Hackers debut Mac OS X adware

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Nov 25, 2006.

  1. macrumors bot

    Joined:
    Jul 5, 2003
    #1
  2. Moderator emeritus

    Joined:
    Jul 4, 2004
    #2

    Err... should I be worried about this? I suspect not.
     
  3. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #3
    Okay, so I read the article and it caught my attention... but... but... googling only reveals a bunch of other articles digging the same article. Where is this proof of concept? I would like to see some actual evidence... and I'd like to see it analyzed by someone other than a "security" consultant.
     
  4. macrumors 601

    gloss

    Joined:
    May 9, 2006
    Location:
    around/about
    #4
    Of course you should. It's not major, but it is seriously annoying.
     
  5. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #5
    Assuming it isn't vaporware... this announcement sounds somewhat suspicious to me. Like how sarcastic the wording is. But I agree, it is concerning. It seems at the moment that the key piece of the problem on Windows (the ability of COM / ActiveX objects in a web page to install applications through Internet Explorer) is still missing on Macs (and for anyone who uses Firefox)... meaning that the real threat level is still close to zero. But I would still like to see more specifics on how this supposed vulnerability works.
     
  6. macrumors 6502

    Joined:
    Oct 6, 2006
    #6
    It isn't a proof of concept, it's a proof of desperation. If they really had a proof of concept they would have verified that it works before posting about it. Think about it! They say they've got the code, but also say:

    No test? Seriously, if this were real, they'd have run it on at least one test machine.
     
  7. macrumors 65816

    ero87

    Joined:
    Jan 17, 2006
    Location:
    New York City
    #7
    i'm sick of hearing these reports, they frighten me!

    someone tell me when a mac USER, a real one, has a virus. then I guess we should lall be sincerely concerned.
     
  8. macrumors 65816

    iJawn108

    Joined:
    Apr 15, 2006
  9. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
  10. macrumors member

    Joined:
    Mar 22, 2003
    Location:
    Here and there
    #10
    Of course that article is sarcastic and don't have "proof": it's from The Register! They're known for their sarcasm (and decent journalism).

    Go to the linked F-Secure page if you want more details.

    "We recently received a proof-of-concept sample of an adware program. Normally that wouldn't be worth blogging about, but in this case it's for Mac OS X. In theory, this program could be silently installed to your User account and hooked to each application you use… and it doesn't require Administrator rights to do so. We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.

    The result: This particular sample successfully launched the Mac's Web browser when we used any of a number of applications."
     
  11. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #11
    No, I'm sorry, I was talking about the linked F-Secure note, not the Register piece, when I said it sounded sarcastic and fishy. This F-Secure is supposed to be a real industry monitor / consultant / analyst, isn't it? I've never heard of them, but they didn't overtly smell of Onion. And yet... something about this piece strikes me as vaporware. And I'll stick with my statement that I want to see this analyzed by someone with Mac community credibility before I believe it.
     
  12. Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #12
    Really? F-Secure has been around for close to 20 years IIRC. That said, they primarily sell antivirus software, so it's in their best interest to make a big deal out of anything that comes along. (Of course, the flip side is that you'd hope the antivirus people would be among the first to recognize and develop defenses against threats.)

    Like everything coming out these days, I'll wait until these things appear in the wild before I really worry about them. Until then, I'll let the "experts" worry about them.
     
  13. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #13
    Mmm, okay. But something about that note still just does not ring true to me. Maybe it's because it's a blog and the author felt the liberty to not use business diction and phrasing. Nonetheless...we shall see. I don't care so much about the adware part... this is still a local user exploit. *BUT* if this means that software can write to any part of /system, even if only a new file is being created, without admin privilege and without user intervention... something is seriously amuck, and I want Apple to know what. I'm just not convinced it's actually true yet.
     
  14. SMM
    macrumors 65816

    SMM

    Joined:
    Sep 22, 2006
    Location:
    Tiger Mountain - WA State
    #14
    I think we shall see more and more "Fox News" type of anti-Apple reporting. When looking at the thread subject titles, you see many which are barely justified by the actual content. Unfortunately, far too many people do not read beyond that point. My all-time favorite on MR was something like, "New iPod's shoddy construction" (this is just my rendition of the real text, which I do not recall). The actual story was about a guy who fell off his bicycle and landed on the iPod. The case was damaged and the display broken. I have no reason to suspect the user of anything except adding a little humor. Yet, a headline reader would just conclude Apple was having quality issues.

    You know it just irritates the h**l out of Redmond, that Apple does not suffer from the virus/malware issues they do. So, if there is any chance to dispel the Apple invincibility myth, or discredit their security, they will pounce on it. A perfect example of this was during the last presidential election. Gee-Dub did not serve in the military and even his national guard service was under scrutiny. Kerry on the other hand served with distinction in Vietnam.

    The republican machine could not make George a hero, no matter how badly they wanted to. The only choice was to not let Kerry be one. So, they found a couple of fundamentalist, good-old-boys, to come forth, lie through their teeth and throw enough doubt (greatly fanned by Fox, Murdoch and crew) about Kerry's service. It worked like a charm.

    MS has a lot riding on Vista. I think Apple is poised to not only steal their thunder, but to also breakthrough the MS 'mystic'. I have heard many people say (essentially), "the reason Apple has a better OS right now is because MS has been solely focused on developing the ultimate OS". Well, if Redmond cannot deliver, many more people are going to start looking at alternatives.
     
  15. macrumors 68030

    Analog Kid

    Joined:
    Mar 4, 2003
    #15
    The "in theory" part is that it could theoretically do to you what the proof of concept did to their test machine in practice.

    From the description, I'd guess it's using Input Methods as a vector. IM is a feature, but it really should be better protected. Anything placed in IM gets loaded and run by every application launched.
     
  16. macrumors 6502a

    wyatt23

    Joined:
    Mar 7, 2006
    Location:
    Forest Hills, NY
    #16
    cool. i'll believe this when i have to have spyboy for mac, ad-adware for mac, and microsoft defender for mac all simultaneously running on my system.

    'til then... BOGUS~!
     
  17. macrumors 65816

    cwedl

    Joined:
    Jun 5, 2003
    #17
    Whats the point of making stuff like this, on one hand its good that they have found holes in mac osx that hopefully they've notfied apple about but on the other hand they should get a life.
     
  18. macrumors 603

    solvs

    Joined:
    Jun 25, 2002
    Location:
    LaLaLand, CA
    #18
    I'm sorry, but that made me laugh. The Register?

    Yeah, you can pretty much ignore this then.
     
  19. macrumors 68000

    SPUY767

    Joined:
    Jun 22, 2003
    Location:
    GA
    #19
    This item could theoretically be installed in the library of a vulnerable Mac if the user were to follow the instructions in the included text file.
     
  20. macrumors regular

    Joined:
    Sep 24, 2006
    #20
    I'm tellin' ya man.. the more popular OSX becomes, the more stuff like this is going to appear.

    If you're in a band and going to release an album.. what are you going to put it on? Vinyl? 8 Track? Cassette?

    No. You release it on the most common media.

    WinTel machines have like what? 70% of the 'consumer' market? MacOS, Linux, Solaris, BeOS, etc make up the other 30%.

    As Apples market share grows, things like this will pop up with more and more frequency.

    Let's not forget there used to be viruses for MacOS back when they had better market share.. then as that market share slipped into just about nothingness, people just didn't bother writing them anymore.
     
  21. macrumors 6502

    Joined:
    Jun 23, 2005
    #21
    LOL, I remember having those on my last pc years ago.... heck you need it when you have a pc. seriiously...



     
  22. macrumors 68020

    wmmk

    Joined:
    Mar 28, 2006
    Location:
    The Library.
    #22
    amen, brother!

    and i'm sure a lot of people will do this!

    true, but OS X is till more secure than anything based on NT.
     
  23. macrumors regular

    Joined:
    Sep 24, 2006
    #23
    I absolutely agree. And OSX will continue to be my primary OS.

    When I think back to the nightmares I had during my time running XP.. the hundreds of lost hours spent re-installing, cleaning the registry, downloading virus scan updates, anti-spyware applications and updates, having to buy more RAM just to support all the 'protection' that had to constantly run in the background, plus all the money I pissed away on Norton, McAfee, and a host of other things that were supposed to keep my computer virus and spyware free, but didn't.. well.. let's just say i'd have a whole lot more time and money.
     
  24. macrumors 601

    dpaanlka

    Joined:
    Nov 16, 2004
    Location:
    Illinois
  25. macrumors 68020

    someguy

    Joined:
    Dec 4, 2005
    Location:
    Still here.
    #25
    Yep. It's not a threat until it happens to me. That's my take on it.

    Forget all this "theoretically" crap. I don't care what "could" happen "if" a local user were to "follow the directions". Come on... you haxx0rz can do better than that.

    Call me when something actually happens. :rolleyes:
     

Share This Page