Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
As I understand it, Safari will open the zip file since it's a "safe" download. But that doesn't mean it'll execute the code within that zip file, so how is this malware executing without user permission?

malware doesn't execute without user permission.

it relies on tricking the user into giving it permission to run, striking at what is typically the weakest link in any computer's security: the user.

any argument that XX isn't a threat, because it requires users to take an action in order to be truly dangerous, is a flawed argument, because in general, users are stupid, or at the very least, careless.
 
Hate to break it to you, but it's someone at Apple that flagged "Zip files" as safe for Safari to open ;)

That guy needs his head examined.

So very true, zip files have been carriers for malware and viruses for years.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_7 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E303 Safari/6533.18.5)

So much for apple computers not getting viruses
 
So make it unsafe, it's not a rocket science, cowboy.

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_7 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E303 Safari/6533.18.5)

So much for apple computers not getting viruses

Educate yourself and find the difference between malware like this one and a virus.
 
Last edited by a moderator:
I am not concerned with malware that requires user intervention and a few clicks to install things. I am more concerned with malware that installs silently without you seeing any pop-ups or stuff like that.

Kind of like those pwn2own contests I think are over-rated. "Pwn" my machine without me having to click anything, visit any website or anything. I'll just boot my machine, leave it at the login screen and let you do your thing. You can't touch it physically, just find a way in.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_7 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E303 Safari/6533.18.5)

So much for apple computers not getting viruses

Yes so much. Because Malware can copy itself and infect a computer. :rolleyes:

Hate to break it to you, but it's someone at Apple that flagged "Zip files" as safe for Safari to open ;)

That guy needs his head examined.

Well we need to study the context of the Zip file first to see if its a malicious candidate. ;)
 
Hate to break it to you, but it's someone at Apple that flagged "Zip files" as safe for Safari to open ;)

That guy needs his head examined.

That's very true and has a lot of potential.

But as far as I understand, the extracted .zip in finder returns a folder which contains all the files.

Ain't that true?

But even if that's not true and for a second we believe that the finder does not automatically extract .zip archives; what if a person himself opens a .zip archive to look for files?
There's a certain potential with that kind of behavior itself.
 
I went on a site that downloaded this a few days ago.

It opened up the installer, I simply closed the window. Its only a threat to those who proceed with the installed. Pressing the Red circle is not so hard.

You also need to remember, this software can only infect your user, not the system unless you give it your sudo password. If you can't remove it, just simply make a new user, move over the files you need and switch to that user. It will be clean of this "malware"

Unix Security FTW
 
I am not concerned with malware that requires user intervention and a few clicks to install things. I am more concerned with malware that installs silently without you seeing any pop-ups or stuff like that.

Kind of like those pwn2own contests I think are over-rated. "Pwn" my machine without me having to click anything, visit any website or anything. I'll just boot my machine, leave it at the login screen and let you do your thing. You can't touch it physically, just find a way in.

If it wants to infect the system fully, it can't do that silently, unless you have no password or a weak one set for your account.


Except this is not a virus. Some of you guys need a course on malware terminology. This is a trojan at best. Spyware at worst. Hardly a virus.


I would just call it scareware.
 
Any software for a Mac that says "MAC" in the title or in any documentation would already be suspect to me. Pretty much every person I have run across that thinks it is spelled in all caps as "MAC" has been a moron.
 
Please, enlighten us how "Unix Security" is protecting you here, more than it would on Windows ? I'd be delighted to hear your explanation.

A lot of people trumpet "Unix Security" without even understanding what it means.

It means magical freaken Unicorns! Apple should replace the padlock with this. Much more effective at getting the message across.

prototype_mercerunicorn-695x1024.jpg


(Yes you saw that correctly)
 
Mac OS X fanboys really need to stop clinging to the mentality that "viruses" don't exist for OS X and that "malware" is a Windows-only problem. Who cares if viruses don't exist for OS X? News flash: viruses aren't all that common on Windows anymore. They just aren't. Phishing, Spear Phishing, trojans, and social engineering are much more cost- and time-effective ways to breach a computer's security.

So no matter what you call "MACDefender," it's a problem. One that's not likely to be caught by a user who has been fed the Koolaid that malware is a Windows problem and that they don't need to be aware.
 
Any software for a Mac that says "MAC" in the title or in any documentation would already be suspect to me. Pretty much every person I have run across that thinks it is spelled in all caps as "MAC" has been a moron.

And just simply in general anti-virus software is useless on Mac, so why would anyone download and install any anti-virus, defender or scanner is above me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.