New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins

[batchtaster]

I have a question....

I work for Apple and WANT to install Mac Defender on my machine (external HD with OS X on it).

Anyone know where to find it? I am having a heck of a time finding it!

Search for "Mothers Day Poems" on Google Images. Command-click each result (into a new tab). One of them will eventually redirect to a poison website with a fake "scanner", and trigger a file download. The redirect will happen on its own, so you can close all the non-poison hits. You may have to go through 30 or 40 results. Caveat emptor.

P.S. While you're doing that, feel free to report blogspot.com pages which pretend to have a "sexy girl" in your area wanting to talk to you. Hit the Report Blog button in the top of the toolbar.

 

[maclaptop]

I'm amazed people are still stupid enough to manually download and run this considering all the press coverage it has received.

I'm not.

Apple has made such a big deal about never having to worry about viruses/worms/malware et al, that the general computer using public thinks there's nothing wrong with clicking on whatever is of interest to them.

The slogan "It Just Works" has become an irrelevant statement.

Therefore now that the white hot spotlight of success is trained on Apple, there is incentive for hackers that simply didn't exist a few years ago.

Steve & Company are extremely bright and very clever. He saw this coming, I believe it's one of many reasons they are integrating iOS with OS X.

The next step is to phase out OS X, or limit it to only Apples most expensive machines like the Mac Pro.

The rest will be dumbed down and locked down so tight any idiot can play and not screw it up. Notice I said "play" that's because that's all the thing will be good for.

Then Apple will dredge up the old slogan again. Just push a button and presto it's running like any good appliance does.

The label on the side will say "not dishwasher or microwave safe" LOL

 

[Lord Appleseed]

i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Truth has been spoken.

Yeah I might have misunderstood that then. I guess most people here agree that MS should change something...

 

[iWinning]

There is no technical hole to fix. It's a social hole. "Open safe files" or no-"open safe files", people are being socially engineered into stepping through the installer.

And if you look at the videos you see how Microsoft fixed the social engineering part.

 

[djrod]

Is this only affecting US macs?

 

[thunderclap]

Suddenly, when I have an opinion against Apple, I am wrong? I think, they are not as serious about security as Microsoft are. Simple.

That's how it works here. Didn't you get the memo?

 

[sillypooh]

Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw!

 

[batchtaster]

And if you look at the videos you see how Microsoft fixed the social engineering part.

Precisely. My point exactly.

 

[iWinning]

Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw!

Iknowright.

Its so funny seeing how the company that people here worship cant even patch this correctly.

 

[GFLPraxis]

I don't think there is anything to be amazed about, I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

But that also means there will be a lot of users downloading and installing this..

I think it's the same reaction mechanics get when they get someone who shows up who has never changed the oil on their car or refilled the coolant and then wonders why the check engine light is on.

It's a sort of resigned amazement.

 

[AidenShaw]

i think you took him too literally. rather, MS should move to an alternate system other than the registry. the fact that you had to keep going back to the registry to try and get something to work should be evidence enough that there's something borked about the registry system in the first place.

Is it better to keep editing configuration files, if you can find them?

By the way, in regards to malware you should read up on the virtualized registry and virtualized filesystem in current Windows system. Some of your comments are not applicable to the current version of Windows.

 

[ratsg]

I think most Mac users are not very computer savvy, which is why they chose Mac OS in the first place, OSX has always been very user friendly.. Which is a good thing..

popular email tagline - Mac OS X - because making UNIX user friendly was easier than fixing windows.

 

[blackburn]

Safari should never attempt to open *anything*. There are other ways like tiff overflow exploits that are more dangerous anyway.

Let's just hope that apple fixes it sooner than later. I would like to know how the mac os x firewall let's Ti device explorer open an port for "TI Navigator Hub" since I've setup it to on and to block everything.

 

[trunten]

edit: decided not to feed the troll

 

[Michaelgtrusa]

Not surprised.

 

[IngerMan]

I would bet whom ever it is, they are reading this thread and getting their rocks off MacDefender, go back to your porn

 

[elgrecomac]

And you are a newbie?

I may be a late comer but I do have a life like most others and haven't been able to get an account and chat with you all.

I am 39 years old; that does not mean I am new to Apple or their products.

Suddenly, when I have an opinion against Apple, I am wrong? I think, they are not as serious about security as Microsoft are. Simple.

I maybe wrong, but that's how I feel.

Welcome to MACRUMORS...where our first rule is, if you speak poorly of all things JOBS, then you will get flamed.

 

[iWinning]

I would bet whom ever it is, they are reading this thread and getting their rocks off MacDefender, go back to your porn

Hes actually probably still laughing his ass off after getting a new version out only 8 hours after the security patch release. Apple needs something better than strict anti-malware definitions.

 

[nixonhead]

People should install applications only from App Store. This is easier + more secure.

 

[MacPhilosopher]

Props to those guys beating Apple at this.

As much as you can hate windows, MS has been very serious about security on Windows with a much tighter security system in Windows 7. Not saying that they had already not needed that, but they have been very careful and have come strong on viruses and malware.

Apple, you need to tighten up here.

Did you just give props to the malware designers? That's taking trolling to a new low.

 

[Sodner]

Seriously? A name change evades Apple's detection tools? I'm sure there's more to that... However, it looks like Apple's detection mechanism is very loose. 8 hours and already a new strand?? Waw!

Down right embarrassing for Apple.

 

[Demigod Mac]

I'm surprised the police cannot track the perps in this case considering the credit card info taken from its victims, then again there might be a huge well funded organization behind most kinds of phishing and malware.

In all likelihood, the police in Russia/Eastern Europe/China/India are receiving a cut of the profit from the malware authors.

 

[AlligatorBloodz]

This game of Cat and Mouse will end rather quickly when the Lion shows up...

 

[0815]

People should install applications only from App Store. This is easier + more secure.

WRONG - people should 'cancel' any installer that pops up unexpected. Simple rule: if you didn't initiate the install, don't install.

 

[snberk103]

My thinking is that now Apple has addressed this particular malware, it will soon (matter of weeks) fade away.

I don't know why it took Apple as long as it did to roll out the MacDefender defense, but... now that it's been released they can updated the signature quickly.

So, over the next couple of weeks all the vulnerable Macs are updated with this security update. Over the same time period the malware authors change the package to avoid detection. To be effective they need to change the package, and seed the new package to their poisoned websites. Then they have to wait for an unpatched Mac to happen on the poisoned link.

However, Apple is now updating all the of patched Macs daily, and each day their are more Macs patched. The window of opportunity for being infected is the time between Apple updates - about 24 hours for the package change and then the seeding. How many Macs are going to hit the poisoned link in that window?

I suspect that at some point the returns will not justify the work necessary. At the moment they've got a fairly clear field. Soon, their really going to have to work for the payoff.