Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Mar 22, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Yesterday, word surfaced of new malware targeting major browsers on the Mac platform with adware capable of injecting advertising into users' browsing experiences. The malware, known as "Yontoo", masquerades as a video plug-in or download accelerator in order to trick users into installing the package.

    [​IMG]
    As noted by security firm Intego, Apple has already updated its "Xprotect" anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.
    Apple routinely uses its Xprotect anti-malware tools introduced in OS X Snow Leopard to provide rudimentary protection against threats, and has expanded its efforts in OS X Mountain Lion with the introduction of Gatekeeper to allow users to restrict app installation to software from identified developers registered with Apple, or even to only apps installed through the Mac App Store.

    Apple has also been using Xprotect to enforce minimum version requirements for plug-ins such as Java and Flash Player, forcing users to upgrade from earlier versions known to have significant security issues.

    Article Link: Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware
     
  2. macrumors 6502

    Joined:
    Jan 26, 2006
    Location:
    SLC, Utah
    #2
    But what about my freedom to install adware!
     
  3. macrumors 601

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #3
    This is a very good thing, not trying to be critical.

    But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
     
  4. macrumors regular

    Joined:
    Dec 5, 2010
    Location:
    Barrie, ON
    #4
    Great news. Though I've said it before, all software must pass through my built-in antivirus called "common sense." It's updated frequently.

    So I'm not too worried.
     
  5. macrumors member

    Joined:
    Jan 25, 2011
    #5
    I use openSUSE when I bank online for security reasons.
     
  6. macrumors 65816

    tevion5

    Joined:
    Jul 12, 2011
    Location:
    UCD, Ireland
    #6
    Such freedoms should come with free laxative overdoses.
     
  7. macrumors 6502a

    Joined:
    Jul 6, 2010
    #7
    This solution Apple has seems overly simple, or Im I missing something?

    Not complaining, its awesome that they found such a simple way of doing this.

    Anyone know exactly how this works?
     
  8. macrumors 68020

    Joined:
    Oct 14, 2011
    Location:
    Ohio
    #8
    Said no one ever.
     
  9. macrumors 601

    Joined:
    Nov 25, 2012
    Location:
    United States
    #9
    Shouldn't matter much to you since you're running Windows 7...
     
  10. Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Detroit, Michigan
    #10
    I'm not following you here. What is the slippery slope toward MS Security Essentials mean?
     
  11. macrumors member

    Joined:
    Jun 18, 2007
    #11
    It is very simple, and that's cause it's all that's necessary. Malware for OSX doesn't exploit vulnerabilities or security flaws that would allow it to get around this. They literally ask the user for permission to install themselves (thus "trojans"). All this measure does is alert the user if they attempt to grant permission to something that Apple has blacklisted.
     
  12. macrumors 6502a

    Sayer

    Joined:
    Jan 4, 2002
    Location:
    Austin, TX
    #12
    That is why Apple is taking a different track with the "GateKeeper" system that only lets code-signed apps from running, the application "sandbox" model that all App Store apps must use, and doing things in the Kernel to prevent attacks from ever succeeding.

    Security should not be a feature that is bolted on after the fact. Security is inherent to the system itself and stuff like plain text passwords should never be saved out to disk via system libraries - they should be hashed and salted always as part of the initial design. And you should trust, but verify any user-provided data and do common-sense safe operations to manipulate user-provided data.
     
  13. macrumors 6502a

    Mr Fusion

    Joined:
    May 7, 2007
    #13
    You joke now...

    ... Just wait till OS XI debuts and you'll have to wait for the jailbreak to install third-party apps. ;)
     
  14. macrumors 68030

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #14
    I think if you rename the file, it will install. A little extra work, but this way you can get your freedom back. :D
     
  15. macrumors 6502

    Joined:
    Apr 3, 2010
    Location:
    Lisbon
    #15
    Indeed!
    The Tea Party way!
     
  16. macrumors 6502a

    turtlez

    Joined:
    Jun 17, 2012
    #16
    one tiny string from Apple and boom, instantly stopped a "half virus". I'd love to see MS pull that off.

    ----------

    not if we don't upgrade ;)
     
  17. cgc
    macrumors 6502a

    Joined:
    May 30, 2003
    Location:
    Utah
    #17
    They'll force you..."all your OS updates are belong to us!"
     
  18. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #18
    Some poor guy at Apple had to download the software, then Apple examined it, and found how to identify it. Any software that you download is checked against a growing list of software that Apple recommends _very_ urgently to not install, and this software is on the list.

    These guys will probably modify their software so it won't be recognized, try to spread it again, Apple will block it again, and that will be repeated a few times. By that time this will become too costly and they give up. That's probably the intention behind a simple check that they can get around: To add cost to the malware creators. Since nowadays the purpose of creating malware is making money, making it costly deters them.
     
  19. macrumors member

    Joined:
    Jun 4, 2010
    Location:
    North Carolina, USA
    #19
    I have plenty of common sense and have no clue when I installed it. I only saw ads in Google Chrome (which I rarely use), which is why I'm not sure when. I was actually able to browse the package contents of Chrome and delete it off my Mac before Apple recognized it as adware.
     
  20. macrumors 6502a

    turtlez

    Joined:
    Jun 17, 2012
    #20
    I get the mac keeper pop up when visiting certain sites a couple of times a week recently but when it was bigger news I never ever got the popup haha. I would have thought Apple would implement a mackeeper blocker in Safari or os x by now.
     
  21. macrumors regular

    Joined:
    Aug 5, 2008
    #21
    I hope that's not true, otherwise this X.protect is useless as botnet owners would have already changed the name of the file by now.
     
  22. macrumors 6502

    Joined:
    Jan 19, 2010
    #22
    Unfortunately, MacKeeper isn't malware per se. It's just a really bad app that can wreak havoc on some systems. Heck, Macworld gave it a 3.5 out of 5 review! :eek:
     
  23. macrumors 68030

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #23
    Well, I hope the same, but that .plist file shown above seems to only register the name of the file. I don't see any kind of CRC or any other identifier.

    I really hope there are more identifiers! :eek:
     
  24. macrumors 65816

    Mike MA

    Joined:
    Sep 21, 2012
    Location:
    Germany, Europe
    #24
    Isn't it already there? I mean, why do we need to manage it ourselves - I like this approach. It just works (in the background) :D
     
  25. macrumors 601

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #25
    MS Security Essentials is a free antivirus/malware maintained by Microsoft. If the user has it installed (and has Windows Update enabled), you really have to screw up to get your machine infected. It is always using system resources. I've always viewed the lack of a need to waste resources running AV as a great advantage of OSX. xProtect seems like a gateway drug to a full AV and a 'waste' of system resources. ...Well, maybe it's a personal problem that I hate to waste power on AV

    ----------

    Well, I like OSX enough to buy a headless, upgradable Mac if Apple made one..
     

Share This Page