Is your computer infected with Equation Group malware?

Discussion in 'MacBook Pro' started by Hieveryone, Feb 17, 2015.

?

Is you MacBook infected with Equation Group malware?

This poll will close on Nov 13, 2017 at 7:52 AM.
  1. I plan to check

    2 vote(s)
    22.2%
  2. Yes it is

    2 vote(s)
    22.2%
  3. I can't be sure either way

    5 vote(s)
    55.6%
  1. Hieveryone, Feb 17, 2015
    Last edited: Feb 17, 2015
  2. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #2
    I've been wondering if they've also infected SSD hard drives. Knowin the NSA, I'd say most likely. From what I've been reading in Kaspersky Lab's report it only mentions Windows so far, but again....NSA.
     
  3. Giev macrumors member

    Joined:
    Aug 20, 2013
    #3
    No it does mention OSX (mainly from China), and even iPhone!
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    If you read the entire article, it clearly states that there is no evidence of OS X malware related to this group's activities and that the folks at Kapersky only believe that such malware exists. This is more evidence of an antivirus firm spreading FUD to promote their software. It is clear from the article that the Equation Group's activities were carefully targeted toward high-value targets, and even had safeguards to prevent computers from being infected that were not intended targets. Much of the article is pure guesswork on the part of Kapersky, with very little real evidence.

    It is ridiculously unlikely that an average Mac user has any infection from this group's activities.
    It only mentions redirects on iPhone, which can be achieved via a website and do not require any infection of the device. As far as OS X, it only mentions that some visits to their servers were from computers that identified themselves as Macs. That doesn't mean those computers were infected with anything, as Kapersky hypothecated.
     
  5. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #5
  6. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #6

    Where does it say there were "safeguards" to protect unintended targets?
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    From here:

     
  8. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #8
    The article reads like the "sketchy touch id macbook pro" article on the front page.

    Junk writing.
     
  9. cjmillsnun, Feb 17, 2015
    Last edited: Feb 17, 2015

    cjmillsnun macrumors 68020

    Joined:
    Aug 28, 2009
    #9
    There is an option missing on the poll.

    No.

    This option would apply to most of us.

    The whole article is FUD.

    This is a highly targeted attack that is designed to hit infrastructure and other strategic targets.
     
  10. Freyqq macrumors 68040

    Joined:
    Dec 13, 2004
    #10
    I read the arstechnica article. While fascinating, I doubt this will have much effect on the average person.

    1. The malware only affects specific computers that they were targeting. The article discusses the precision used where the malware only activates if a list of qualifications are met.
    2. The malware rewrites things on the firmware level and before the computer even boots up into the OS, so good luck ever finding out that your computer is compromised. Apparently, it even survives a full format.
     
  11. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #11
    Who puts a poll up without "No" as a valid answer???

    "To become scared, you only have to read the internet". :rolleyes:
     
  12. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #12
    If you said no, you'd be lying, since you can't say for sure.
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    Did you even read the article you linked? There's no way that average users are infected. This is more a case of targeted hacking, and not a case of malware in the wild that can affect average users.
     
  14. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #14
    You have an "I plan to check" option, either that is irrelevant or the outcome of the check must be "yes" or "no". "Don't know" is valid but that is the same as before the check.

    Also, for all you know I am writing this on my phone and my Mac doesn't have internet access.

    You must be really scared by what you read.
     
  15. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #16
    What?
     
  16. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #17
    You've exaggerated the original articles beyond belief (e.g. the answer to the question on p22 of the doc you linked to is "no", not "yes and everyone is exposed to it"), and posted a poll that doesn't even have the possibility of not being infected as a possible option. That despite there being no evidence of Mac infections being found - even by Kaspersky's own admission in the article.

    As for the infection map, it doesn't seem to have any numbers, just "Low", "Medium" and "High", "levels of infection" - well that is what you have to use if, as per the other article, the known global infections are: 500.

    FUD of the first order, you should treat it as such.
     
  17. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #18
    I guess some like to blindly trust, while others have the courage to question and doubt. Think different :apple:
     
  18. Jeff R macrumors 6502

    Jeff R

    Joined:
    Jan 28, 2014
    #19
    No. I do a fresh OS X install every year lol!
     
  19. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #20
    Even that wouldn't eliminate the malware, because it resides in the firmware of the hard drive. And a hard drive can't operate without firmware.

    So the only way is to smash the drive to pieces and get a drive with a controller that does not contain infected firmware, but you've to be extremely experienced in the industry to search for it.
     
  20. campyguy macrumors 68030

    Joined:
    Mar 21, 2014
    Location:
    Portland / Seattle
    #21
    Your "poll" doesn't have "No" as an option, so, your poll is FUD.

    And, I'm not enough of a dipshit enough to use my Macs with an Administrator account, so, moreso "No".
     
  21. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #22
    Exactly. It's on the hard drive. If you're using the hard drive, you are infected :apple:
     
  22. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #23
    There is no security advantage in using a Mac with a non-admin account versus using an administrator account. This is more FUD.
    • First, if the firmware of a drive you had was infected, there would be no way for you to know that. There is no evidence that any infection exists in any drives other than the select few that were targeted.
    • Second, all of the actual facts that the article stated pointed to targeted attacks on carefully selected targets, to the exclusion of others who were not targeted.
    • Third, the article is filled with hypotheses and assumptions that inaccurately suggest more widespread exposure.
    • Fourth, there is absolutely zero evidence that iOS or OS X devices are infected.
    • Fifth, a poll that doesn't have "No" as an option is obviously biased, and attempts to spread more FUD by suggesting that the only possibility is that everyone's computer is infected, whether they know it or not.

    Just because a polar bear dies of cancer in Singapore doesn't mean everyone in California is infected with measles. (although that probably is more likely than the ridiculous suggestion of infection posted in this thread.)
     
  23. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #24
    Oh I forgot, its on the internet therefore must be true....

    BTW you can't infect the firmware on a drive without running an executable on the machine it is attached to...

    But don't worry, "its just physics".
     
  24. duervo macrumors 68000

    duervo

    Joined:
    Feb 5, 2011
    #25
    I agree wholeheartedly. Always question everything, and never blindly trust anything that you read ... Including that article ... Especially on the Internet.

    I couldn't have said it better myself.
     

Share This Page