Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple and 'Mac Defender' Malware Authors Continue Cat-and-Mouse Game

derbothaus said:
Too bad it is setup in redirects on Google Images. I have had it download at least 10-15 times in the last week. I have all previous 212.x.x.x redirected but they keep switching up the originating IP's.
Click to expand...

I had never seen this before either until I was doing image searches for wallpapers and Keynote images for a presentation the other day and I had this pop up and download like 5 times. It was annoying and I knew not to install it and delete it but it really is out there now!

Sadly there are a lot of ignorant people out there that don't understand much about tech and computers etc. and fall for this crap.
 
dolph0291 said:
You have to be kidding. Credit card fraud, especially on this level, is never small-time in the FBI's eyes. The RIAA has been successful in getting Russian MP3 sites closed, what makes you think the FBI won't be successful here?
Click to expand...
That's exactly what I'm talking about. The RIAA is a huge industry organization with lobbyists out the wazoo.

A few people who fall for an $80 Mac Defender scam means nothing to them.
 
Kilamite said:
This is why the Mac App Store is good.

Ok, you have to be an idiot to install this malware, but if all the main pieces of software for the Mac were available through the Mac App Store, then there wouldn't be a worry. For now.
Click to expand...

Oh if it was only that easy. :rolleyes:
 
Last edited:
C00rDiNaT0r said:
Can't Apple build some kind of sandbox mechanism that simulates an install and scan for text strings like "credit card" from the app's popup dialog boxes? That way they can warn the users before they actually install the app.
Click to expand...

Can't the chimps who have downloaded this malware, stop downloading everything that says "click on me". Nothing will save those people no matter what Apple does.

I have done simple Google search and this malware does not show up, so you have to be bad porn hopping for this stuff to be waiting for you. Come on people going to a bittorrent site when you don't know what your doing who is going to save those people. :D

Maybe when the App Store is stacked wall to wall with every application and games for OS X I still see the chimps getting into trouble. :rolleyes:
 
MacFly123 said:
I had never seen this before either until I was doing image searches for wallpapers and Keynote images for a presentation the other day and I had this pop up and download like 5 times. It was annoying and I knew not to install it and delete it but it really is out there now!

Sadly there are a lot of ignorant people out there that don't understand much about tech and computers etc. and fall for this crap.
Click to expand...

Sorry for you but glad I am not the only one. I thought it may have been time to switch up my DNS to see if things improve. I don't want to do that as my DNS is really fast atm.
 
justinfreid said:
Sure, those are two of the most important vectors, but I think you also have to consider USB memory sticks and network based file sharing, especially with the addition of AirDrop in Lion, as sources of infection.
Apple seems to have chosen to maintain an ever growing blacklist to keep known malware out of OS X. That's a pretty tall order, but hopefully they can stay ahead of the game.
Click to expand...

Software does not auto-launch from USB on OS X.

You are thinking about most versions of windows.

kiljoy616 said:
Can't the chimps who have downloaded this malware, stop downloading everything that says "click on me". Nothing will save those people no matter what Apple does.
Click to expand...

You do not have to click to download.

You just have to go to an infected site and your browser would start downloading the installer, although you still need user to install.
 
kiljoy616 said:
Can't the chimps who have downloaded this malware, stop downloading everything that says "click on me". Nothing will save those people no matter what Apple does.

I have done simple Google search and this malware does not show up, so you have to be bad porn hopping for this stuff to be waiting for you. Come on people going to a bittorrent site when you don't know what your doing who is going to save those people. :D

Maybe when the App Store is stacked wall to wall with every application and games for OS X I still see the chimps getting into trouble. :rolleyes:
Click to expand...

It isn't entirely their fault. Apple defaults downloads to auto open/install (for whatever insane reason). So plenty of blame to go around. And while I agree that the Mac App Store is the solution here, I don't think it is because they're "chimps". They just do not make learning about computers a priority. For quite a few people it is willful choice. And why should they care? You don't need to know how a car works out of fear that it will explode and steal your credit card number (although you should have some knowledge so the repair guy doesn't take you for a ride). iOS has shown that we can lock computers down and they'll still be completely useable and not require people to learn much about them. OS X should default to a locked down mode instead of defaulting to opening stuff up off the internet for you (with a preference to go back to "classic" OS X mode for those who know how to use System Preferences). It won't stop the unethical repair guy from screwing you (like Best Buy and their various Geek Squad "services") but it will stop a majority of the self-inflicted issues.
 
justinfreid said:
Sure, those are two of the most important vectors, but I think you also have to consider USB memory sticks and network based file sharing, especially with the addition of AirDrop in Lion, as sources of infection.
Apple seems to have chosen to maintain an ever growing blacklist to keep known malware out of OS X. That's a pretty tall order, but hopefully they can stay ahead of the game.
Click to expand...

Excuse me, but how are USB sticks an infection vector? This is not Windows, there's no AutoRun 'feature' here...
 
Consultant said:
Software does not auto-launch from USB on OS X.

You are thinking about most versions of windows.
Click to expand...

liam5150 said:
Excuse me, but how are USB sticks an infection vector? This is not Windows, there's no AutoRun 'feature' here...
Click to expand...

I'm not - I'm thinking about vectors of infection, one of them is a user manually copying a file via USB storage or AirDrop and mistaking a disguised file for something benign and then instinctively typing in his password. Apple's current anti-malware blacklist has to check any executed code, not just files recently downloaded by a web browser.
 
Last edited:
iekozz said:
Yes, OS X is more secure than Windows, but it will only be a matter of time before we will get many more virusses on OS X.
Click to expand...
We're still waiting for the first virus to show up. None yet.
iekozz said:
The virusses will be harder to make of course, but it's a logical result of the popularity of the mac platform.
Click to expand...
The market share fallacy has been debunked countless times. It doesn't hold water.
 
Malware attack 6/18/2011

euphlyusUNO said:
The way I see it, there are two major threats\entry points which expose a Mac to malware: Apps & Safari (or any other browser). If Apple has more control over the apps (through Mac App Store), and works MORE (a lot more actually) on Safari's security, then I think the Mac will be a more secure system.
Click to expand...

Went into the App Store app to check on updates. Showed one update for MPlayer. When I clicked update, a small window told me to got to: "http://qzy@mac.com. I entered the url in my Safari browser and it immediately stated "Warning: suspected phishing site." I tried it on an alternate browser and it sent me to what I believe was a phony Apple website.

I ran Virus Barrier X6 on my Applications folder. It wasn't long when I got the alert, ""Malware 'Java/Agent.gen' detected in file 'mozswing-2.0beta2jar'" The App it was located in was "All.com." Java files.

I had virus barrier remove the malware. The problem on the App Store app ceased. This problem had never occurred before. I downloaded All.com in 12/2010 and had never used it. I contacted Apple via email 6/18 and followup by phone today but talked with someone who has no clue about this stuff. He was forwarding it to those skill set can address what happened.
 
kiljoy616 said:
I have done simple Google search and this malware does not show up, so you have to be bad porn hopping for this stuff to be waiting for you.
Click to expand...

So not true. It's coming up in google image searches. I'm sure some are porn but I get it all the time just looking for images for keynotes or wallpapers. I'm not dumb enough to download it, but it's really frustrating having to force quit Safari when you get caught in it's loop.
 
I think the issue we have here is quite interesting. Yes we are playing cat and mouse with the hackers. I think that Apple has the upper hand compared to Windows because they had a system which was relatively virus free so at this point they can use that leverage to plug up the holes that they find before they are hacked. While this won't fix the whole problem it does at least give a good solution. I'm thinking that it might be a good idea for every Mac user to download a virus protection program so they don't end up with viruses on their computer in the future (think of it as installing a home security system in a nice quiet neighborhood where crime is ever moving towards it). The other reason to get a Virus protection software is so that you can watch out for PC viruses. Just because you don't see the virus and you might not even know it exists, it doesn't mean that you could end up sending a folder with a cool download to your friend and wrecking his/her computer.

So yes, as I said before Apple is in a very good situation, and they should do something about it and get the Mac users aware of the situation and get as many as they can to take the right measures while it's early in the game.
 
dolph0291 said:
You have to be kidding. Credit card fraud, especially on this level, is never small-time in the FBI's eyes. The RIAA has been successful in getting Russian MP3 sites closed, what makes you think the FBI won't be successful here?
Click to expand...

There are plenty open. Found out when people discussed iTunes Store vs. Amazon music here and someone proudly posted that he or she got music from this website that was so much cheaper.


NAG said:
It isn't entirely their fault. Apple defaults downloads to auto open/install (for whatever insane reason).
Click to expand...

No automatic install. Automatic start of the Installer, where you have to confirm that you actually want to install the software. Unless the user confirms, nothing will be installed.
 
Tempest, meet teapot.

There are only a very few rules when using a computer. One is never give CC info unless you visit an actual site yourself. There will always be idiots though, and the script kiddies in Asia know this. There is nothing WE can do about it except spout safe computing practices. There is nothing Apple can do about it except play catch-up to the wanna-bes. I like MacKeeper, but I don't care if anyone else buys it. There are solutions, but not for the people who can't add two numbers together. If I sound cruel and uncaring, you are correct.
 
This is ridiculous. I hope they actually catch these criminals. Low lifes. I actually have more respect for an old fashioned mugger than these electronic criminals... People are always messing with other people... hopefully "justice" of some kind will find them...
 
myXProtectStatus Menulet

I made a little system bar menulet with BASH and Platypus that'll give you the version, date, and list of threats in the XProtect.plist for those of you with a voracious appetite for the stats on your computer :)

myXProtectStatus

myXProtect.png
 
Surely the main problem here is people using an administrator account as their usual login? I do exactly the same, but wonder if Apple could/should post an update that creates a new admin account and reduces the access of the current account (for example)?
 
philstubbington said:
Surely the main problem here is people using an administrator account as their usual login? I do exactly the same, but wonder if Apple could/should post an update that creates a new admin account and reduces the access of the current account (for example)?
Click to expand...

Explain why this matters in OS X?
 
philstubbington said:
Surely the main problem here is people using an administrator account as their usual login? I do exactly the same, but wonder if Apple could/should post an update that creates a new admin account and reduces the access of the current account (for example)?
Click to expand...
Whether you use a standard or admin account, it makes no difference.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back