New 'MACDefender' Variant Installs Without Admin Password Requirement

[mdelvecchio]

I know most mac users seem to think windows just gets viruses for even looking at the net but that's not the case. You still have to authorize everything to install.

er, no.. thats the very basis of a virus -- a contaimenated machines doesnt have to authorize anything. this is very much true, and is how the CIA recently busted up Iran's Windows-based controller machines. the infection can be spread via USB, installed silently.

 

[MonkeySee....]

Old vs New from a Mac evangelist POV

Old:
Mac users are far more intelligent
Evangelize Apple to Windows users to show the light
Macs dont get "viruses" used as a catchall for malware
Macs users dont need to worry about malware
Mac users need to download malware and install it to get it
Macs need the password to be entered to install malware

New:
Mac users are falling victim to malware because idiotic Windows users switching
Macs still dont get "Viruses" (Does not apply to malware and trojans anymore)
Malware has been an issue previusly, is now, and will continue to be
Mac users still need to click a continue on a self downloading and opening installer
Macs dont need to enter the password to fall victim anymore to certain malware



*These do not necessarily reflect my views and opinions

What a load of crock. I'm a new Mac user and because i've been a windows for so long i'm overly cautious.

Its a joy not worrying about AV software and windows users are smart enough not to click on a dodgy link. Its the old school mac users that you should worry about as they have hardly come across this sort of attack.

/rant over.

 

[mdelvecchio]

Conficker was patched while Win7 was still in beta. Now it requires user authorization to install: http://techtoggle.com/2009/01/conficker-tricks-vista-and-windows-7-users/

Blaster was patched in 2003: http://support.microsoft.com/kb/826955
The only way to get it now is to authorize it.

Now yes, there was a time when both of those could infect windows without user intervention. Not anymore.

Now stuxnet is a different beast

...you missed the point. the question wasnt whether they are potent today,t he question is whether they required user auth to install when they were active. they did not, because they were...viruses. not trojans.

 

[Rodimus Prime]

Old vs New from a Mac evangelist POV

Old:
Mac users are far more intelligent
Evangelize Apple to Windows users to show the light
Macs dont get "viruses" used as a catchall for malware
Macs users dont need to worry about malware
Mac users need to download malware and install it to get it
Macs need the password to be entered to install malware

New:
Mac users are falling victim to malware because idiotic Windows users switching
Macs still dont get "Viruses" (Does not apply to malware and trojans anymore)
Malware has been an issue previusly, is now, and will continue to be
Mac users still need to click a continue on a self downloading and opening installer
Macs dont need to enter the password to fall victim anymore to certain malware



*These do not necessarily reflect my views and opinions

you missed one.
Windows gets tons of Viruses (all malware being viruses) They want it both ways.

 

[' r i S e n]

You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

How so?

 

[benpatient]

You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

I'm willing to bet that 70%+ of online use on OS X is done from an administrator account.

I know there probably isn't a way to just look and see from the outside, but an informal poll would almost certainly bear this out.

Even managed users are usually administrators if they work in a hybrid pc/mac environment because if they aren't a mobile managed admin user, they either have to let someone else install basically everything they ever need to use, which is a hassle for everyone, or they have to get two accounts set up, one of them being an admin user that's only logged in to for installing/changing things.

Every company I've worked for has either just let mac users roam freely, unconnected to the company servers/users, or they have done the mobile managed administrator user setup.

You can argue for "best practices" and so forth, but the reality is that 95% of windows users' problems would be negated if you followed the same restrictive limitations you are talking about.

People who own a computer don't want to be less than an administrator user, especially if that means they can't easily do things that other users can do.

 

[devilstrider]

Ok I don't have this virus but I only have 1 account on my MBP. But at the same time every time I got to install a app I have to put in my admin password. Am I safe from this auto install or should I make another account to run off?

 

[MonkeySee....]

Ok I don't have this virus but I only have 1 account on my MBP. But at the same time every time I got to install a app I have to put in my admin password. Am I safe from this auto install or should I make another account to run off?

Its not a virus and doesn't require any passwords. Just don't continue with it after it installs itself.

Its as easy as that apparently. Not sure why this thread has so many posts??

 

[devilstrider]

Its not a virus and doesn't require any passwords. Just don't continue with it after it installs itself.

Its as easy as that apparently. Not sure why this thread has so many posts??

Cool. I'm not new to PC's but I went mac last october and I have learned a ton from this site. I go to the same sites everyday so I guess that's why I never encountered it. My mac is for school and work.

 

[MadIvan]

Can't Apple sue them ?

Simple solution: Apple Ninjas.

OK, maybe I've read too much William Gibson.

 

[MacTheSpoon]

Wow, so strange to see this sort of outbreak on the Mac platform...

 

[MagnusVonMagnum]

ZZZZZZzzzzzzzz

Scrolling through your post, the message is that fanboys as you call them do not do something you deem intelligent people do so fanboys must not be intelligent.

You said it, not me.

Seriously it shows right through your post how happy you are to FINALLY get a chance to suggest mac users will soon be spending the time and money you do combating malware. It isn't going to be an issue. Trust me.

If this is your attempt to prove what you said I think above, you're doing a good job. I have one PC (and 3 Macs/OSX machines) and spend no money combating anything. AVG is free and it runs itself so I don't really spend any time doing anything either. Your attempt at an 'intelligent' post/response is not a very good one, IMO.

If you want to talk about intelligence and fighting malware, then I'd say intelligent people would get a mac. End of story.

And I would say that an intelligent person would get the computer that best suits their software needs or requirements and that is not always a Mac. I would say that a fanboy would always get a Mac even if it did not meet their needs or requirements. You appear to fit the latter of the two.

Even if malware were to come to the mac at the quantities seen in the windows world, there would still be a window of time without the need to waste energy and time on the subject. And likely the amount of malware on macs will never come close to that on windows. But to waste the opportunity to avoid just a few years time wasted fighting viruses is not very bright. So get yourself a mac. And then you won't feel the need to waste time sticking it to the mac crowd all the time either. Its a win-win situation for you.

Apparently you are incapable of even reading a signature or you would know I already own more than one Mac thus making your entire post both ridiculous and a waste of time. How ironic given your comments about wasting time.

 

[antmarobel]

I remember how I was scared when I had my first contact with a malware ( virus, trojan...I did not know then...it was a virus for me simply cause, everybody use the word "virus" to classify those Windows c...aps ). I was terrified watching my Windows XP acting like if it was in slow motion, all those IE opening right there, in front of me without any click ( how could it be possible?!!!!). I did not understand anything about system, or "malwares, virus, trojans etc, etc, etc,". The only thing I used to do was browse, chat and work. That was some years ago. Now I know a lot of things about Windows and Mac ( and virus, trojans and "malwares ). I have a XP installed in an old PC and it has no antivirus! But it took many years of suffering and pain till I learn how to deal with Windows and Mac. How many people has enough time ( or will ) to learn how Windows or Mac work? How many people in this planet knows that that link in his/her email, saying "click here to see our pictures" is, certainly, a virus?...

 

[munkery]

I must be psychic. LOL

I foretold it was possible that this malware didn't require password authentication to install before this became publicly known.

https://forums.macrumors.com/posts/12610900/

Told ya so!

Who knows? Maybe this will happen too.

Honestly, the installer could be modified to install the app in the applications folder located in a user's home folder, not present by default, to bypass the need for password authentication in standard accounts.

https://forums.macrumors.com/posts/12630056/

 

[longofest]

Nice moving the goalposts. Nobody is saying Macs are "malware free."

Umm... The poster I was replying to said: "the days of malware free macs are over".

So, yes, some were saying that macs were malware free.

 

[BLACKFRIDAY]

Name some viruses infecting Windows users right now.
The only one I can come up with is Stuxnet (Which has already been patched by Microsoft) which was a specifically targeted and incredibly sophisticated pace of software aimed at Iranian nuclear plants, most liekly created with the backing of a nations government. It otherwise did no damage.

Are you seriously claiming that there are more or less ZERO viruses for Windows?

Very few viruses on any platform.

The people doing this aren't ideals based, they just want cash.

To make cash you need Trojans...simple.

Wait till Zeus+backconnect comes to OSX (and it's coming).....

Not all of them. But some of them? Sure.
It's a way of business for them and these anti-virus software companies.

 

[munkery]

Honestly, given where MACDefender and it's variants are installed, this malware could be delivered as a payload of a browser exploit and installed without an installer.

There is malware that uses that method for Windows and there could be for OS X as well. This type of malware is limited by the fact that it is unable to install rootkits, such as keyloggers that are able to bypass user space security mechanisms to log protected passwords and some sensitive web form data. So, it must trick the user into giving up a credit card number.

Some users are tricked and others are not. This is true for all OSs. Often this type of malware relies on no exploitation at all so infections are solely the responsibility of the user. All OSs will always have this type of malware.

AV software does not provide 100% protection given that new malware will not be detected until a definition is produced and malware code can be masked from detection via obfuscation or bit flipping. Also, firewalls are not very successful at preventing browser exploitation if that is used as the method of installation. There is no good solution to this type of malware other than users applying safe computing practices.

But, all this doesn't negate the fact that Windows 7 is has a high incidence rate of privilege escalation vulnerabilities that allows the install of rootkits without user authentication.

http://www.secmaniac.com/january-2011/windows-uac-bypass-now-in-metasploit/

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Windows+7+win32k.sys

And, that scouring such website is a common practice with malware developers.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html

True, malware like MACDefender will become more prevalent for Mac. But, malware like Stuxnet will become more prevalent for Windows.

What is worse?

 

[wesleyh]

Just a simple question, but can an app delete files without administrator password? (in the user directory?)

 

[Azathoth]

The amount of false information going around that is factless and not correct is amazing to me.

First, be it Mac, Windows, or Unix doesn't matter at all. They are all just computers with hardware and an OS. You can exploit anything at anytime, it's just a matter of when. ...
Third, this one is just the most wide spread at this time on the Mac and it is changing. I HIGHLY recommend listening to shows like Security Now for more on this and other security news where you can get real facts from real security experts.

It's great to see someone writing something sensible and referring to the Security Now podcast - SG would be proud

I just hope my mother doesn't get bit by this malware, seeing how the lower vulnerability was one of the reasons I got her a MB...

I run Mandriva 2008.1 at work. I'm sure it has a bunch of unpatched vulnerabilities. It's also unlikely to get any malware or a virus, because who wants to do the research on the off chance that someone might still be running some odd flavour of linux?


----

MBP 15 matte

 

[munkery]

Just a simple question, but can an app delete files without administrator password? (in the user directory?)

Apps, such as malware, can delete files in the user directory without authentication in all OSs. This is why it is important to make sure to make backups at regular intervals.

Why do you ask? This not a common type of attack by itself.

Some rootkits for Windows, such as Kneber, deleted large portions of infected computers' data including system files to avoid having copies fall into the hands of security researchers after the malware was used to steal intellectual property from governments. But, this is not common in malware that targets consumers.

 

[Azathoth]

True, malware like MACDefender will become more prevalent for Mac. But, malware like Stuxnet will become more prevalent for Windows.

What is worse?

There are plenty of privilege escalation vulnerabilities in Linux / Unix (e.g. with CUPS etc), but they have not been exploited in the wild. Probably also a bunch in OS X, but the security patches that Apple release give little in the way of information (how's that for FUD)

Stuxnet was a spear-fishing attack. If the intended target had been using Macs then exploits would have been found on the OS X platform.

 

[Nuvi]

Can't Apple sue them ?

Sue who? Every malware maker? Apple just better include built-in proper virus scanner with Tiger.

 

[GenesisST]

You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.

I keep reminding this to a graphic designer friend of mine... I see a "told you so" in the near future...

 

[Smacky]

 

[MacMan86]

Sue who? Every malware maker? Apple just better include built-in proper virus scanner with Tiger.

I think they've stopped providing security updates for 10.4