Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

Ravernomina

macrumors member
Original poster
Nov 15, 2009
43
0
i Was Browsing the Web to find a Shocking bit of Webpage ive ever seen. a new Mac Virus!
EDIT: I USE THE WORD VIRUS AS A COMMON TERM FOR MALEWARE/SPYWARE

Link: http://www.intego.com/news/osx-opin...ed-by-freely-distributed-mac-applications.asp


Description: Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs. OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer.

The information provided with some of these applications contains a misleading text that users must accept explaining that a “market research” program is installed with them, but not all of these specify this. Some of these programs are also distributed directly from developers’ web sites with no such warning.

The malware, a version of which has existed for Windows since 2008, claims to collect browsing and purchasing information that is used in market reports. However, this program goes much further, performing a number of insidious actions, which have led Intego to classify it as spyware.

OSX/OpinionSpy performs the following actions:

This application, which has no interface, runs as root (it requests an administrator’s password on installation) with full rights to access and change any file on the infected user’s computer.
If for any reason the application stops running, it is re-launched via launchd, the system-wide application and service launching facility.
It opens an HTTP backdoor using port 8254.
It scans all accessible volumes, analyzing files, and using a great deal of CPU time. It is not clear what data it copies and sends to its servers, but it scans files on both local and network volumes, potentially opening up large numbers of confidential files on a network to intrusion.
It analyzes packets entering and leaving the infected Mac over a local network, analyzing data coming from and being sent to other computers. One infected Mac can therefore collect a great deal of data from different computers on a local network, such as in a business or school.
It injects code, without user intervention, into Safari, Firefox and iChat, and copies personal data from these applications. Code injection is a form of behavior similar to that of a virus, and this malware “infects” applications when they are running to be able to carry out its operations. (It infects the applications’ code in the Mac’s memory, and does not infect the actual applications’ files on the user’s hard disk.)
It regularly sends data, in encrypted form, to a number of servers using ports 80 and 443. It sends data to these servers about files it has scanned locally, and also sends e-mail addresses, iChat message headers and URLs, as well as other data. This data may include personal data, such as user names, passwords, credit card numbers, web browser bookmarks, history and much more.
Given the type of data that it collects, the company behind this spyware can store detailed records of users, their habits, their contacts, their location and much more.
The application can be upgraded automatically, with new features added, with no user intervention, and without the user being aware of this. It occasionally asks users for information, via the display of dialogs, such as their name, or asks them to fill out surveys.
In some cases, computers with this spyware installed no longer work correctly after a certain period of time; it is necessary to force-reboot such Macs.
If a user deletes the original application or screen saver that installed this spyware, the spyware itself will remain installed and continue to operate.
As can be seen above, this application that purports to collect information for marketing reasons does much more, going as far as scanning all the files on an infected Mac. Users have no way of knowing exactly what data is collected and sent to remote servers; such data may include user names, passwords, credit card numbers and more. The risk of this data being collected and used without users’ permission makes this spyware particularly dangerous to users’ privacy.

The fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat. In addition, the risk of it collecting sensitive data such as user names, passwords and credit card numbers, makes this a very high-risk spyware. While its distribution is limited, we warn Mac users to pay careful attention to which software they download and install.

Means of protection: Intego VirusBarrier X5 and X6 detect and eradicate this malware, which they identify as OSX/OpinionSpy, with their threat filters dated May 31, 2010 or later.


About Intego
Intego develops and sells desktop Internet security and privacy software for Macs.

Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego's multilingual software and support repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan. For further information, please visit http://www.intego.com.
 

spinnerlys

Guest
Sep 7, 2008
14,328
7
forlod bygningen
It's not a virus if it needs installation.

PLEASE READ THIS IF YOU WANT TO KNOW WHAT A VIRUS IS.​



Even though some might get annoyed of reading this, the thread title guy strikes again:


A more descriptive and precise thread title will help cater to the right audience and get you more responses.
To edit your thread title, just click on the
edit.gif
button on the bottom right of your original post and then click the "Go Advanced" button below your message.


Have you also taken a look at http://mroogle.*************/MRoogleSmall.gif, since that question may have been asked several times?
 

wackymacky

macrumors 68000
Sep 20, 2007
1,546
53
38°39′20″N 27°13′10″W
So waht does that tell you.

There is no such thing as a free lunch.

Downloading and installing crappy dubious applications or torrents is fraught with risk.

Not exactly a new issue.

(The only real issue is the fact that Apple markets their computers to non tec savvy people as being safe)
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.