Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

[gnasher729]

Here are the steps that you need to perform to get hit:

1. Go to a website that distributes the Trojan.
2. Download a .zip file from the website.
3. Extract the .zip file which contains an app that looks like an installer.
4. Double-click the app.
5. Either have your Mac set up so that it allows launching any app (stupid) or give the app explicitly permission to launch.
6. (New step) Ignore a warning from Apple that this app is dangerous.
7. Enter your phone number and some other number.

You'd have to be _quite_ stupid to be caught by this.

Next I'll send emails to all Mac users in the world "send me your money! " and everyone who sends me money will blame Apple for it.

[spyguy10709]

Quote:

Originally Posted by rrahimi

And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.

It can... as a matter of fact. That's what a virus is. UAC is useless, it's a ripoff of Unix based control - but it's not 100% accurate. Google windows privilege (whoops, slipped on the keys, so shoot me) escalation - and then get back to me. Thanks!

~Amateur Security Researcher

[KdParker]

I really hope that people will not give a cell number just to install some free software.

[SPUY767]

The fact that it says introductio would have given away that it's fake for me.

[0815]

Quote:

Originally Posted by PowerPCMacMan

In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Quote:

No no no ... the 'processor' has nothing to do with viruses or like in this case lame phishing attempts.

It is only that MacOS has finally reached the critical mass that it is more interesting to target mac os users. This would also happened on PowerPC if it would have been more successful during that time.

But anyway - this is still not a real virus - it requires that user to download something, click the installer, enter the password, click through the warnings, enter the SMS and reply to it (or use it's 'code') ... all user initiated, nothing happens hidden in the background.

[KdParker]

Quote:

Originally Posted by gnasher729

Here are the steps that you need to perform to get hit:

1. Go to a website that distributes the Trojan.
2. Download a .zip file from the website.
3. Extract the .zip file which contains an app that looks like an installer.
4. Double-click the app.
5. Either have your Mac set up so that it allows launching any app (stupid) or give the app explicitly permission to launch.
6. (New step) Ignore a warning from Apple that this app is dangerous.
7. Enter your phone number and some other number.

You'd have to be _quite_ stupid to be caught by this.

Next I'll send emails to all Mac users in the world "send me your money! " and everyone who sends me money will blame Apple for it.

That's alot of work to get that trojan.

[Jsameds]

Quote:

Originally Posted by SPUY767

Image
The fact that it says introductio would have given away that it's fake for me.

the 'for MAC on MAC' is a bit of a giveaway aswell

[GCRoberts]

There is another level of security you can easily add. If you contact your cell carrier, they can block any subscriptions being added to your cell phone account. Then, even if you fall for something like described in this thread, it'll still be blocked by the carrier. I use AT&T, and I know they support blocking. I would suspect other carriers could do the same.

[mono1980]

People need to learn the difference between a virus and a trojan.

[oneMadRssn]

Quote:

Originally Posted by rrahimi

And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.

Really? Nothing? How about on that infamous OS, which still has about 3 times as compared to the quantity of mac users. Windows XP (still about 20-35% market share, depending on how you measure) is is certainly able to get have viruses take over the entire os, rendering it practically unfixable, regardless of default security features. Let's not forget the second most popular OS of today.

However, your are correct as to Windows7, which does fare much much better, and has the most users of all.

[rrahimi]

Quote:

Originally Posted by spyguy10709

It can... as a matter of fact. That's what a virus is. UAC is useless, it's a ripoff of Unix based control - but it's not 100% accurate. Google windows privilege (whoops, slipped on the keys, so shoot me) escalation - and then get back to me. Thanks!

~Amateur Security Researcher

Firstly, access control, "superuser" and "userland" have existed in computing long before Unix. Secondly UAC is neither useless nor a ripoff. It is similar in implementation to 'sudo' and that's all. You don't innovate on what is proven to work. It's not a competition. Thirdly, nothing is 100% secure.

I'm amazed that an "Amateur Security Researcher" would post such a meaningless statement and then direct people to "Google it duuude" as proof.

[0815]

Quote:

Originally Posted by GCRoberts

There is another level of security you can easily add. If you contact your cell carrier, they can block any subscriptions being added to your cell phone account. Then, even if you fall for something like described in this thread, it'll still be blocked by the carrier. I use AT&T, and I know they support blocking. I would suspect other carriers could do the same.

This should be the DEFAULT ... too bad the carriers don't care about user protection (guess they get some share of those sales)

[MacFoodPoisoner]

Quote:

Originally Posted by LimeiBook86

Glad to see Apple keeping things up to date.

Not exactly keeping up to date when they managed to compromise at least 500,000 users data last year with the flashback trojan.

So far they 've only been "in talks" with security firms, unless they stop being cheapskates and start purchasing and incorporating some security companies to work on os x's security they won't be able to keep up with half measures. They 've grown way too large to keep ignoring the threats.

So, cough it up apple, we as users have been coughing up 50% margins long enough so you can afford it...

[0815]

Quote:

Originally Posted by oneMadRssn

Really? Nothing? How about on that infamous OS, which still has about 3 times as compared to the quantity of mac users. Windows XP (still about 20-35% market share, depending on how you measure) is is certainly able to get have viruses take over the entire os, rendering it practically unfixable, regardless of default security features. Let's not forget the second most popular OS of today.

However, your are correct as to Windows7, which does fare much much better, and has the most users of all.

So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

[JHankwitz]

Quote:

Originally Posted by Sony311

And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

And people say the earth is flat and man never walked on the moon. So? There are always 'outliers' in every population.

[Sacird]

Quote:

Originally Posted by 0815

So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

God I would be way too freaked over drive by downloads and I am pretty PC savvy, not the best in the world but won't make any really bad mistakes. As far as I am aware of at the moment a fully patched OSX system doesn't have anything that can affect it. I am sure there is one or two though out there but I feel safe with no condom on OSX.

[JHankwitz]

Quote:

Originally Posted by ArtOfWarfare

Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?

They do and they did. That's why Apple sends you an e-mail every time you make an iTunes or Apple account has been charged. Sources of these problems are very hard to track down, if not impossible. If you 'follow the money', the ones that benefit the most from these scams are usually the virus software companies. Without constant attacks, their sales drop significantly.

[oneMadRssn]

Quote:

Originally Posted by 0815

So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

Anymore other than Microsoft's own Windows Security Essentials is superfluous on Win7 at this point. I have stopped using Norton/Symantec/McAfee/Avira/AVG/Avast/etc a while ago on my Win7 computers.

As with every system: the best defense is being ready, so having an automatic nightly backup is most important.

[JHankwitz]

Quote:

Originally Posted by KdParker

I really hope that people will not give a cell number just to install some free software.

There are many people out there that will do anything their computer tells them to do. They even believe what they read on the internet. Go figure.

[futileBuffalo]

For those arguing if Mac is virus free or not, keep in mind that you can never guarantee an operating system to be 100% secure. It might be possible to infest a Mac with a virus.
Here's an exmple. Apple somehow automatically updates the list of malware signatures on your computer. That means when your computer receives a message from Apple, it writes to a file on your computer with (most likely) root privileges. This is a possible attack point, where a hacker could perform a middle man attack and put a malicious payload in the packets.

I'm not saying this is going to work. It most definitely won't. But if you're creative enough, and smart enough, you could maybe find a way to infect the Mac. Nothing is 100% secure. It just so happens that people have spent decades already terrorizing Windows and there are many books to learn how to do this.
Not so much for Mac.

[dreadnort]

If Mac's don't get infected why have they change the 'Why OSX is better' page on their site from Don't get viruses to built to be safe.

On that note

Quote-----------
One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from their often damaging effects.

It's about knowing whats what and how to deal with it. OSX is safer but not immune.
It's only bullet proof until you start shooting at it

[Shrink]

Quote:

Originally Posted by KdParker

That's alot of work to get that trojan.

Slacker!!

If you're not willing to do a little work to get a Trojan, well...you just don't deserve one.

Such laziness!!

[topmounter]

Good News: This "scam" only works on the clinically retarded.

Bad News: The lack of common sense nowadays has crippled a large percentage of the population with a certain level of clinical retardation.

[TallManNY]

Setting aside the installation issue (which we have to do from time to time, I'm looking at you Adobe), I don't get how the payment works though. If your mobile phone is getting debited, then isn't your phone company collecting the money? Since this is an identified scam, why would your phone company be turning that money over to the criminals. And even if the criminals slipped a bunch of installations through before this was identified, shouldn't the phone company have the paper trail that shows which bank the money was sent to? And the bank (at least US banks) are required to be able to identify their customers. Which means there should be a paper trail leading back to the criminals secret lair. Of course there is little chance these criminals are in the US. And banking laws are more relaxed overseas. But still this scam should be traceable or at least intercept-able by the phone company.

[CodeBreaker]

Does GateKeeper allow the installer to run?
In other words, is the installer code signed by a valid developer certificate?