Is your computer infected with Equation Group malware?

Is you MacBook infected with Equation Group malware?

  • I plan to check

    Votes: 2 22.2%
  • Yes it is

    Votes: 2 22.2%
  • I can't be sure either way

    Votes: 5 55.6%

  • Total voters
    9
  • Poll closed .

NT1440

macrumors G5
May 18, 2008
12,141
14,010
I've been wondering if they've also infected SSD hard drives. Knowin the NSA, I'd say most likely. From what I've been reading in Kaspersky Lab's report it only mentions Windows so far, but again....NSA.
 

Giev

macrumors member
Aug 20, 2013
93
6
I've been wondering if they've also infected SSD hard drives. Knowin the NSA, I'd say most likely. From what I've been reading in Kaspersky Lab's report it only mentions Windows so far, but again....NSA.
No it does mention OSX (mainly from China), and even iPhone!
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
If you read the entire article, it clearly states that there is no evidence of OS X malware related to this group's activities and that the folks at Kapersky only believe that such malware exists. This is more evidence of an antivirus firm spreading FUD to promote their software. It is clear from the article that the Equation Group's activities were carefully targeted toward high-value targets, and even had safeguards to prevent computers from being infected that were not intended targets. Much of the article is pure guesswork on the part of Kapersky, with very little real evidence.

It is ridiculously unlikely that an average Mac user has any infection from this group's activities.
No it does mention OSX (mainly from China), and even iPhone!
It only mentions redirects on iPhone, which can be achieved via a website and do not require any infection of the device. As far as OS X, it only mentions that some visits to their servers were from computers that identified themselves as Macs. That doesn't mean those computers were infected with anything, as Kapersky hypothecated.
 

Hieveryone

macrumors 601
Original poster
Apr 11, 2014
4,157
1,476
USA
If you read the entire article, it clearly states that there is no evidence of OS X malware related to this group's activities and that the folks at Kapersky only believe that such malware exists. This is more evidence of an antivirus firm spreading FUD to promote their software. It is clear from the article that the Equation Group's activities were carefully targeted toward high-value targets, and even had safeguards to prevent computers from being infected that were not intended targets. Much of the article is pure guesswork on the part of Kapersky, with very little real evidence.

It is ridiculously unlikely that an average Mac user has any infection from this group's activities.

It only mentions redirects on iPhone, which can be achieved via a website and do not require any infection of the device. As far as OS X, it only mentions that some visits to their servers were from computers that identified themselves as Macs. That doesn't mean those computers were infected with anything, as Kapersky hypothecated.

Where does it say there were "safeguards" to protect unintended targets?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
Where does it say there were "safeguards" to protect unintended targets?
From here:

Among the technical feats were exploits that exercised extreme surgical precision in infecting only the intended target.

Blocking attacks against visitors bearing the username unregistered is an indication that attackers didn't want to infect visitors who weren't logged in. Instead, the attackers appear to have had specific users in mind.
 

cjmillsnun

macrumors 68020
Aug 28, 2009
2,399
45
There is an option missing on the poll.

No.

This option would apply to most of us.

The whole article is FUD.

This is a highly targeted attack that is designed to hit infrastructure and other strategic targets.
 
Last edited:

Freyqq

macrumors 601
Dec 13, 2004
4,014
166
I read the arstechnica article. While fascinating, I doubt this will have much effect on the average person.

1. The malware only affects specific computers that they were targeting. The article discusses the precision used where the malware only activates if a list of qualifications are met.
2. The malware rewrites things on the firmware level and before the computer even boots up into the OS, so good luck ever finding out that your computer is compromised. Apparently, it even survives a full format.
 

simonsi

macrumors 601
Jan 3, 2014
4,849
716
Auckland
Who puts a poll up without "No" as a valid answer???

"To become scared, you only have to read the internet". :rolleyes:
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
If you said no, you'd be lying, since you can't say for sure.
Did you even read the article you linked? There's no way that average users are infected. This is more a case of targeted hacking, and not a case of malware in the wild that can affect average users.
 

simonsi

macrumors 601
Jan 3, 2014
4,849
716
Auckland
If you said no, you'd be lying, since you can't say for sure.
You have an "I plan to check" option, either that is irrelevant or the outcome of the check must be "yes" or "no". "Don't know" is valid but that is the same as before the check.

Also, for all you know I am writing this on my phone and my Mac doesn't have internet access.

You must be really scared by what you read.
 

Hieveryone

macrumors 601
Original poster
Apr 11, 2014
4,157
1,476
USA
You have an "I plan to check" option, either that is irrelevant or the outcome of the check must be "yes" or "no". "Don't know" is valid but that is the same as before the check.

Also, for all you know I am writing this on my phone and my Mac doesn't have internet access.

You must be really scared by what you read.
What?
 

simonsi

macrumors 601
Jan 3, 2014
4,849
716
Auckland
You've exaggerated the original articles beyond belief (e.g. the answer to the question on p22 of the doc you linked to is "no", not "yes and everyone is exposed to it"), and posted a poll that doesn't even have the possibility of not being infected as a possible option. That despite there being no evidence of Mac infections being found - even by Kaspersky's own admission in the article.

As for the infection map, it doesn't seem to have any numbers, just "Low", "Medium" and "High", "levels of infection" - well that is what you have to use if, as per the other article, the known global infections are: 500.

FUD of the first order, you should treat it as such.
 

Hieveryone

macrumors 601
Original poster
Apr 11, 2014
4,157
1,476
USA
You've exaggerated the original articles beyond belief (e.g. the answer to the question on p22 of the doc you linked to is "no", not "yes and everyone is exposed to it"), and posted a poll that doesn't even have the possibility of not being infected as a possible option. That despite there being no evidence of Mac infections being found - even by Kaspersky's own admission in the article.

As for the infection map, it doesn't seem to have any numbers, just "Low", "Medium" and "High", "levels of infection" - well that is what you have to use if, as per the other article, the known global infections are: 500.

FUD of the first order, you should treat it as such.
I guess some like to blindly trust, while others have the courage to question and doubt. Think different :apple:
 

yjchua95

macrumors 604
Apr 23, 2011
6,725
230
GVA, KUL, MEL (current), ZQN
No. I do a fresh OS X install every year lol!
Even that wouldn't eliminate the malware, because it resides in the firmware of the hard drive. And a hard drive can't operate without firmware.

So the only way is to smash the drive to pieces and get a drive with a controller that does not contain infected firmware, but you've to be extremely experienced in the industry to search for it.
 

campyguy

macrumors 68040
Mar 21, 2014
3,415
932
Your "poll" doesn't have "No" as an option, so, your poll is FUD.

And, I'm not enough of a ******* enough to use my Macs with an Administrator account, so, moreso "No".
 

Hieveryone

macrumors 601
Original poster
Apr 11, 2014
4,157
1,476
USA
Even that wouldn't eliminate the malware, because it resides in the firmware of the hard drive. And a hard drive can't operate without firmware.

So the only way is to smash the drive to pieces and get a drive with a controller that does not contain infected firmware, but you've to be extremely experienced in the industry to search for it.
Exactly. It's on the hard drive. If you're using the hard drive, you are infected :apple:
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
use my Macs with an Administrator account,
There is no security advantage in using a Mac with a non-admin account versus using an administrator account. This is more FUD.
I guess some like to blindly trust, while others have the courage to question and doubt. Think different :apple:
  • First, if the firmware of a drive you had was infected, there would be no way for you to know that. There is no evidence that any infection exists in any drives other than the select few that were targeted.
  • Second, all of the actual facts that the article stated pointed to targeted attacks on carefully selected targets, to the exclusion of others who were not targeted.
  • Third, the article is filled with hypotheses and assumptions that inaccurately suggest more widespread exposure.
  • Fourth, there is absolutely zero evidence that iOS or OS X devices are infected.
  • Fifth, a poll that doesn't have "No" as an option is obviously biased, and attempts to spread more FUD by suggesting that the only possibility is that everyone's computer is infected, whether they know it or not.

Just because a polar bear dies of cancer in Singapore doesn't mean everyone in California is infected with measles. (although that probably is more likely than the ridiculous suggestion of infection posted in this thread.)
 

simonsi

macrumors 601
Jan 3, 2014
4,849
716
Auckland
I guess some like to blindly trust, while others have the courage to question and doubt. Think different :apple:
Oh I forgot, its on the internet therefore must be true....

BTW you can't infect the firmware on a drive without running an executable on the machine it is attached to...

But don't worry, "its just physics".
 

duervo

macrumors 68020
Feb 5, 2011
2,307
1,032
I guess some like to blindly trust, while others have the courage to question and doubt. Think different :apple:
I agree wholeheartedly. Always question everything, and never blindly trust anything that you read ... Including that article ... Especially on the Internet.

I couldn't have said it better myself.