Hackers debut Mac OS X adware

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Nov 25, 2006.

  1. MacBytes macrumors bot

    Jul 5, 2003
  2. Blue Velvet Moderator emeritus

    Jul 4, 2004

    Err... should I be worried about this? I suspect not.
  3. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Okay, so I read the article and it caught my attention... but... but... googling only reveals a bunch of other articles digging the same article. Where is this proof of concept? I would like to see some actual evidence... and I'd like to see it analyzed by someone other than a "security" consultant.
  4. gloss macrumors 601


    May 9, 2006
    Of course you should. It's not major, but it is seriously annoying.
  5. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Assuming it isn't vaporware... this announcement sounds somewhat suspicious to me. Like how sarcastic the wording is. But I agree, it is concerning. It seems at the moment that the key piece of the problem on Windows (the ability of COM / ActiveX objects in a web page to install applications through Internet Explorer) is still missing on Macs (and for anyone who uses Firefox)... meaning that the real threat level is still close to zero. But I would still like to see more specifics on how this supposed vulnerability works.
  6. cwt1nospam macrumors 6502a

    Oct 6, 2006
    It isn't a proof of concept, it's a proof of desperation. If they really had a proof of concept they would have verified that it works before posting about it. Think about it! They say they've got the code, but also say:

    No test? Seriously, if this were real, they'd have run it on at least one test machine.
  7. ero87 macrumors 65816


    Jan 17, 2006
    New York City
    i'm sick of hearing these reports, they frighten me!

    someone tell me when a mac USER, a real one, has a virus. then I guess we should lall be sincerely concerned.
  8. iJawn108 macrumors 65816


    Apr 15, 2006
  9. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
  10. parenthesis macrumors member

    Mar 22, 2003
    Here and there
    Of course that article is sarcastic and don't have "proof": it's from The Register! They're known for their sarcasm (and decent journalism).

    Go to the linked F-Secure page if you want more details.

    "We recently received a proof-of-concept sample of an adware program. Normally that wouldn't be worth blogging about, but in this case it's for Mac OS X. In theory, this program could be silently installed to your User account and hooked to each application you use… and it doesn't require Administrator rights to do so. We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.

    The result: This particular sample successfully launched the Mac's Web browser when we used any of a number of applications."
  11. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    No, I'm sorry, I was talking about the linked F-Secure note, not the Register piece, when I said it sounded sarcastic and fishy. This F-Secure is supposed to be a real industry monitor / consultant / analyst, isn't it? I've never heard of them, but they didn't overtly smell of Onion. And yet... something about this piece strikes me as vaporware. And I'll stick with my statement that I want to see this analyzed by someone with Mac community credibility before I believe it.
  12. WildCowboy Administrator/Editor


    Staff Member

    Jan 20, 2005
    Really? F-Secure has been around for close to 20 years IIRC. That said, they primarily sell antivirus software, so it's in their best interest to make a big deal out of anything that comes along. (Of course, the flip side is that you'd hope the antivirus people would be among the first to recognize and develop defenses against threats.)

    Like everything coming out these days, I'll wait until these things appear in the wild before I really worry about them. Until then, I'll let the "experts" worry about them.
  13. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    Mmm, okay. But something about that note still just does not ring true to me. Maybe it's because it's a blog and the author felt the liberty to not use business diction and phrasing. Nonetheless...we shall see. I don't care so much about the adware part... this is still a local user exploit. *BUT* if this means that software can write to any part of /system, even if only a new file is being created, without admin privilege and without user intervention... something is seriously amuck, and I want Apple to know what. I'm just not convinced it's actually true yet.
  14. SMM macrumors 65816


    Sep 22, 2006
    Tiger Mountain - WA State
    I think we shall see more and more "Fox News" type of anti-Apple reporting. When looking at the thread subject titles, you see many which are barely justified by the actual content. Unfortunately, far too many people do not read beyond that point. My all-time favorite on MR was something like, "New iPod's shoddy construction" (this is just my rendition of the real text, which I do not recall). The actual story was about a guy who fell off his bicycle and landed on the iPod. The case was damaged and the display broken. I have no reason to suspect the user of anything except adding a little humor. Yet, a headline reader would just conclude Apple was having quality issues.

    You know it just irritates the h**l out of Redmond, that Apple does not suffer from the virus/malware issues they do. So, if there is any chance to dispel the Apple invincibility myth, or discredit their security, they will pounce on it. A perfect example of this was during the last presidential election. Gee-Dub did not serve in the military and even his national guard service was under scrutiny. Kerry on the other hand served with distinction in Vietnam.

    The republican machine could not make George a hero, no matter how badly they wanted to. The only choice was to not let Kerry be one. So, they found a couple of fundamentalist, good-old-boys, to come forth, lie through their teeth and throw enough doubt (greatly fanned by Fox, Murdoch and crew) about Kerry's service. It worked like a charm.

    MS has a lot riding on Vista. I think Apple is poised to not only steal their thunder, but to also breakthrough the MS 'mystic'. I have heard many people say (essentially), "the reason Apple has a better OS right now is because MS has been solely focused on developing the ultimate OS". Well, if Redmond cannot deliver, many more people are going to start looking at alternatives.
  15. Analog Kid macrumors 68040

    Analog Kid

    Mar 4, 2003
    The "in theory" part is that it could theoretically do to you what the proof of concept did to their test machine in practice.

    From the description, I'd guess it's using Input Methods as a vector. IM is a feature, but it really should be better protected. Anything placed in IM gets loaded and run by every application launched.
  16. wyatt23 macrumors 6502a


    Mar 7, 2006
    Forest Hills, NY
    cool. i'll believe this when i have to have spyboy for mac, ad-adware for mac, and microsoft defender for mac all simultaneously running on my system.

    'til then... BOGUS~!
  17. cwedl macrumors 65816


    Jun 5, 2003
    Whats the point of making stuff like this, on one hand its good that they have found holes in mac osx that hopefully they've notfied apple about but on the other hand they should get a life.
  18. solvs macrumors 603


    Jun 25, 2002
    LaLaLand, CA
    I'm sorry, but that made me laugh. The Register?

    Yeah, you can pretty much ignore this then.
  19. SPUY767 macrumors 68000


    Jun 22, 2003
    This item could theoretically be installed in the library of a vulnerable Mac if the user were to follow the instructions in the included text file.
  20. 0010101 macrumors regular

    Sep 24, 2006
    I'm tellin' ya man.. the more popular OSX becomes, the more stuff like this is going to appear.

    If you're in a band and going to release an album.. what are you going to put it on? Vinyl? 8 Track? Cassette?

    No. You release it on the most common media.

    WinTel machines have like what? 70% of the 'consumer' market? MacOS, Linux, Solaris, BeOS, etc make up the other 30%.

    As Apples market share grows, things like this will pop up with more and more frequency.

    Let's not forget there used to be viruses for MacOS back when they had better market share.. then as that market share slipped into just about nothingness, people just didn't bother writing them anymore.
  21. flir67 macrumors 6502

    Jun 23, 2005
    LOL, I remember having those on my last pc years ago.... heck you need it when you have a pc. seriiously...

  22. wmmk macrumors 68020


    Mar 28, 2006
    The Library.
    amen, brother!

    and i'm sure a lot of people will do this!

    true, but OS X is till more secure than anything based on NT.
  23. 0010101 macrumors regular

    Sep 24, 2006
    I absolutely agree. And OSX will continue to be my primary OS.

    When I think back to the nightmares I had during my time running XP.. the hundreds of lost hours spent re-installing, cleaning the registry, downloading virus scan updates, anti-spyware applications and updates, having to buy more RAM just to support all the 'protection' that had to constantly run in the background, plus all the money I pissed away on Norton, McAfee, and a host of other things that were supposed to keep my computer virus and spyware free, but didn't.. well.. let's just say i'd have a whole lot more time and money.
  24. dpaanlka macrumors 601


    Nov 16, 2004
  25. someguy macrumors 68020


    Dec 4, 2005
    Still here.
    Yep. It's not a threat until it happens to me. That's my take on it.

    Forget all this "theoretically" crap. I don't care what "could" happen "if" a local user were to "follow the directions". Come on... you haxx0rz can do better than that.

    Call me when something actually happens. :rolleyes:

Share This Page