old Jun 20, 2011, 02:20 PM   #22
ten-oak-druid
macrumors 68000
 
ten-oak-druid's Avatar
 
Join Date: Jan 2010
I really think Apple has to remove the Safari preference to open trusted files after download. That seems to be the problem for people getting hit by this. Although it is not clear why these files would be "trusted". Perhaps it isn't a big deal but I think Apple should remove that anyway.

It certainly isn't as a big a problem as internet explorer on Windows having password autofill on as default. I luckily found that out when having to use a Windows machine. I was careful and checked after logging out on a public machine and had to get help disabling that feature. The guy maintaining the machines only had a few to keep running and was an Apple user so he never guessed such a thing would be the case. After that it became part of his routine to disable that when setting up machines.

This is particular malware on the Mac is just the decennial malware. It is a good time for the anti-Apple crowd. They get to believe they can finally say Apple isn't safe. Of course it won;t last long.
__________________
Sure Timothy Dolan looks nice in that flamboyant robe but he is just too intolerant to respect.
ten-oak-druid is offline   0 Reply With Quote
Old Jun 20, 2011, 02:23 PM   #23
res1233
Banned
 
Join Date: Dec 2008
Location: Brooklyn, NY
Quote:
Originally Posted by munkery View Post
I am pretty MACDefender is not being advertised on MacUpdate.

Are you sure that it is not Mac Keeper being advertised?
Reading comprehension fail. MacDefender advertising FROM macupdate, not ON macupdate. macupdate has always seemed a bit shady to me tbh, but not THAT shady.
res1233 is offline   0 Reply With Quote
Old Jun 20, 2011, 02:37 PM   #24
Dr Kevorkian94
macrumors 68020
 
Dr Kevorkian94's Avatar
 
Join Date: Jun 2009
Location: # 12 Grimmauld Place
its funny yesterday i searched star treck idk y i just was watching it lol, and i got some mac defender all up in my grillz but i been smart and was like aight and i closed my internet.

translation: i actually found it and then just quit safari.
__________________
The Artfull Dodger
Dr Kevorkian94 is offline   0 Reply With Quote
Old Jun 20, 2011, 02:46 PM   #25
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by res1233 View Post
Reading comprehension fail. MacDefender advertising FROM macupdate, not ON macupdate. macupdate has always seemed a bit shady to me tbh, but not THAT shady.
I think you mean to say that it was a grammar fail on the part of the other uninformed poster.

On what webpages has MacUpdate advertised MACDefender?

Unless, the poster was referring to Mac Keeper which is not malware or related to MACDefender.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
[GAME][Puzzle] Fidget Cat Englave iPad Apps 1 Apr 20, 2014 06:40 PM
[GAME][Puzzle] Fidget Cat Englave iPhone and iPod touch Apps 1 Apr 20, 2014 06:40 PM
[NEW FREE GAME] - Cat Knap mokoolapps iPhone and iPod touch Apps 0 Nov 19, 2013 12:12 AM
Nyan cat begin - iphone&ipad game from Fortunacus lucas game fortunacus iPhone and iPod touch Apps 0 Nov 12, 2012 08:14 PM
Apple's plan to keep malware off the Mac gman27 OS X 4 Jul 13, 2012 11:06 AM

Forum Jump

All times are GMT -5. The time now is 01:40 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC