Apple Updates Anti-Malware Tools to Address New Trojan Threat

[GGJstudios]

this is funny. they claimed that mac doesn't have virus or similar on AD. but how about now, huh?

Please educate yourself by reading the thread. This isn't a virus; it's a trojan. They are quite different forms of malware. There are no Mac OS X viruses in the wild.

do you think that mac is safe?

A Mac is safe as long as the user employs safe computing practices.

it will be the similar level with windows OS next couple of years. I guarantee it.

They've been saying that for 10 years, since Mac OS X was released. We're still waiting.

when I posted something about this just one year ago, people blames me. but seriously you can't deny the reality.

And the situation hasn't changed much at all in the past year. A handful of trojans that are easily avoided have appeared. That's all. You can't deny the reality.

Apple was putting out an update every day for a while which tells me that it took them a long time to fix the fundamental hole that was being exploited.

The "hole" was user ignorance, not a flaw in Mac OS X. MacDefender and its variants could not do anything without the user actively installing it.

MacDefender put some huge cracks in Apple "Does not get viruses" armor.

No, it didn't. It wasn't a virus. There has never been a virus in the wild that affects Mac OS X since its release over 10 years ago. That has not changed a bit. The only Mac OS X malware in the wild is in the form of trojans, which a prudent user can easily avoid. That fact hasn't changed a bit, either.

 

[Demigod Mac]

Bottom line is,

Trojans can potentially exist on any computing platform that allows you to install any program you want. All it takes is for a software vendor to lie to you and you give them permission to install their software.

That's why you'll never encounter malware threats on iOS if you haven't jailbroken your device. All iOS programs are vetted by Apple before they are exposed to end users.

OS X doesn't work that way.

 

[munkery]

It is a war Apple can not win. They can win battles but in the end they will lose the war. That much is a fact.

You say this because Windows has already lost?

It was using exploits to install with out telling the user or with out needing admin privages when piggy backing on something else.

But, this malware doesn't achieve system level access so protected data, such as keychains, and protected data entry, such as masked passwords, are not compromised.

The user's data files are exposed but most users' data file are not valuable in relation to mass automated malware due to several reasons:

- often don't contain any valuable data to be leveraged by the attacker. Some person in another country doesn't care about the photos, videos, emails, and documents of the average computer user.

- bandwidth limitations causing the collection of a large enough amount of data to make the malware profitable to be infeasible.

- more ...

 

[CShort]

Leopard

We are still running Leopard, does that mean we are vulnerable?

 

[Rodimus Prime]

No, it didn't. It wasn't a virus. There has never been a virus in the wild that affects Mac OS X since its release over 10 years ago. That has not changed a bit. The only Mac OS X malware in the wild is in the form of trojans, which a prudent user can easily avoid. That fact hasn't changed a bit, either.

You are confusing the generic understanding of the word virus and the technical meaning.

Generic understanding of Virus is Virus = Malware.

So in the Apple armor of "Apple does not get 'Virus'" to a majority of people means "Apple does not get malware"

So again apple armor has some huge cracks in it. You need to understand how the term virus was used.

 

[GGJstudios]

We are still running Leopard, does that mean we are vulnerable?

Not if you're careful where you get software that you install and if you don't open attachments from strangers. Common sense.

You are confusing the generic understanding of the word virus and the technical meaning.

So again apple armor has some huge cracks in it. You need to understand how the term virus was used.

I'm not confused at all. Because people misuse terms doesn't change the meaning of those terms. If anything, the MacDefender threat put some cracks in the user armor, not the Apple armor. There was no Mac OS X weakness that MacDefender exploited. It only exploited user naiveté.

 

[Rodimus Prime]

I'm not confused at all. Because people misuse terms doesn't change the meaning of those terms. If anything, the MacDefender threat put some cracks in the user armor, not the Apple armor. There was no Mac OS X weakness that MacDefender exploited. It only exploited user naiveté.

Yes you are confusing it.
You need to understand what the general public thinks Apple armor of "Apples do not get Viruses" means. The though that most people had was "Apple does not get malware" That armor is cracked.

The term was always used incorrectly but does not change the fact what the precised armor is.

heck when apple gets hit by the first worm I expect the defense to go again a worm is not a virus

 

[GGJstudios]

Yes you are confusing it.
You need to understand what the general public thinks Apple armor of "Apples do not get Viruses" means. The though that most people had was "Apple does not get malware" That armor is cracked.

I know what the general public thinks, and they're wrong. They also think EPA mileage estimates are accurate, that they won a free trip to Switzerland, that they can lose weight without dieting and exercising and many other fallacies. What the general public thinks is irrelevant to the facts. What matters is what computer buyers understand.

Apple's sales figures prove that no "armor" was cracked by MacDefender or any other trojan. They're still selling over a million Macs a month. Most Mac users have never even heard of MacDefender or any of the other few trojans out there, and the vast majority of Mac users will never encounter malware of any kind during their normal use of a Mac. The people discussing such things are in forums like this one, where the definitions of "virus" and "trojan" and "malware" are quite relevant and their accuracy is germane to the discussion.

 

[ZipZapRap]

Because people misuse terms doesn't change the meaning of those terms.

Actually, you're wrong. Misuse of terms, spelling and pronunciation is how language evolves. It's why you and I would struggle to understand a person from 1600 if they were alive today.

Language isn't a law. It's fluid. And if the vast majority of people say virus = malware, sure they might be technically incorrect now, but eventually, they'll be right.

 

[GGJstudios]

Actually, you're wrong. Misuse of terms, spelling and pronunciation is how language evolves. It's why you and I would struggle to understand a person from 1600 if they were alive today.

Language isn't a law. It's fluid. And if the vast majority of people say virus = malware, sure they might be technically incorrect now, but eventually, they'll be right.

First, you don't know that the vast majority of people says virus to mean malware, unless you've talked to them all. Second, you have no idea what those terms will mean in the future... only a guess. Since we don't live in the future, but in the present, virus doesn't mean malware, no matter how many uninformed people think otherwise.

 

[Rodimus Prime]

Actually, you're wrong. Misuse of terms, spelling and pronunciation is how language evolves. It's why you and I would struggle to understand a person from 1600 if they were alive today.

Language isn't a law. It's fluid. And if the vast majority of people say virus = malware, sure they might be technically incorrect now, but eventually, they'll be right.

It is already clear that some people like GGJstudios can not stand the fact that Apple armor of "Do not get viruses" has cracks in it.
He even agreed that the generic term of "virus" like it is used in the statement "Apple do not get Viruses" means malware so the saying really means "Apple does not get malware" which is false and has some huge holes in it.

It is funny seeing people like him scramble to change the meaning. Heck I am honestly willing to bet when OSX gets hit by a worm they will use the same argument that a worm is not a virus (which is also true) does not change the fact the generic meaning of computer virus.

 

[GGJstudios]

Apple armor of "Do not get viruses" has cracks in it.

You keep saying that, as if it makes sense. It doesn't. There is no "armor". There is no change whatsoever in the malware environment as it relates to Mac OS X since it was released 10 years ago. There are no Mac OS X viruses in the wild and only a few trojans. That's the way it was 8-10 years ago, and that's the way it is today. Nothing has changed and no "cracks" are in any "armor".

He even agreed that the generic term of "virus" like it is used in the statement "Apple do not get Viruses" means malware

I did not agree to any such thing. Quote me. Don't make things up.

It is funny seeing people like him scramble to change the meaning.

I'm not changing any meaning. The definitions of "virus", "trojan" and "malware" have been clearly established for many years. The fact that someone is unfamiliar with those definitions doesn't diminish their accuracy.

Heck I am honestly willing to bet when OSX gets hit by a worm they will use the same argument that a worm is not a virus (which is also true) does not change the fact the generic meaning of computer virus.

A worm isn't a virus. A virus isn't a worm. Making an argument based on ignorance of proper terminology definitions is pointless.

 

[KingCrimson]

Bottom line is Windows is now more secure then OS X. Take that to the bank!

 

[AppleScruff1]

Bottom line is Windows is now more secure then OS X. Take that to the bank!

OSX is obviously a very secure OS and so is Windows 7.

 

[Renzatic]

First, you don't know that the vast majority of people says virus to mean malware, unless you've talked to them all. Second, you have no idea what those terms will mean in the future... only a guess. Since we don't live in the future, but in the present, virus doesn't mean malware, no matter how many uninformed people think otherwise.

It doesn't matter if a trojan is malware, but not a virus. Or a potato is a potatoe, but not a tomato or a tomatoe. It doesn't matter that whatever random piece of malware infected their computer through an OS vulnerability, or the end user installed it themselves. The only thing that matters is that the more popular OSX becomes, the more often you're gonna see OSX specific malware floating about, and thus, the more likely it is that someone, somewhere will get infected.

Right now, it's not much of a threat. But if Apple truly is selling a million Macs a month, do you honestly thing it'll stay this way? If things continue as is, then it'll eventually reach the point where Apple won't be able to keep up with the patches, and just hope and pray that their end users are smart enough to keep whatever bug is out there off their computer.

...and considering how many viruses malware infections I've had to clean off someones computer simply because they really honestly totally had to get that super cool little program that advertises free games you can get right on your desktop, I don't think that's a demographic Apple should put much faith in.

Even worse, those same people are now buying Macs. Know why? Because someone told them they won't get viruses on a Mac. So when they see that same little free games program on OSX, they're gonna go ahead and grab it. And then their computer will become yet another botnet, sending out emails to all the other grandmas running OSX who don't think they can get viruses on their computer. I mean hey, it's from my niece Sally, I might as well click that link because she'd NEVER send me anything dangerous.

And when they do eventually come to you to ask to fix their virus issue, what are you gonna do? Tell them they don't have a virus, they have malware? By that point it doesn't matter about the tomato tomatoe, potato potatoe...they're infected, and their computer is running slowly because it's stealing their credit card information and sending out emails to 10,000,000 people.

You can argue that OSX is safer than Windows, but you can't honestly state it's safe. There is no OS on the face of the earth that is perfectly 100% secure. Telling people otherwise is doing both them and you a disservice.

 

[munkery]

You are confusing the generic understanding of the word virus and the technical meaning.

Generic understanding of Virus is Virus = Malware.

So in the Apple armor of "Apple does not get 'Virus'" to a majority of people means "Apple does not get malware"

Why are you replying to me?

That isn't my quote.

No, it didn't. It wasn't a virus. There has never been a virus in the wild that affects Mac OS X since its release over 10 years ago. That has not changed a bit. The only Mac OS X malware in the wild is in the form of trojans, which a prudent user can easily avoid. That fact hasn't changed a bit, either.

So again apple armor has some huge cracks in it.

If this relates to the fact that a Mac can be infected by a trojan, then this applies to every OS.

But, it is much more relevant to Windows given that Windows has exponentially more malware than any other OS.

 

[Rodimus Prime]

I did not agree to any such thing. Quote me. Don't make things up.
.

Really? Only a few post up.

I know what the general public thinks, and they're wrong. They also think EPA mileage estimates are accurate, that they won a free trip to Sw.........

In the "Apple does not get viruses" Virus is used generically and means malware.
Your post points that out. I made it clear I was using the generic meaning of virus and that "Apple does not get viruses" has always used the generic version of viruses which means malware.

 

[tunerX]

Where there is one that we know about, there are 20 more in development.

Eventually there will be a virus.

 

[Rodimus Prime]

Where there is one that we know about, there are 20 more in development.

Eventually there will be a virus.

Honestly I would not be surprised if a true virus is never made for OSX.

Reason why is true viruses are rare today. Of all the malware out there they are I believe in the less than 1% category. Worms are the next largest group after Trogans which control like 95%.

Viruses are very difficult to make and easy to stop. They are more or less dead. Worms are much harder to stop and normally do just as much if not more damage quicker and they are much smaller.

 

[munkery]

We are still running Leopard, does that mean we are vulnerable?

Information concerning Leopard and other earlier versions of OS X has already been posted earlier in this thread.

See #10 in the "Mac Security Suggestions" link in my sig.

FYI,

https://forums.macrumors.com/posts/13409883/

https://forums.macrumors.com/posts/13410431/

 

[munkery]

Honestly I would not be surprised if a true virus is never made for OSX.

True, for the reason shown in the post linked below.

https://forums.macrumors.com/posts/13410269/

Reason why is true viruses are rare today. Of all the malware out there they are I believe in the less than 1% category. Worms are the next largest group after Trogans which control like 95%.

Viruses are very difficult to make and easy to stop. They are more or less dead. Worms are much harder to stop and normally do just as much if not more damage quicker and they are much smaller.

Worms are worse than viruses because worms more actively propagate across a network using exploitation while viruses propagate in a less active manner.

That is why viruses have become rare. Developers that previously made viruses now produce worms.

Trojans require much less skill to produce unless the trojan includes privilege escalation to achieve system-level access, such as some variants TDL-4.

Some variants of TDL-4 developed the capacity to propagate like a worm but still require user interaction to install with elevated privileges.

Luckily, the variant of TDL-4 that included a privilege escalation exploit didn't propagate like a worm or it would have been even worse.

The variant that included privilege escalation was connected to a botnet that was estimated to include 4.5 million Windows machines.

Regardless of being able to self propagate, malware is not very successful unless it is able to achieve system-level access via social engineering or exploitation.

This new Mac PDF trojan doesn't achieve system-level access via any method.

This suggests that this new Mac trojan was developed for targeted attacks on a small number of specific individuals for the purpose of gaining access to user files that contain intellectual property.

This also suggests that this new Mac malware is not meant for an automated mass malware attack that targets a broader segment of the Mac user base.

 

[Mal]

The flash updater is in /Applications/Utilities so you should be able to right click the updater that pops up in the dock and click "Show in Finder" if it's in the right place you should be fine. If it's running from the downloads folder or something you might be more concerned.

It actually wasn't an app. It was just a new window in Safari. That was what made me wonder a bit, although I didn't spend much time thinking about it until later. I'm glad I didn't click through, though, although I've trained myself not to click any automatic updates that I haven't launched manually, except Software Update.

jW

 

[munkery]

This new Mac PDF malware is officially FUD.

This PDF Trojan horse was not found in the wild, and is most likely simply a proof of concept.

We consider the threat to be very low, as this is not found in the wild.

http://blog.intego.com/2011/09/23/mac-pdf-trojan-horse-surfaces-threat-is-low/

The article linked below suggests that it uses a hidden .app extension in conjunction with a PDF icon to trick users into thinking it is a PDF.

http://www.f-secure.com/weblog/archives/00002241.html

This wouldn't be automatically opened by Safari due to .app not being a safe file type that can be opened by Safari.

___________________

The new Mac Flash malware has been seen in the wild but doesn't have widespread distribution.

Low; this malware has been found in the wild, and may fool Mac users who don’t have Flash Player installed. However, Intego so far has only one report of this malware, and a sample provided by a user who downloaded it from a malicious web site.

It does require users to run through an installer but does some interesting stuff after being installed.

If the user proceeds with the installation procedure, the installer for this Trojan horse will deactivate some network security software (code in this malware specifically targets and deactivates Little Snitch, [...]), and, after installation, will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.

 

[racine99]

I have OSX/flashback.A

So it was late and I was tired and in a rush to finish what I was doing and I installed this FLASH update and now most of my apps WILL NOT OPEN. BBEdit, Interarchy, Safari, Epson Scan. I even downloaded Intego VirusBarrier X6 and the .dmg will not start. This is no joke. If anybody hears of a cleaning process, please let me know. racine99@gmail.com...just in case I cannot get Firefox to open. I was using BBEdit this morning! Now I am afraid of closing an app; I won't be able to open it again.

 

[munkery]

So it was late and I was tired and in a rush to finish what I was doing and I installed this FLASH update and now most of my apps WILL NOT OPEN. BBEdit, Interarchy, Safari, Epson Scan. I even downloaded Intego VirusBarrier X6 and the .dmg will not start. This is no joke. If anybody hears of a cleaning process, please let me know. racine99@gmail.com...just in case I cannot get Firefox to open. I was using BBEdit this morning! Now I am afraid of closing an app; I won't be able to open it again.

Delete either of these files if found on your system:

~/Library/Preferences/Preferences.dylib

~/Library/Preferences/Preferences.dyld