Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 22, 2013, 01:12 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware




Yesterday, word surfaced of new malware targeting major browsers on the Mac platform with adware capable of injecting advertising into users' browsing experiences. The malware, known as "Yontoo", masquerades as a video plug-in or download accelerator in order to trick users into installing the package.

As noted by security firm Intego, Apple has already updated its "Xprotect" anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.
Quote:
Apple has decided the Yontoo Adware has fallen too far on the side of undesirable behavior, as they have released an update to the XProtect.plist definitions file to provide Mac OS X with basic detection for the Yontoo adware as OSX.AdPlugin.i. In testing, it appears this detection is very specific and potentially location-dependent. This extra specificity is likely there so as to catch only the surreptitious installations of this file.
Apple routinely uses its Xprotect anti-malware tools introduced in OS X Snow Leopard to provide rudimentary protection against threats, and has expanded its efforts in OS X Mountain Lion with the introduction of Gatekeeper to allow users to restrict app installation to software from identified developers registered with Apple, or even to only apps installed through the Mac App Store.

Apple has also been using Xprotect to enforce minimum version requirements for plug-ins such as Java and Flash Player, forcing users to upgrade from earlier versions known to have significant security issues.

Article Link: Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware
MacRumors is offline   0 Reply With Quote
Old Mar 22, 2013, 01:15 PM   #2
camnchar
macrumors 6502
 
Join Date: Jan 2006
Location: SLC, Utah
Send a message via AIM to camnchar
But what about my freedom to install adware!
__________________
Apple //c, 1 MHz, 128k RAM, 5.25" floppy drive, 1-button mouse
camnchar is online now   10 Reply With Quote
Old Mar 22, 2013, 01:15 PM   #3
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
gotluck is offline   0 Reply With Quote
Old Mar 22, 2013, 01:16 PM   #4
anzio
macrumors regular
 
Join Date: Dec 2010
Location: Barrie, ON
Great news. Though I've said it before, all software must pass through my built-in antivirus called "common sense." It's updated frequently.

So I'm not too worried.
__________________
15.4" Retina MacBook Pro, 2.6GHz i7, 16GB RAM, 512GB, GT 650M ; iPhone 5s ; iPad 4th-gen ; Apple TV (x2) ; Time Capsule (2TB) ; Other various Apple devices/old laptops. Developer
anzio is offline   18 Reply With Quote
Old Mar 22, 2013, 01:16 PM   #5
Maddix
macrumors member
 
Join Date: Jan 2011
I use openSUSE when I bank online for security reasons.
Maddix is offline   1 Reply With Quote
Old Mar 22, 2013, 01:16 PM   #6
tevion5
macrumors 6502a
 
tevion5's Avatar
 
Join Date: Jul 2011
Location: Ireland
Quote:
Originally Posted by camnchar View Post
But what about my freedom to install adware!
Such freedoms should come with free laxative overdoses.
__________________
13" MBP, 2.3GHz ; iPhone 4s ; iPod Touch 2G ; 23" ACD ; Power Mac G5, 2GHz DC ; Power Mac G4 1GHz DP ; Power Mac 8600 ; Mac Classic II ; Mac 512Ke ; Apple II Plus ; Apple Monitor III
tevion5 is offline   6 Reply With Quote
Old Mar 22, 2013, 01:21 PM   #7
Crzyrio
macrumors 6502a
 
Join Date: Jul 2010
This solution Apple has seems overly simple, or Im I missing something?

Not complaining, its awesome that they found such a simple way of doing this.

Anyone know exactly how this works?
Crzyrio is offline   0 Reply With Quote
Old Mar 22, 2013, 01:21 PM   #8
madsci954
macrumors 68000
 
Join Date: Oct 2011
Location: Ohio
Quote:
Originally Posted by camnchar View Post
But what about my freedom to install adware!
Said no one ever.
madsci954 is offline   7 Reply With Quote
Old Mar 22, 2013, 01:21 PM   #9
HenryDJP
macrumors 68030
 
Join Date: Nov 2012
Location: United States
Quote:
Originally Posted by gotluck View Post
This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
Shouldn't matter much to you since you're running Windows 7...
HenryDJP is offline   4 Reply With Quote
Old Mar 22, 2013, 01:24 PM   #10
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: Rigel IV
Quote:
Originally Posted by gotluck View Post
This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
I'm not following you here. What is the slippery slope toward MS Security Essentials mean?
__________________
It's true, we are aliens. But what are you going to do about it? It's a two-party system. You have to vote for one of us.
SandboxGeneral is online now   2 Reply With Quote
Old Mar 22, 2013, 01:24 PM   #11
epmatsw
macrumors member
 
Join Date: Jun 2007
Quote:
Originally Posted by Crzyrio View Post
This solution Apple has seems overly simple, or Im I missing something?

Not complaining, its awesome that they found such a simple way of doing this.

Anyone know exactly how this works?
It is very simple, and that's cause it's all that's necessary. Malware for OSX doesn't exploit vulnerabilities or security flaws that would allow it to get around this. They literally ask the user for permission to install themselves (thus "trojans"). All this measure does is alert the user if they attempt to grant permission to something that Apple has blacklisted.
__________________
MBP|OSX 10.10|C2D 2.26 ghz|8GB RAM|500GB HD+120GB SSD
iPhone 5|iOS8
epmatsw is offline   3 Reply With Quote
Old Mar 22, 2013, 01:25 PM   #12
Sayer
macrumors 6502a
 
Sayer's Avatar
 
Join Date: Jan 2002
Location: Austin, TX
Quote:
Originally Posted by gotluck View Post
This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
That is why Apple is taking a different track with the "GateKeeper" system that only lets code-signed apps from running, the application "sandbox" model that all App Store apps must use, and doing things in the Kernel to prevent attacks from ever succeeding.

Security should not be a feature that is bolted on after the fact. Security is inherent to the system itself and stuff like plain text passwords should never be saved out to disk via system libraries - they should be hashed and salted always as part of the initial design. And you should trust, but verify any user-provided data and do common-sense safe operations to manipulate user-provided data.
__________________
Obama is a true statesman whose experience as a state senator, half-term US Senator & guest lecturer in a Constitutional Law class has fully prepared him to take control of our nuclear arsenal.-Me
Sayer is offline   1 Reply With Quote
Old Mar 22, 2013, 01:29 PM   #13
Mr Fusion
macrumors 6502a
 
Join Date: May 2007
Quote:
Originally Posted by camnchar View Post
But what about my freedom to install adware!
You joke now...

... Just wait till OS XI debuts and you'll have to wait for the jailbreak to install third-party apps.
Mr Fusion is offline   5 Reply With Quote
Old Mar 22, 2013, 01:39 PM   #14
Amazing Iceman
macrumors 68030
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
Quote:
Originally Posted by camnchar View Post
But what about my freedom to install adware!
I think if you rename the file, it will install. A little extra work, but this way you can get your freedom back.
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   3 Reply With Quote
Old Mar 22, 2013, 01:40 PM   #15
Ochyandkaren
macrumors 6502
 
Join Date: Apr 2010
Location: Lisbon
Send a message via AIM to Ochyandkaren
Quote:
Originally Posted by camnchar View Post
But what about my freedom to install adware!
Indeed!
The Tea Party way!
__________________
27˝ iMac Core i7 with 12GB, 17" iMac G4, 20" iMac, 2 GHz, 2 GB RAM, 1 TB HD ; 8 GB iPodTouch 3rd Gen, My CG Portfolio
Ochyandkaren is offline   3 Reply With Quote
Old Mar 22, 2013, 01:43 PM   #16
turtlez
Banned
 
Join Date: Jun 2012
one tiny string from Apple and boom, instantly stopped a "half virus". I'd love to see MS pull that off.

----------

Quote:
Originally Posted by Mr Fusion View Post
You joke now...

... Just wait till OS XI debuts and you'll have to wait for the jailbreak to install third-party apps.
not if we don't upgrade
turtlez is offline   1 Reply With Quote
Old Mar 22, 2013, 01:52 PM   #17
cgc
macrumors 6502a
 
Join Date: May 2003
Location: Utah
Quote:
Originally Posted by turtlez View Post
one tiny string from Apple and boom, instantly stopped a "half virus". I'd love to see MS pull that off.

----------



not if we don't upgrade
They'll force you..."all your OS updates are belong to us!"
__________________
"Like a midget at a urinal, I was going to have to stay on my toes." Frank Drebin, Naked Gun 33 1/3: The Final Insult
cgc is offline   0 Reply With Quote
Old Mar 22, 2013, 01:53 PM   #18
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by Crzyrio View Post
This solution Apple has seems overly simple, or Im I missing something?

Not complaining, its awesome that they found such a simple way of doing this.

Anyone know exactly how this works?
Some poor guy at Apple had to download the software, then Apple examined it, and found how to identify it. Any software that you download is checked against a growing list of software that Apple recommends _very_ urgently to not install, and this software is on the list.

These guys will probably modify their software so it won't be recognized, try to spread it again, Apple will block it again, and that will be repeated a few times. By that time this will become too costly and they give up. That's probably the intention behind a simple check that they can get around: To add cost to the malware creators. Since nowadays the purpose of creating malware is making money, making it costly deters them.
gnasher729 is offline   1 Reply With Quote
Old Mar 22, 2013, 01:55 PM   #19
zachkolk
macrumors member
 
Join Date: Jun 2010
Location: America
Quote:
Originally Posted by anzio View Post
Great news. Though I've said it before, all software must pass through my built-in antivirus called "common sense." It's updated frequently.

So I'm not too worried.
I have plenty of common sense and have no clue when I installed it. I only saw ads in Google Chrome (which I rarely use), which is why I'm not sure when. I was actually able to browse the package contents of Chrome and delete it off my Mac before Apple recognized it as adware.
zachkolk is offline   0 Reply With Quote
Old Mar 22, 2013, 02:10 PM   #20
turtlez
Banned
 
Join Date: Jun 2012
I get the mac keeper pop up when visiting certain sites a couple of times a week recently but when it was bigger news I never ever got the popup haha. I would have thought Apple would implement a mackeeper blocker in Safari or os x by now.
turtlez is offline   0 Reply With Quote
Old Mar 22, 2013, 03:45 PM   #21
pooprscooper
macrumors regular
 
Join Date: Aug 2008
Quote:
Originally Posted by Amazing Iceman View Post
I think if you rename the file, it will install. A little extra work, but this way you can get your freedom back.
I hope that's not true, otherwise this X.protect is useless as botnet owners would have already changed the name of the file by now.
__________________
pooprscooper is offline   0 Reply With Quote
Old Mar 22, 2013, 03:54 PM   #22
Silvereel
macrumors 6502
 
Join Date: Jan 2010
Quote:
Originally Posted by turtlez View Post
I get the mac keeper pop up when visiting certain sites a couple of times a week recently but when it was bigger news I never ever got the popup haha. I would have thought Apple would implement a mackeeper blocker in Safari or os x by now.
Unfortunately, MacKeeper isn't malware per se. It's just a really bad app that can wreak havoc on some systems. Heck, Macworld gave it a 3.5 out of 5 review!
Silvereel is offline   0 Reply With Quote
Old Mar 22, 2013, 04:23 PM   #23
Amazing Iceman
macrumors 68030
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
Quote:
Originally Posted by pooprscooper View Post
I hope that's not true, otherwise this X.protect is useless as botnet owners would have already changed the name of the file by now.
Well, I hope the same, but that .plist file shown above seems to only register the name of the file. I don't see any kind of CRC or any other identifier.

I really hope there are more identifiers!
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   0 Reply With Quote
Old Mar 22, 2013, 04:24 PM   #24
Mike MA
macrumors 6502a
 
Mike MA's Avatar
 
Join Date: Sep 2012
Location: Germany, Europe
Quote:
Originally Posted by gotluck View Post
For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
Isn't it already there? I mean, why do we need to manage it ourselves - I like this approach. It just works (in the background)
__________________
Macbook Air 13" (late 2010) - Apple TV2 - Time Capsule - iPhone 4
Mike MA is offline   0 Reply With Quote
Old Mar 22, 2013, 04:46 PM   #25
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by SandboxGeneral View Post
I'm not following you here. What is the slippery slope toward MS Security Essentials mean?
MS Security Essentials is a free antivirus/malware maintained by Microsoft. If the user has it installed (and has Windows Update enabled), you really have to screw up to get your machine infected. It is always using system resources. I've always viewed the lack of a need to waste resources running AV as a great advantage of OSX. xProtect seems like a gateway drug to a full AV and a 'waste' of system resources. ...Well, maybe it's a personal problem that I hate to waste power on AV

----------

Quote:
Originally Posted by HenryDJP View Post
Shouldn't matter much to you since you're running Windows 7...
Well, I like OSX enough to buy a headless, upgradable Mac if Apple made one..
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
gotluck is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 11:04 AM
Anti Virus / Malware / Spyware / Adware Augustine864 Mac Applications and Mac App Store 21 Jun 24, 2013 11:41 AM
New 'Yontoo' Adware Trojan Targets Major Browsers on OS X MacRumors MacRumors.com News Discussion 124 Mar 23, 2013 12:08 PM
Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in MacRumors MacRumors.com News Discussion 40 Mar 9, 2013 04:46 PM
Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan MacRumors MacRumors.com News Discussion 94 Dec 26, 2012 02:39 PM

Forum Jump

All times are GMT -5. The time now is 07:02 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC