GUASS VIRUS - Do I need to be concerned??

Discussion in 'Current Events' started by Shrink, Aug 13, 2012.

  1. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #1
    First, if I'm in the wrong place, Mods please move this and accept my apologies.

    I've been reading about the Gauss Virus and was wondering if there is any necessity to download the Kaspersky anti-virus.
    I am aware that there has never been a virus in the wild that has infected an OS X system. I know the recommended steps for malware protection (this is to save GGJ some time!:D I also know that a virus is only one type of malware...so let's not get into that whole can of worms!:D).

    I'm just wondering if there has been any information suggesting that the Gauss Virus represents any threat to the Mac user who has all the necessary malware protections in place.
     
  2. macrumors 65832

    wywern209

    Joined:
    Sep 7, 2008
    Location:
    do you rly want to know?
    #2
    no.it's only affected banks in the middle eastern area.
     
  3. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #3
    I, too, was under the impression that it was focused on institutions. But (according to some stuff on CNET), it's spreading out of the Middle East. Not necessarily down to the individual user level...but that's why I was asking if there was anyone knew any information that it might be shifting to the individual user level.

    Thanks for your response...your take, if I'm reading you right, is that it is an "institutional" virus.
     
  4. macrumors G5

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #4
  5. macrumors 65832

    wywern209

    Joined:
    Sep 7, 2008
    Location:
    do you rly want to know?
    #5
    OP the gauss virus was created for the pissing wars between the western gov'ts and the middle eastern ones. The sole purpose of the virus is to gain intelligence on the transactions of those banks in those areas. Unless you have an account with the affected banks, you have nothing to worry about. The NSA has bigger fish to fry.
     
  6. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #6
    Thanks, all, for the responses.

    It was not my impression that it represented a risk to individual users, but it's nice to have some reassurance.

    Again, thanks for your time. :D
     
  7. macrumors newbie

    Joined:
    Apr 22, 2011
    #7
    Your anti-virus software should be able to protect you against it anyhow.

    I use Kaspersky Internet Security 2012 and I wouldn't have even heard of it if they hadn't proactively sent me an email letting me know they are effectively protecting my computer against it. (Good to know they are on top of it, because I sure wasn't.)

    I am sure Norton and the other antivirus vendors are on top of it too.
     
  8. macrumors 603

    Carlanga

    Joined:
    Nov 5, 2009
    Location:
    PR
    #8
    IMO not worth it (yet) to have any type of Antivirus bogging down your OSX system.
     
  9. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #9
    That has always been my approach, and since Gauss seems to be a virus directed at big institutions (e.g. banks) I'm not concerned about it.

    I do have ClamXav, which is really a malware scanner, not a constantly running anti-virus. I run a scan once a month, otherwise it is dormant, not using any system capacity.

    BTW: Every month it finds and quarantines two nastys, both called Heuristic Phishing...

    They don't do anything, and are not transmitted to others (have checked with a friend.) I have no idea where they come from, but I just trash them every month and don't worry about them.

    No harm, no foul...:D
     
  10. macrumors 603

    Carlanga

    Joined:
    Nov 5, 2009
    Location:
    PR
    #10
    That is prob because you are using a mail application. Heuristic ones are phishing emails only AFAIK, so if you don't open the link from the email or reply to it you shouldn't worry. Kinda like emails that get blocked by hotmail by web telling you that the junk email had malware inside. I always run my emails from the web instead of an app, keeps everything more secure.
     
  11. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #11
    This fact is now debatable depending on how one wants to define replication given the versions of Flashback that installed without user interaction.

    To clarify:

    This version of Flashback replicates by loading itself into every app launched by the user if infection method #2 is used. Method #2 requires no user interaction. Although, the user having to log out/in could be considered user interaction.
     
  12. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #12
    Thanks for the information. Yes, I use Mac Mail, but I have never had any problems with the Heuristic malware, so I just dump them at the end of every month, and not worry.

    Interesting. I'm afraid I was just parroting what I have read so many times regarding viruses in the wild never effecting OS X. I am not sophisticated enough to argue the subtleties of the definition of replication. I'll leave it to someone with more technical knowledge than I (which means pretty much everybody) to debate your point.

    However that turns out, thanks for your reply...:D
     
  13. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #13
    Despite however such a debate would turn out, it is important to note that Flashback shows that malware that installs without user interaction in OS X has limited efficacy to impact the users of infected machines more directly.

    Security frameworks, such as NSSecureTextField, prevent malware from compromising more security sensitive actions performed by users by preventing passwords and data entered into secure forms from being logged by keyloggers or copied by form grabbers.

    Compromising such security frameworks requires elevated privileges. Gaining elevated privileges without tricking the user to password authenticate, so via an exploit, is much more difficult in OS X. For example, recent versions of OS X have only contained less than 3 or 4 privilege escalation vulnerabilities (none used in malware; most not inherently useful in malware given certain limitations - locks user out of own system or dependent on non-default software with limited distribution); while, Windows 7 had so far over 60 of these vulnerabilities in just one default process (win32k.sys) with several being exploited in the wild (example = TDL-4).

    Also, Keychain provides much better secure storage than the secure storage found in other operating systems. Keychain achieves this by limiting access to the keychain entries on a per application basis using access control lists.

    The secure storage in Windows doesn't isolate entries on a per application basis. This is shown via password recovery programs available for Windows that show passwords stored by other applications. Malware often leverages this weakness in the secure storage of Windows.

    It should be noted that third party browsers for Mac (Firefox and Chrome) don't utilize keychain for protected storage and have secure storage systems as potentially insecure as that used in Windows.

    Hopefully, this information helps you with your concerns about viruses.
     
  14. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #14
    Thank you for the very useful information.

    I appreciate the time you took to help me understand security a little better. I am extremely concerned about security and try to maintain whatever little privacy still remains.

    Again, thanks...:D
     
  15. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #15
    Even sophisticated phishing emails require a lot of user intervention to be successful.

    These emails only become problematic if you click on links contained within the email and log into the web page reached via the link.

    Using the link causes malicious scripts to be injected into the web page so that the interaction between your browser and the web server hosting the web page becomes compromised such that your login credentials become accessible to the attacker.

    The easiest way to avoid compromise via phishing emails is the following:

    - Check the digital certificate of websites, such as banks and paypal, by clicking the lock icon to see if the certificate belongs to the right organization.

    - Always manually navigate to the logins of encrypted security sensitive websites and never login to these websites from links in emails, email attachments, instant messages, & etc even if the certificate appears to be legitimate. This prevents login credentials from being stolen via advanced phishing techniques that use cross-site scripting.
     
  16. thread starter macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #16
    I'm pretty much up on what you have suggested. I've read enough of GGJstudio's posts :)eek: ;) ) to know never to go to a website through a link in an email. But, once again, thank you for taking the time to give me useful information...one can never be reminded often enough of good security behavior.

    You information is appreciated...:D
     
  17. macrumors 6502

    Joined:
    Aug 14, 2012
    Location:
    In front of my Mac
    #17
    That's debatable. After the Flashback and MacDefender business I decided to install Kaspersky AV 2011 on my MBP and Sophos on my MBA. I got the Kaspersky disk free with the Windows version I bought for my parents' peecees. It probably wasn't necessary but I feel safer using my Macs online with protection ;)
     
  18. macrumors 603

    Carlanga

    Joined:
    Nov 5, 2009
    Location:
    PR
    #18
    Not debatable since by the time a new malware is out apple will send their own fix around the same time as the 3 parties.
     

Share This Page