Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

[henchman]

A Trojan is a program that hides what it really does by pretending to be something else. Trojan Horse, Greek mythology, blah blah blah. They left the thing at the gates and the folks from Troy voluntarily brought it inside, thinking it was something else.

A virus shows up on its own, through nothing of your own doing, and replicates itself as it spreads around. You catch a flu bug through no special action of your own, but you do end up passing it on to the other folks living in your house.

Ultimately you choose to bring in a Trojan Horse (like Mac Defender). You don't choose to bring in a virus.

And the results are the same.
And youbpretty much get both the same way.
Gong to dubious sites. And downloading dubious software from dubious sites.
I have my computer Hooke dup ton the Internet 24/7 and have never had an infection.
Bo require actions form the user.

 

[samcraig]

Just because someone has used computers for any period of time doesn't mean they're fully informed about them. I know people that have been driving cars for 50+ years, but still don't know how to change spark plugs.

It's not, actually. It's not semantics; it's a noticeable and important difference.

I would agree with you. But in this particular instance - it really doesn't matter. The heart of the matter is that this infection is happening because it's being installed out of fear because of viruses, trojans and worms. It's important because Apple has/is generally not a target. It's also important because, as the article states, there has been a surge in call volume about the issue.

So whether it's a virus, worm or trojan doesn't matter AS MUCH as the education of everyone on how to protect/defend and avoid getting them in the first place.

And that starts by not assuming or stating that someone who "has it" is an idiot, moron, etc. And also by admitting that ALL systems are vulnerable.

What good will that do now that Wave is up and running, every single call is being recorded and calls are randomly (or specifically if they suspect something) reviewed?

Did you read the article? They address this. Maybe you skimmed?

 

[Mebsat]

It's out there...

This tried to install on my MacBook Pro last night and I immediately cancelled and deleted the file ASAP!
And for the record I got this after clicking on a link from Yahoo! News.

It automatically downloaded on my machine as well.
(From a result in a google search)

Likely there will be many different names for the .zip file
I got "anti-malware.zip"

Straight to trash, secure delete, moving on.

 

[GGJstudios]

And the results are the same.
And youbpretty much get both the same way.
Gong to dubious sites. And downloading dubious software from dubious sites.
I have my computer Hooke dup ton the Internet 24/7 and have never had an infection.
Bo require actions form the user.

The MacDefender trojan can be encountered without visiting dubious sites or downloading software from such sites. It can be encountered by an innocent Google image search, regardless of the type of image. A virus can be encountered without visiting such sites, simply by connecting an external hard drive, connecting to a network, opening an email attachment, etc. A user wouldn't even know when the virus has infected their system, unless they had antivirus running.

 

[NightFox]

The level of elitism going in in this thread is disgusting.

Agree, there's a lot of arrogance on here. Don't people realise that there's a computer in nearly every home now in most developed countries and a lot of those are Macs? The fact that many of the users don't know what they shouldn't do is nothing to do with idiocy, IQ, intelligence, call it what you like. It's knowledge/education. We're geeks, we know these things, but for many, many people a computer is just another household appliance like a washing machine or central heating boiler. Does me not having a detailed knowledge of my boiler beyond how to use it day-to-day make me an idiot?

So, to all those saying you deserve what you get, do you really think it's fair to throw that at the majority of people out there? Yes, the general level of knowledge these days is probably that most people have heard of computer viruses and know they are bad. So when a window pops up that says they've got a virus, press this button to clean it up, who's the idiot - the person who presses the button in the mistaken belief that they are doing the right thing, or the person who just ignores it and carries on?

 

[notjustjay]

And the results are the same.
And youbpretty much get both the same way.
Gong to dubious sites. And downloading dubious software from dubious sites.
I have my computer Hooke dup ton the Internet 24/7 and have never had an infection.
Bo require actions form the user.

I used to think that way too, but things are different now. I used to be confident that if I didn't open unwanted email attachments, or download sketchy files, I could never accidentally execute the virus code and I had no need to worry.

When the ILOVEYOU virus happened and I started getting spammed with emails with the "ILOVEYOU" subject line, I deleted them all. And laughed at the people who were gullible enough to fall for it.

Then my first virus infection happened, at work, in 2001, a nasty little thing called NIMDA. I was just typing away in Word and noticed my hard drive was grinding more and more and more, and the computer got slower and slower and slower. That was it. I was infected. No action on my own, this thing apparently found its way in through some shared networking vulnerability. NO action required from the user (obviously it was some system background process that set it off).

Recently I plugged a USB stick into my Mac and found a .vbs file that was never there before. It was put there by the last PC that the USB stick had been plugged into. And had I plugged the stick into my PC first, instead of my Mac, I would have been infected by something which took advantage of some sort of auto-run scripting vulnerability. Sure, it was through an action of my own, but "plug in a USB stick" isn't an unusual action at all.

 

[RichardI]

Isn't that a program that was advertised on this website, or was that just a program that sounded the same?

 

[samcraig]

So, to all those saying you deserve what you get, do you really think it's fair to throw that at the majority of people out there? Yes, the general level of knowledge these days is probably that most people have heard of computer viruses and know they are bad. So when a window pops up that says they've got a virus, press this button to clean it up, who's the idiot - the person who presses the button in the mistaken belief that they are doing the right thing, or the person who just ignores it and carries on?

Well exactly. And according to "lore" - Apple's don't have these issues. Ad campaigns have been built around it. People are bombarded with the messaging that Apple computers just work... that they don't get viruses, etc. So when the average Joe is surfing the net or opens a file - they, because of the collective messaging they have been led to understand wouldn't think for a SECOND that they'd get infected.

I've said it before and I'll say it again. Apple "fanatics" can't have it both ways. They can't say that Apple computers are for everyone and anyone because you don't need to be a techie to understand them and then expect or laugh at others for not being technically inclined.

 

[LagunaSol]

My Microsoft-lovin' IT buddy is taunting me with this. A drop of rain just fell on Mac users' heads, while he and the Windows Horde are still drinking from the firehose every day. Yet still he feels entitled to gloat. Go figure.

They are definitely elated to share their misery, at least in this case a minuscule portion.

 

[munkery]

How does Ed Bott know whether or not those 200 threads in the Apple support forum were started by trolls?

I suspect many of the "I've been infected" threads in this forum are the byproduct of trolling.

Anyway, I recommend installing ClamXav, which detects MACDefender and variants, but does not have on-access scanning so does not chronically use resources. At least, this serves just to remind users that they already have AV software installed so they do not install any other AV software that may be malicious.

See the links in my sig for more info.

 

[lkrupp]

You get this problem by visiting porn sites only so far. As a scientific experiment (purely scientific mind you ) I visited a few of the known sites and, sure enough, I encountered Mac Defender. A page loads that looks like your system is being scanned for malware. Of course you are then informed that you do indeed have malware and are offered Mac Defender to be installed to clean your system. Pretty lame phishing in my opinion but I guess the shallow end of the gene pool is susceptible to this crap.

 

[baryon]

NEVER allow anything to be installed YOU DIDN'T SPECIFICALLY REQUEST IN ADVANCE! EVAH!!!!!

What if someone thinks that MacDefender is something they want (maybe it's a real anti virus - they think)? Then what?

But just about Windows viruses vs. Mac viruses: On Windows, it has happened to many people I know and to me as well a long time ago, that you turn on your computer and you have a virus that prevents you from even executing anything, even though you have NOT installed anything, the virus just found a way to get onto the computer from a website without user intervention. As I understand, Mac Defender still needs to be specifically installed by the user.

The thing is, the effectiveness of a security system can always be hindered by the user, as long as the user is allowed by the system to do anything they want. I think that's a good thing, as long as you're not stupid. Then maybe in 5 years we will only be able to run code from the App Store, and losing our freedom of installing whatever we want. Stupid users will be safe, power users will complain that they can't run their custom built application.

Solution: Those who aren't very tech savvy only need computers for Facebook and the web, so they should get an iPad instead of a computer. The people who need their computer to do special tasks should also get a proper computer, and since they actually do special tasks, we can assume that they are smart enough not to install malware.

Apple has it figured out, it's just not completely implemented yet.

 

[notjustjay]

Yes, the general level of knowledge these days is probably that most people have heard of computer viruses and know they are bad. So when a window pops up that says they've got a virus, press this button to clean it up, who's the idiot - the person who presses the button in the mistaken belief that they are doing the right thing, or the person who just ignores it and carries on?

A previous poster mentioned an example of a supermarket sample guy. If you go to the supermarket and someone dressed in the supermarket uniform gives you a sample, you are reasonably assured that he is not trying to poison you.

But suppose someone in a supermarket uniform rings your doorbell at home, and when you answer, he hands you a sample? Is this legitimate? It's a little unusual, isn't it? That should set off an alarm bell.

This same sort of common sense applies in many situations. You can approach a stranger and ask him to take a picture with your camera, but many know that if someone approaches you and says "Hey, I'll take a picture of you!" -- it could be a trap.

If you call up a babysitter, you're reasonably assured that your kid is in good hands, certainly more so than if a person rings your doorbell unsolicited and says "Hey, can I take care of your kid for a while?"

We're trained to ask questions when unsolicited people start asking us for access to our things. "Hey, I'm from the gas company, can I come in to check your furnace?" Err... well.... I didn't call you, I'm not expecting you, so I'd better see some ID, and I'm going to call the gas company to verify that they sent you here.

It should be the same for computers. We need to train people to understand that an unsolicited "hey, wow, you've got a virus!" alert is suspicious.

 

[munkery]

I like how malware removal support for Windows costs quite a bit of money. Malware issues seem to be a part of the business model of the Windows world.

 

[casebolt12]

You get this problem by visiting porn sites only so far. As a scientific experiment (purely scientific mind you ) I visited a few of the known sites and, sure enough, I encountered Mac Defender. A page loads that looks like your system is being scanned for malware. Of course you are then informed that you do indeed have malware and are offered Mac Defender to be installed to clean your system. Pretty lame phishing in my opinion but I guess the shallow end of the gene pool is susceptible to this crap.

blatantly and completely wrong. read some previous posts for further education. the majority of users that have been infected with this obtain it from perfectly benign google image searches. SEO poisoning ftl.

 

[henchman]

A previous poster mentioned an example of a supermarket sample guy. If you go to the supermarket and someone dressed in the supermarket uniform gives you a sample, you are reasonably assured that he is not trying to poison you.

But suppose someone in a supermarket uniform rings your doorbell at home, and when you answer, he hands you a sample? Is this legitimate? It's a little unusual, isn't it? That should set off an alarm bell.

This same sort of common sense applies in many situations. You can approach a stranger and ask him to take a picture with your camera, but many know that if someone approaches you and says "Hey, I'll take a picture of you!" -- it could be a trap.

If you call up a babysitter, you're reasonably assured that your kid is in good hands, certainly more so than if a person rings your doorbell unsolicited and says "Hey, can I take care of your kid for a while?"

We're trained to ask questions when unsolicited people start asking us for access to our things. "Hey, I'm from the gas company, can I come in to check your furnace?" Err... well.... I didn't call you, I'm not expecting you, so I'd better see some ID, and I'm going to call the gas company to verify that they sent you here.

It should be the same for computers. We need to train people to understand that an unsolicited "hey, wow, you've got a virus!" alert is suspicious.

Except Apple users have been lulled into a false sense of security by Apple.

That's the real problem here.

 

[Abyssgh0st]

I had this pop up yesterday.. obviously didn't let it finish DL'ing, even though it was only 1.9MB. Scary.

 

[munkery]

How come Ed Bott hasn't done an article on the huge volume of win32k.sys privilege escalation vulnerabilities for which there is a guide to help create exploits on Exploit-db and given the fact that this vector was used in the wild in Stuxnet so it is known to the malware developer community?

 

[0815]

My browser got hit with this twice. Once from FARK (I think) and another time from another "Mac news" site that I regularly go to.
Both sites use ad services to serve up their ads.
Somehow this "Mac Defender" and also "Mac Protector" showed up with the normal ads.

So it was not simply bad neighborhoods. The poisoned ads had somehow infected the ad servers.

I can't recall if simply loading the page caused the browser hijack or if you had to roll over the ad, but regardless, it was pretty startling and rather impressive.

I don't think you will get to either of them again as the ad services have removed them. I also don't understand recommendations for AV software. There is no AV software that will do anything about this until it is far too late. AV software can't protect you from social engineering tricks.

Guess we can classify now all the ad and flash blockers as maleware and virus protection

Still - who in his right mind clicks ok and provides the password when an installer pops up while browsing and clicking on the web?

 

[notjustjay]

Except Apple users have been lulled into a false sense of security by Apple.

That's the real problem here.

Well, I agree, but in this particular case that might actually be helpful. "It says I have a virus? But Apple says I can't get viruses! Something's wrong here..."

The bottom line is people need to be trained to think before they click. Unfortunately there will always be people who refuse to do so.

 

[fmaxwell]

I agree, unfortunately the rash of 'switchers' has lowered the average tech IQ of the userbase.

Yeah, people like me. I switched to Macs about 3 years ago after spending close to three decades as an engineering professional. It was while integrating and testing a satellite, using test software that I developed and hardware that I helped design, that I got significant exposure to the Macs used by top scientists at NASA's Jet Propulsion Lab.

I am currently designing and implementing electrical ground support equipment and software/firmware used to operate and test another satellite. I am using a micro-controller for which I wrote a real-time, multi-tasking kernel. Yeah, dumbass rocket scientists like me have lowered the average IQ of the user base in the Mac world.

P.S. Any time you want to compare either IQ (as measured by any recognized IQ test) and knowledge about computer hardware, software, and operating systems, let me know, buck-o.

 

[supmango]

Agree, there's a lot of arrogance on here. Don't people realise that there's a computer in nearly every home now in most developed countries and a lot of those are Macs? The fact that many of the users don't know what they shouldn't do is nothing to do with idiocy, IQ, intelligence, call it what you like. It's knowledge/education. We're geeks, we know these things, but for many, many people a computer is just another household appliance like a washing machine or central heating boiler. Does me not having a detailed knowledge of my boiler beyond how to use it day-to-day make me an idiot?

So, to all those saying you deserve what you get, do you really think it's fair to throw that at the majority of people out there? Yes, the general level of knowledge these days is probably that most people have heard of computer viruses and know they are bad. So when a window pops up that says they've got a virus, press this button to clean it up, who's the idiot - the person who presses the button in the mistaken belief that they are doing the right thing, or the person who just ignores it and carries on?

I agree with you, these people are not idiots. They are just ignorant of how computers work, and what kind of impact they can have with seemingly little user interaction. I don't think the solution to this kind of threat is more software (anti-virus protection), and I don't think the solution is necessarily any action on Apple's part (other than better education). Any modification Apple might make that would limit an "attack" like this would ultimately make interacting with your computer more complicated, and would make "legitimate" software installations more cumbersome.

Bottom line, this "security hole" has been around since the inception of computers, and still exists in virtually every computer out there (except the iPhone and iPad, unless you jailbreak to install unofficial apps). As long as people retain the ability to download and install software on their computer (from any source they choose), this vulnerability will exist. It's clever on the software developer's part.

The only fix Apple could do for this kind of hole would be to limit the software that you can install on your Macs to only applications in the Mac app store (like the iPhone and iPad). I believe this would kill development on the Mac, and dramatically hurt their Mac sales, so I will be very surprised if they go this route. But I have been rather surprised with their move on in app purchasing developer terms. So who knows.

 

[GGJstudios]

You get this problem by visiting porn sites only so far.

False. Read the thread and the Mac Virus/Malware Info.

 

[Gasu E.]

Malware made to look like anti-virus software is the new "strangers with candy."

 

[mcmlxix]

Wait a minute…

…if the “upgrade” requires you sending your CC number to someone, then cannot that someone be identified?

Once identified, what are the legalities of prosecuting or shutting them down?