Go Back   MacRumors Forums > Apple Systems and Services > OS X

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 20, 2009, 06:05 AM   #1
Asgerhj
macrumors newbie
 
Join Date: Aug 2009
Antivrus /malware in Snow Leopard?

Hi

Yesterday I googled for reviews of the new Playstation 3 Slim and came across a site, which looked like having a video-review.
But clicking on the player a “QuickTimeUpdate.dmg” started downloading and mounted automatically.
Suddenly the following warning appeared:

“install.pkg” will damage your computer. You should move it to the Trash.

“install.pkg” is on the disk image “QuickTimeUpdate.dmg”. Safari downloaded this disk image today at 23.25 from redrocktube.com. It contains the “OSX.RSPlug.A” malware.

I booted into Leo and tried the same procedure and got NO warning.
Scanning the .dmg with ClamXav I got a warning.


So what I am basically trying to say is:

1: I wasn't aware that SL has built in some kind of Antivirus/malware. Were you?

2: Take care - don't feel too secure running a Mac (I still hear lots of people telling lots of other people that there is no reason to fear malware on the Mac platform......)
Others say that the only way to get infected on a Mac is if you install the malware yourself (hence you are stupid) - but that is the whole point in trojans: You think that you are installing something useful, but...

For my part, I was sceptical about the download, because QT updates doesn't work that way, but had it been named e.g. "videocodec.dmg" I am not sure that I wouldn't have installed it....
Hopefully ClamXav would have caught it!
Asgerhj is offline   0 Reply With Quote
Old Aug 20, 2009, 06:07 AM   #2
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by Asgerhj View Post
“QuickTimeUpdate.dmg” started downloading and mounted automatically.
Turn off "Open Safe files after downloading ..." in Safari, and it won't be a problem.
r.j.s is offline   0 Reply With Quote
Old Aug 20, 2009, 06:10 AM   #3
RemarkabLee
macrumors 6502a
 
Join Date: Nov 2007
Interesting.

Would be nice if SL had this added protection. Was it a system warning or Safari? Are you running the same version on Leopard (4.0.3?)
RemarkabLee is offline   0 Reply With Quote
Old Aug 20, 2009, 06:11 AM   #4
Asgerhj
Thread Starter
macrumors newbie
 
Join Date: Aug 2009
Quote:
Originally Posted by r.j.s View Post
Turn off "Open Safe files after downloading ..." in Safari, and it won't be a problem.
Yeah, it would be a problem if I didn't suspect that the .pkg could harm me!
Asgerhj is offline   0 Reply With Quote
Old Aug 20, 2009, 06:12 AM   #5
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by Asgerhj View Post
Yeah, it would be a problem if I didn't suspect that the .pkg could harm me!
Actually, thinking about it ... I think Leopard does the same thing. Whenever you download an app, it will ask you if you are sure you want to run it, because it was downloaded from the internet and may harm your computer.

In Leopard:
Click image for larger version

Name:	Picture 1.png
Views:	64
Size:	40.0 KB
ID:	189247
r.j.s is offline   0 Reply With Quote
Old Aug 20, 2009, 06:14 AM   #6
Asgerhj
Thread Starter
macrumors newbie
 
Join Date: Aug 2009
[QUOTE=Would be nice if SL had this added protection. Was it a system warning or Safari? Are you running the same version on Leopard (4.0.3?)[/QUOTE]

Same version, 4.0.3

I think it was a system warning, because it appeared after mounting the .dmg.
I didn't launch the .pkg so it seems that SL scans .dmgs on mount.
Asgerhj is offline   0 Reply With Quote
Old Aug 20, 2009, 06:17 AM   #7
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Can anyone else running SL confirm this?
r.j.s is offline   0 Reply With Quote
Old Aug 20, 2009, 06:19 AM   #8
RemarkabLee
macrumors 6502a
 
Join Date: Nov 2007
Quote:
Originally Posted by Asgerhj View Post
Same version, 4.0.3

I think it was a system warning, because it appeared after mounting the .dmg.
I didn't launch the .pkg so it seems that SL scans .dmgs on mount.
Perhaps it scans the 'downloaded from' location and compared it to a blacklist, either as part of the system or an online database. Would be a nicer alternative to a traditional daemon that scans all file activity - yeuch!
RemarkabLee is offline   0 Reply With Quote
Old Aug 20, 2009, 06:24 AM   #9
Asgerhj
Thread Starter
macrumors newbie
 
Join Date: Aug 2009
Quote:
Originally Posted by r.j.s View Post
Actually, thinking about it ... I think Leopard does the same thing. Whenever you download an app, it will ask you if you are sure you want to run it, because it was downloaded from the internet and may harm your computer.
Well, the warning I got is different from the Leo-warning you mention:
1. You were launching an app - I wasn't
2. "My" warning also points out the exact malware (later confirmed by ClamXav)


I could post the link so you could try for yourself, but I don't want to because of the risk...
But read my 1.st post, and do a bit of googling then you can find it.
BUT BEWARE!!!! This is a LIVE TROJAN
Asgerhj is offline   0 Reply With Quote
Old Aug 20, 2009, 06:27 AM   #10
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by Asgerhj View Post
Well, the warning I got is different from the Leo-warning you mention:
1. You were launching an app - I wasn't
2. "My" warning also points out the exact malware (later confirmed by ClamXav)


I could post the link so you could try for yourself, but I don't want to because of the risk...
But read my 1.st post, and do a bit of googling then you can find it.
BUT BEWARE!!!! This is a LIVE TROJAN
At first you didn't say you didn't run the package ... once you did add that part, I saw the difference.
r.j.s is offline   0 Reply With Quote
Old Aug 20, 2009, 06:31 AM   #11
uaecasher
macrumors 65816
 
uaecasher's Avatar
 
Join Date: Jan 2009
Location: Stillwater, OK
Send a message via AIM to uaecasher Send a message via MSN to uaecasher Send a message via Yahoo to uaecasher
Quote:
Originally Posted by r.j.s View Post
Can anyone else running SL confirm this?
yes it has the same thing, will post screen shot soon
uaecasher is offline   0 Reply With Quote
Old Aug 20, 2009, 11:54 AM   #12
stainlessliquid
macrumors 68000
 
Join Date: Sep 2006
You have to wonder what possesses apple to think forcefully downloading files whether you want them or not is a good feature for Safari, and then opening them by default...(PDF's and certain image formats are NOT "safe" files, same with quicktime) Its like theyre stuck in 1995 where people think the internet is safe and all downloads are useful. Not only is it extremely annoying, its just outright stupid.
stainlessliquid is offline   0 Reply With Quote
Old Aug 20, 2009, 01:49 PM   #13
MisterMe
macrumors G4
 
Join Date: Jul 2002
Location: USA
Quote:
Originally Posted by Asgerhj View Post
Hi

Yesterday I googled for reviews of the new Playstation 3 Slim and came across a site, which looked like having a video-review.
But clicking on the player a “QuickTimeUpdate.dmg” started downloading and mounted automatically.
...
I'm having a really difficult time trying to figure out what you are getting at. Everyone with the sense God gave red brick knows that MacOS X system software comes exclusively from Apple and no one else. QuickTime is MacOS X system software. It is available nowhere except Apple. New releases are available exclusively through Apple's website. Updates are available via Software Update or via download from Apple's website. Unless you are dumber than a bag of hammers, there is no way to fool anyone into downloading malware that pretends to be QuickTime.
__________________
Neither a borrower nor a lender be
For loan oft loses both itself and friend
William Shakespeare from Hamlet
MisterMe is offline   0 Reply With Quote
Old Aug 25, 2009, 04:34 PM   #14
jav6454
macrumors G5
 
jav6454's Avatar
 
Join Date: Nov 2007
Location: 1 Geostationary Tower Plaza
This is really In-te-resting..... to say the least. Snow Leopard is actually scanning your files before mounting, just in case.
__________________
Al MacBook 2.4GHz Late '08 | 5 S⃣ | Macross Click Me
jav6454 is offline   0 Reply With Quote
Old Aug 25, 2009, 05:22 PM   #15
tvon
macrumors newbie
 
Join Date: Aug 2006
Quote:
Originally Posted by MisterMe View Post
I'm having a really difficult time trying to figure out what you are getting at. Everyone with the sense God gave red brick knows that MacOS X system software comes exclusively from Apple and no one else. QuickTime is MacOS X system software. It is available nowhere except Apple. New releases are available exclusively through Apple's website. Updates are available via Software Update or via download from Apple's website. Unless you are dumber than a bag of hammers, there is no way to fool anyone into downloading malware that pretends to be QuickTime.
I think maybe you should re-read the original post, you seem to have misunderstood and entirely missed the point.
tvon is offline   0 Reply With Quote
Old Aug 25, 2009, 05:33 PM   #16
haineuxApple
macrumors newbie
 
Join Date: Aug 2009
Please provide the link to the page where the virus-ridden package is.

I promise to use these powers only for good -- or for awesome.
haineuxApple is offline   0 Reply With Quote
Old Aug 26, 2009, 02:56 AM   #17
richard.mac
macrumors 603
 
richard.mac's Avatar
 
Join Date: Feb 2007
Location: 51.50024, -0.12662
Send a message via Skype™ to richard.mac
here is a link i found to test the anti malware protection in Snow Leopard (ive left it unlinkable on purpose to protect unsuspecting downloads)

fishwildlife.org/lurd.php?sodini+blog WARNING: This URL contains malware and if installed will infect your Mac.

when the disk image is mounted (may mount automatically when downloaded if you have this set in Safari) and the installer package is opened this message appears

here is the help document that opens once you click the purple help button

Quote:
What is malware?

If a warning message tells you that something you have downloaded from the Internet is “malware,” you should exercise caution. The safest action is to put the item in the Trash, and then empty the Trash.

Malware is an abbreviated term for malicious software. Malware includes viruses, worms, trojan horses, and other types of software that can damage your system or violate your privacy. Malware can be installed on your computer when you download content or applications from the Internet, either from email or websites.

Certain instances of malware are merely harmless or annoying. More often, its intent is to take control of your computer to collect personal information, host illegal content, send spam email, or cause harm to other systems on the network. Personal information that’s collected often includes credit card, banking accounts, social security numbers, or other identifying information leading to identity theft and financial loss.

Avoid opening items downloaded from websites and email messages unless you are certain that they come from a legitimate, trusted source. If you are uncertain about the source of a downloaded item, it is best to delete the item. You can always download it again later, after you have made certain that the item is not malware.

This article provides safety tips for handling email attachments and content downloaded from the Internet:

Apple Support article: Safety tips for handling email attachments and content downloaded from the Internet
__________________
If you can't innovate, you just imitate, but it's never quite as good as the original.
Hackintosh - Core i5 4670K, Z87X, 7870XT, 16GB RAM, 128GB SDD | MacBook Air 13" 2013 | iPhone 6 16GB JB
richard.mac is offline   0 Reply With Quote
Old Aug 26, 2009, 06:26 AM   #18
ceezy3000
macrumors 6502
 
Join Date: Jan 2009
Location: The Valley!!
dam thats a nifty feature
__________________
Collector's Edition Aluminum Macbook 2.4Ghz 2gb Ram 250GB HDD
ceezy3000 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iMac was running Snow Leo; Genius put Mtn Lion; I NEED Snow Leopard back; have disk SophiaSapphire Mac Basics and Help 14 Oct 20, 2013 01:17 PM
Leopard to Snow Leopard on MBP 2009 - worth it? uncleMonty OS X 6 Feb 17, 2013 01:28 PM
Downgrading from Lion to Snow using time machine and USB (Snow Leopard) djarsalan2006 OS X 0 Jan 19, 2013 12:37 AM
Upgrade Leopard to Snow Leopard 2008 iMac? roberttrussell MacBook 1 Nov 18, 2012 06:02 PM
Syncing iPhone 5 on PPC Leopard via a Snow Leopard Macbook Jethryn Freyman PowerPC Macs 2 Oct 2, 2012 09:09 AM

Forum Jump

All times are GMT -5. The time now is 04:10 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC