Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 13, 2012, 10:02 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan




Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

Quote:
When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.
Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.

Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Article Link: Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan
MacRumors is offline   0 Reply With Quote
Old Dec 13, 2012, 10:03 AM   #2
Joe-Diver
macrumors 6502
 
Join Date: Aug 2009
Gotta keep on top of it.
__________________
24" iMac Aluminum; 17" uMBP (mid 09); 32Gb iPhone4;16Gb iPod Nano 6g Green; 32Gb iPad Air; ATv2
Joe-Diver is offline   0 Reply With Quote
Old Dec 13, 2012, 10:06 AM   #3
Simplicated
macrumors 65816
 
Simplicated's Avatar
 
Join Date: Sep 2008
Location: Waterloo, ON
So did this Trojan manage to bypass Gatekeeper?
__________________
Clarus says "Moof!"
Simplicated is offline   0 Reply With Quote
Old Dec 13, 2012, 10:06 AM   #4
LimeiBook86
macrumors 604
 
LimeiBook86's Avatar
 
Join Date: May 2002
Location: Hanging around in NJ with his cutie. :)
Send a message via AIM to LimeiBook86 Send a message via MSN to LimeiBook86 Send a message via Yahoo to LimeiBook86
Glad to see Apple keeping things up to date. I haven't heard of this scam but it sure seems like it could be quite dangerous!
__________________
My 'How to Draw Fun Animals' iBook is now on iTunes
"Just you try and stop me..."
My Site Thrift Fails Tech Blog
LimeiBook86 is offline   0 Reply With Quote
Old Dec 13, 2012, 10:07 AM   #5
Sony311
macrumors member
 
Join Date: Feb 2012
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Sony311 is offline   4 Reply With Quote
Old Dec 13, 2012, 10:07 AM   #6
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this
spyguy10709 is offline   15 Reply With Quote
Old Dec 13, 2012, 10:07 AM   #7
mw360
macrumors 6502a
 
Join Date: Aug 2010
I don't understand how these scams can operate without the perps being instantly tracked down and thrown in a cell. Surely somebody regulates who is and isn't allowed to charge for sending SMS messages.
mw360 is offline   1 Reply With Quote
Old Dec 13, 2012, 10:08 AM   #8
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
ArtOfWarfare is offline   8 Reply With Quote
Old Dec 13, 2012, 10:08 AM   #9
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by Simplicated View Post
So did this Trojan manage to bypass Gatekeeper?
No it doesn't. You have to put in your password into the warning that says "this application isn't approved by apple and may cause unintended operation" or something like that.
spyguy10709 is offline   4 Reply With Quote
Old Dec 13, 2012, 10:08 AM   #10
jwsmiths
macrumors member
 
Join Date: Jul 2006
Quote:
Originally Posted by Simplicated View Post
So did this Trojan manage to bypass Gatekeeper?
They must be using some other installer that some legitimate companies have used... But this does seem like something gatekeeper should be able to stop if that isn't the case!
jwsmiths is offline   0 Reply With Quote
Old Dec 13, 2012, 10:09 AM   #11
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
spyguy10709 is offline   20 Reply With Quote
Old Dec 13, 2012, 10:11 AM   #12
mw360
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
From wikipedia:

Quote:
A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.
Quote:
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.
This is neither. Its a plain old scam.
mw360 is offline   11 Reply With Quote
Old Dec 13, 2012, 10:13 AM   #13
D-a-a-n
macrumors regular
 
Join Date: Mar 2010
Quote:
Originally Posted by spyguy10709 View Post
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this
Could you elaborate more on that?
__________________
Zed's dead..
D-a-a-n is offline   1 Reply With Quote
Old Dec 13, 2012, 10:14 AM   #14
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
Quote:
Originally Posted by MacRumors View Post
.....Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009.

Article Link: Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan
Always glad to read those eight words.
macs4nw is offline   0 Reply With Quote
Old Dec 13, 2012, 10:15 AM   #15
Joe-Diver
macrumors 6502
 
Join Date: Aug 2009
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL.
LOL....please learn what a virus is.....and take a look at file permissions (UID/GID)....then maybe you'll understand what is actually happening here.
__________________
24" iMac Aluminum; 17" uMBP (mid 09); 32Gb iPhone4;16Gb iPod Nano 6g Green; 32Gb iPad Air; ATv2
Joe-Diver is offline   4 Reply With Quote
Old Dec 13, 2012, 10:15 AM   #16
gnasher729
In Time-Out
 
Join Date: Nov 2005
Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Since this application is neither a virus nor spyware I'd say people are quite right.
gnasher729 is offline   12 Reply With Quote
Old Dec 13, 2012, 10:15 AM   #17
PowerPCMacMan
Banned
 
Join Date: Jul 2012
Location: PowerPC land
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Quote:
Originally Posted by Sony311 View Post
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

Last edited by dejo; Dec 13, 2012 at 12:40 PM. Reason: Fixed quote.
PowerPCMacMan is offline   1 Reply With Quote
Old Dec 13, 2012, 10:18 AM   #18
GoCubsGo
macrumors Nehalem
 
GoCubsGo's Avatar
 
Join Date: Feb 2005
Oh I send unwanted texts to people all of the time. What's the big deal?
GoCubsGo is offline   3 Reply With Quote
Old Dec 13, 2012, 10:18 AM   #19
DeathChill
macrumors 68000
 
Join Date: Jul 2005
Quote:
Originally Posted by spyguy10709 View Post
No it doesn't. You have to put in your password into the warning that says "this application isn't approved by apple and may cause unintended operation" or something like that.
I don't think it gives you any option to open it if Gatekeeper is active. You can right click it and hit 'Open' or turn off Gatekeeper but I don't think it gives you an option to run it as most people would click okay anyways.
DeathChill is offline   1 Reply With Quote
Old Dec 13, 2012, 10:19 AM   #20
0815
macrumors 65816
 
0815's Avatar
 
Join Date: Jul 2010
Location: here and there
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my password and cell phone number is not scary at all - its a lame phishing attempt that I laugh about.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in their cell phone number - it is almost impossible to protect those people from their own stupidity.

Anyway, glad to see that Apple is trying to protect people from their own stupidity.
__________________
sent from my computer

Last edited by 0815; Dec 13, 2012 at 10:35 AM.
0815 is offline   10 Reply With Quote
Old Dec 13, 2012, 10:19 AM   #21
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by D-a-a-n View Post
Originally Posted by spyguy10709
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this


Could you elaborate more on that?
Sure- to install something in OS X (that does anything without you clicking the icon, like a service or anything like that) requires you to put your password in a box that prevents privilege escalation (basically the OS has complete control over all applications, not the other way around - a virus). If you don't have a password, you just leave the box blank. A program can't put a password into the system, only the user into the system. This prevents programs from replicating (a virus) or taking over the system (like many trojans).
spyguy10709 is offline   0 Reply With Quote
Old Dec 13, 2012, 10:20 AM   #22
mw360
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by PowerPCMacMan View Post
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
How'd you explain Android malware, or iOS malware then? It's really not the CPU that's vulnerable, is the OS. And by the way, OSX, Windows 7/8, and Android aren't even that vulnerable now, it's the users that are the weak link in the chain.

Last edited by dejo; Dec 13, 2012 at 12:40 PM. Reason: Fixed quote.
mw360 is offline   3 Reply With Quote
Old Dec 13, 2012, 10:20 AM   #23
rrahimi
macrumors member
 
Join Date: Sep 2012
Quote:
Originally Posted by spyguy10709 View Post
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this
And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.
rrahimi is offline   7 Reply With Quote
Old Dec 13, 2012, 10:20 AM   #24
spyguy10709
macrumors 6502a
 
Join Date: Apr 2010
Location: One Infinite Loop, Cupertino CA
Quote:
Originally Posted by 0815 View Post
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my cell phone number is not scary at all.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in there cell phone number - it is almost impossible to protect those people from their own stupidity.
It charges you like those "insert your phone number here for unlimited ringtones!! *$9.99 per month" websites.
spyguy10709 is offline   0 Reply With Quote
Old Dec 13, 2012, 10:21 AM   #25
iGrip
Banned
 
Join Date: Jul 2010
Send a message via ICQ to iGrip Send a message via AIM to iGrip Send a message via MSN to iGrip Send a message via Yahoo to iGrip Send a message via Skype™ to iGrip
This is NOT a real trojan. Apple has zero malware. People seem to forget that.
iGrip is offline   4 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 12:04 PM
Problem with some safari malware or trojan inscrewtable Mac Basics and Help 3 Oct 30, 2013 12:01 PM
Malicious Apple Store Gift Card Scam Emails Target Users with Malware MacRumors Mac Blog Discussion 36 Aug 12, 2013 06:23 PM
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware MacRumors MacRumors.com News Discussion 66 Mar 26, 2013 09:22 AM
I want to perform a one-off virus/trojan/malware scan duncyboy OS X 10.8 Mountain Lion 9 Oct 19, 2012 03:32 PM

Forum Jump

All times are GMT -5. The time now is 09:34 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC