Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

[mijail]

These "security researchers" are actually quite clueless.

You must have some nerve to say that about the Matasano (and SecurityFocus) people. But hey, you saying that helps to put the sum of your knowledge in context.

Yes, giving a malicious person access to a guest account on your Mac is dangerous.

Aha, so you know who is malicious and who isn't. That must make things certainly easier. In fact, if you know that, you could argue that you don´t really need much security.

I can hand my MacBook switched to a guest account to the grandchildren, and I know that they won't delete all my files by accident (friend of mine lost significant amounts of music in iTunes to his then three year old granddaughter), or on purpose.

Oh, I see. So you were only referring to security like "the children won´t be able to delete my files accidentally".
All clear, then.

 

[mac9000]

It's not impossible at all. No OS is immune, including Unix, Linux, Mac OS X, Windows, etc.

Viruses are far from obsolete. Where are you getting this nonsense about them not making money?

Everyone on the forum...
Most attacks are trojans now. It's so much easier to trick the user than the system. Viruses just plague your computer, but things like MacDefender get your credit card number and steal your money. Also, the requirement of "sudo" in UNIX for certain commands eliminates automatically installing stuff on your system.

 

[Rodimus Prime]

Viruses are far from obsolete. Where are you getting this nonsense about them not making money?

He is right. Virus in the truest sense are obsolete. Trogans and worms are the 2 biggest things.
Virus still require some human interaction to spread by opening up an infect file and from there they spread to other files on that computer but still require human interaction to spread.

Trojans and worms are the big damaging things and the real money makers.

 

[mac9000]

He is right. Virus in the truest sense are obsolete. Trogans and worms are the 2 biggest things.
Virus still require some human interaction to spread by opening up an infect file and from there they spread to other files on that computer but still require human interaction to spread.

Trojans and worms are the big damaging things and the real money makers.

Thank you

 

[GGJstudios]

Most attacks are trojans now. It's so much easier to trick the user than the system

Yes, most attacks are trojans. Most. Not all. There are still viruses in the wild that affect Windows. They are not obsolete, and to assume that Macs are immune to a future virus is irresponsibly naive.

Virus in the truest sense are obsolete.

As long as Windows systems are being infected by viruses, no matter how few, they are not obsolete. You forget the very large number of XP users who still are plagued by viruses.

Virus still require some human interaction to spread by opening up an infect file and from there they spread to other files on that computer but still require human interaction to spread.

If it requires user interaction to spread, it's not a virus. A virus can spread and infect systems without user knowledge or interaction.

 

[Demigod Mac]

The social engineering aspect of this really is the biggest threat not just to Macs but also Windows. I have a friend who writes code (he can read machine code which is just weird and scary sometimes) and his take on this round of malware is this: It isn't Mac's are more vulnerable now or that the sheer number of Macs now make it more attractive, rather it is the improved security in Windows which has caused virus and malware writers to re-tool. Basically, it is now easier to just trick people in to installing your bad software than to trick the OS. Since the tricking relies on the weakest link - humans - the OS really doesn't matter so you just spread out the con as far as possible.

This.

Operating systems have become extremely difficult to break into ever since OS X and Windows Vista/7. Previously, it was possible to infect computers regardless of what their owners were doing. Social engineering is now malware authors' preferred method of delivering their payloads. Viruses and worms are quickly becoming obsolete because of this. Trojans are the most effective malware delivery method.

As long as users have the ability to install software from 3rd party sources, such malware will always exist. Apple cannot realistically prevent someone from installing a fresh variant of MacDefender than they could stop someone from installing Firefox.

 

[bigwig]

How do I force an update of the malware definitions? There appears to be no way to do so.

 

[Rodimus Prime]

Yes, most attacks are trojans. Most. Not all. There are still viruses in the wild that affect Windows. They are not obsolete, and to assume that Macs are immune to a future virus is irresponsibly naive.

As long as Windows systems are being infected by viruses, no matter how few, they are not obsolete. You forget the very large number of XP users who still are plagued by viruses.

If it requires user interaction to spread, it's not a virus. A virus can spread and infect systems without user knowledge or interaction.

You need to look up the complete defenision of a virus
http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.

Sum it up a virus will be riding on lets say a word file or a picture file. Now those files type are generally good but open them up and the virus now infects your computer and does its damage and in theory infects other files like it on the computer. I just choose 2 random file types as an example. Not sure if can even happen with them.

Worms on the other hand are truly self replicating and can spread with zero human interaction.

Trojans is a program that looks good but really something else. Complete different than a virus as they are more self contained.

Viruses are the easiest of the 3 to stop as most AV programs catch those infected file types pretty quickly. Torjans can slip past them fairly easy and worms are just a pain.

Now the common person puts all 3 under the term "Virus" but it is incorrectly used. Correct term is Malware and the rest is a break down from that.

 

[KnightWRX]

Also, the requirement of "sudo" in UNIX for certain commands eliminates automatically installing stuff on your system.

So does runas in Windows ?

Seriously, again guys, nothing in UNIX (as in the Single Unix Specification) makes OS X more virus resistant than other OSes. No, "sudo" is not it, as a virus would simply bypass that using some kind of privilege escalation bug to gain root privileges instead of relying on the user to "sudo".

 

[ten-oak-druid]

Facebook video scam puts malware on Mac and Windows
By Robert McMillan
June 1, 2011 08:02 PM ET

Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims' computers.

The scam was spotted Tuesday by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid. On Wednesday the scam switched and the link was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere.

In both cases there is no such video. People who click on the link are sent to a website that tries to install the fake antivirus software. The scam is slightly different, depending on whether the victim is using a Mac or a PC. On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video. But the software they install is actually the fake antivirus program.

On the Mac, there's a pop-up window that looks like a security warning. When victims click to "fix" the security problems, they end up installing the fake software.

...

 

[xlii]

Just check my plist file and it hasn't been updated. It only shows 7 entries. Entry 8 for the .C file hasn't happened.

 

[ten-oak-druid]

It is interesting because while Windows XP has more cases of malware infection currently, it is the only version of Windows with decreasing amounts of malware. Windows 7 cases of infection are increasing. But XP has about 4x the number of infected computers right now. Both have about 1/3 of the market share of windows versions.

Most of the difficulty with Windows comes from a greater number of people looking for pirated software. These people put other Windows users at risk. People looking for pirated software go for the $300 machines, not high end models like Apple sells.

 

[GGJstudios]

You need to look up the complete defenision of a virus

Thanks, but I'm extremely familiar with all malware definitions. One could argue that if the user turns on their computer, they "took action" to spread a virus, but that's being extreme. The point is, the user can be doing what any informed and reasonably prudent user would do, running the same apps they've been running, like Word, Outlook, Excel, etc., and still be infected by a virus without their knowledge or permission or interaction with the virus. This is not the case with a trojan, where a user must choose to take deliberate action to install the trojan. Viruses give no warning when they infect or spread. Trojans require that the user perform an installation procedure.

Trojans is a program that looks good but really something else. Complete different than a virus as they are more self contained.

Being more "self-contained" is not the distinguishing characteristic of a trojan. Go back and read the definitions.

 

[AidenShaw]

That's obvious

Most of the difficulty with Windows comes from a greater number of people looking for pirated software.

Since there are 19 times as many Windows users as there are Apple OSX users, it's pretty obvious that even if Apple users were 10 times more likely to be criminals, there would be more criminal Windows users than criminal Apple users.

Don't bother replying, your "Windows users are cheap criminals" argument is unsupportable, and you have not supported it.

 

[ten-oak-druid]

Microsoft has stated that the major cause of Windows malware is pirated copies of Windows itself.

Because Apple does not sell $300 laptops, the user base is less likely to be visiting these sites looking for pirated stuff.

The greater number of thieves on Windows is a risk to all. That is why I avoid that OS.

There are certainly many people who are not criminals on Windows. But there is a greater percent of people using Windows who enjoy pirated software.

The irony is that the people I've met who feel upset that anyone would charge money for music or software are the most ardent Windows supporters. Why do they not pay for their beloved OS?

There may be some hope in the future though. Microsoft has added anti piracy software starting with Vista and now 7. That may be why 1/3 of Windows users are still on XP and 1/3 on 7 while Vista is a much lower fraction. It will be interesting to see if the market share of Windows 8 comes mostly from 7 users.

 

[AidenShaw]

Microsoft has stated that the major cause of Windows malware is pirated copies of Windows itself.

Because Apple does not sell $300 laptops, the user base is less likely to be visiting these sites looking for pirated stuff.

The greater number of thieves on Windows is a risk to all. That is why I avoid that OS.

There are certainly many people who are not criminals on Windows. But there is a greater percent of people using Windows who enjoy pirated software.

The irony is that the people I've met who feel upset that anyone would charge money for music or software are the most ardent Windows supporters. Why do they not pay for their beloved OS?

Still, no links to support any of those conjectures and anecdotes? Please, do us all a favor and don't reply unless you're able to support your arguments.

 

[ten-oak-druid]

There are some people who actually believe people who routinely pirate software would be equally likely to purchase a $1000 computer as a $300 computer. LOL

 

[AidenShaw]

There are some people who actually believe people who routinely pirate software would be equally likely to purchase a $1000 computer as a $300 computer. LOL

And there are people who believe that if you make claims that you should be able to support them with links to articles or other information that supports your claim.

If you look at my posts, you'll notice that I use the "url=" tag a lot. Consider that.

This is becoming pointless - I'm not replying again unless you make a significant attempt to defend your position....

 

[ten-oak-druid]

LOL

Silly kids think discussing the the obvious with regards to software pirate demographics is an attack on Windows users as a group.

There are many Windows users who do not pirate software. But lets face it, the majority of people who believe they are entitled to all software and media for free are tightwads and more likely to buy a $300 computer over a $1000 computer. Apple doesn't make those so they are by default Windows users.

And to lets think about it. If you believe all software should be free then you will want all you can get. And of course there is more software available for windows. Most of it duplicating features of each other but if its free why not get it all?

I guess if you are real sensitive about the Windows community this is disturbing commentary. But it is not meant to be an argument that "Windows users are criminals". It is an argument that software pirates gravitate to cheap computers and those happen to run Windows.

I guess it is equally painful to point out that most people who program viruses and malware are Windows users.

By the way not only does pirated software spread malware, the sales of pirated software (or beneficiary's of identities stolen by it) can be criminals of other sorts:

Drug Cartels Profiting from Malware and Pirated Software

Now there are those who would have you believe the drug cartels are mac users selling pirated mac software. LOL

Here was a case recently of a drug cartel selling pirated Office 2007:

Mexican Drug Cartel Selling Bootleg Copies of Microsoft Office?

Office 2007: Mac OS or Windows?

 

[wp3gi]

Force updating XProtect.plist

To force update the file go to "System Preferences", "Security", Uncheck "Automatically update safe downloads list", and then Re-check "Automatically update safe downloads list". Your list will be re-downloaded when it turns back on.

Item 10 has been added to the list, which is OSX.MacDefender.D

The file's path is: System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

 

[xlii]

To force update the file go to "System Preferences", "Security", Uncheck "Automatically update safe downloads list", and then Re-check "Automatically update safe downloads list". Your list will be re-downloaded when it turns back on.

Item 10 has been added to the list, which is OSX.MacDefender.D

The file's path is: System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Thanks, I just forced the update and it worked. I don't know why it wasn't pushed to me. I was stuck on OSX.MacDefender.B as the latest update since this first came out 2 days ago or so.

 

[CQd44]

LOL

Silly kids think discussing the the obvious with regards to software pirate demographics is an attack on Windows users as a group.

There are many Windows users who do not pirate software. But lets face it, the majority of people who believe they are entitled to all software and media for free are tightwads and more likely to buy a $300 computer over a $1000 computer. Apple doesn't make those so they are by default Windows users.

And to lets think about it. If you believe all software should be free then you will want all you can get. And of course there is more software available for windows. Most of it duplicating features of each other but if its free why not get it all?

I guess if you are real sensitive about the Windows community this is disturbing commentary. But it is not meant to be an argument that "Windows users are criminals". It is an argument that software pirates gravitate to cheap computers and those happen to run Windows.

I guess it is equally painful to point out that most people who program viruses and malware are Windows users.

By the way not only does pirated software spread malware, the sales of pirated software (or beneficiary's of identities stolen by it) can be criminals of other sorts:

Drug Cartels Profiting from Malware and Pirated Software

Now there are those who would have you believe the drug cartels are mac users selling pirated mac software. LOL

Here was a case recently of a drug cartel selling pirated Office 2007:

Mexican Drug Cartel Selling Bootleg Copies of Microsoft Office?

Office 2007: Mac OS or Windows?

So... if I were to find a news article involving OS X users, I can use that as a blanket statement as well? AWESOME.

 

[pcbjr]

To force update the file go to "System Preferences", "Security", Uncheck "Automatically update safe downloads list", and then Re-check "Automatically update safe downloads list". Your list will be re-downloaded when it turns back on.

Item 10 has been added to the list, which is OSX.MacDefender.D

The file's path is: System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Thanks, I just forced the update and it worked. I don't know why it wasn't pushed to me. I was stuck on OSX.MacDefender.B as the latest update since this first came out 2 days ago or so.

I'm real confused - what is Item 10, where is it, how do I view it (please provide some "See Spot run" directions) and how do I know that the new update is actually running this check?

 

[ten-oak-druid]

Windows 7 has improved security I understand. But if you use a pirated copy, all bets are off:

32% of Pirated Windows 7 Copies Possess Malicious Code

"Media Surveillance, a Germany-based anti-piracy solutions firm, lately downloaded above 500 pirated copies of Windows 7 (and Windows activation exploits). The company found that 32% of these pirated copies contained malicious code."

So Windows users, instead of being in denial about the risk of pirated software, make it a point to tell people you know who do this to stop.

 

[CodeBreaker]

Solution: Educate users.

I think Apple should stop playing this game now. Instead, they can post a 5 min educational video, maybe on their website, or bundle it with the next OS update, so that it plays after restart (just like the welcome video).

The only way to stop people from installing this is to educate users. Tell them what a malware is, how it steals your credit card no., and what to do if a mysterious installer is launched without your knowledge.