Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'Yontoo' Adware Trojan Targets Major Browsers on OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
so, basically this "harmless" Trojan is more of a nuisance than anything else.
No biggie... But its like any other ads Online.... The only difference here, is that you have to install something ....
Don't install just you don't know where it came from, solution solved.
No biggie... But its like any other ads Online.... The only difference here, is that you have to install something ....
Don't install just you don't know where it came from, solution solved.
Macs were never as secure as PCs? Where did you get that? It's just that PCs get so much malware that people don't really care abut reporting right now. Mac viruses has only just increased substantially so it's news.
Not necessarily stupid
I've been wondering what this was and have had it for a couple of weeks. Looks like it came free with the latest extension update to Chrome flash video downloader extension.
Having removed the extension it's stopped but I've had the extension a while and this is new behaviour for it. It didn't require an admin password to take on this property so it's hard to say it's just stupid people who don't think get this.
Thankfully it's not an OS exploit, just a browser one and at a low level at that. No biggie and easily disabled.
I've been wondering what this was and have had it for a couple of weeks. Looks like it came free with the latest extension update to Chrome flash video downloader extension.
Having removed the extension it's stopped but I've had the extension a while and this is new behaviour for it. It didn't require an admin password to take on this property so it's hard to say it's just stupid people who don't think get this.
Thankfully it's not an OS exploit, just a browser one and at a low level at that. No biggie and easily disabled.
When you understand what it takes to write an exploit for an operating system, I'll consider you informed enough to pass judgement on the topic, but until then, you don't know what you are talking about.
I'll ask again in this thread, as I have in others, what features does OSX include in the OS that make it less vulnerable to attacks than windows? Do tell!
Regardless of how "secure" people may reckon OS X is, its not...... Many will you Gatekeepeer as a form of saying, "its secure" "yes, but it can be disabled". its just theirs a bigger market of users in the Windows world.....
You can say us Mac users need a Password, but so does Windows... not a password, you you must answer UAC before you install anything, (unless you disable this)...something you also do do as "root" on Mac anyway, so there is really no security at all one prevents that the other doesn't. Its just no hacker will pay Apple's prices just to hack a Mac.....
There are some, but most would get a PC, and would hack a PC, since they will get more 'enjoyment' from it.
I have used Windows 7 in VM for years on Mac with no A/V, and never had malware at all..... I'm no super king
.... I'm just know where to go.Fix this (users blame), and you've just solved 99% of everything..
Little Snitch works great. Even if I got real dumb one day and installed "Twit Tube", Little Snitch would alert me the first time it tried to connect to an outside server. "Twit Tube wants to connect to the server xxx" Allow? Yes, No. Well it's a tough decision but I'll say no.
Great tip. I used to have something like Little Snitch in the past, but when I installed ML I never installed it back. I'm always alert, but must not lower my guard.
ah yes... Little Snitch.... Something that should be in every Mac's toolkit of utilities.
Its certainly in mine. (Also useful when the mind gets old) :/
(strange how when someone explains anything security related regarding Mac and Window, you always get some post saying "the Windows fanboys" Funny how that happens .....
)
It's just like in real life...
A virus propagates on its own, via email, open ports and other vulnerable areas.
A Trojan (like the Trojan Horse) is more of a malware disguised as good app to fool the user into installing it.
This malware is just an annoying tracker that would hijack your browser to inject its own links to the website you are visiting.
I remember seeing this Trojan in Windows years ago. The name Yontoo rings a bell.
Mac OS X has always been more secure than Windows.
The following provides more information about this topic:
But, Macs aren't completely immune from all attacks. Java applets are only protected by the Java sandbox which is independent of the protections provided by OS X. Luckily, the default security setting of Java have been increased and Apple is diligent to blacklist vulnerable versions of Java via XProtect, which is included in OS X, when security threats arise.
Also, the robust discretionary access controls in OS X mitigate the usefulness of Java attacks at least in mainstream malware, such as malware that targets protected data entry to steal banking credentials, so the typical consumer isn't at risk. These types of exploits against Macs only target specific individuals who work for companies that have valuable intellectual property.
Last edited:
very little of that actually addresses technical design of secure operating systems, and half of it craps on windows xp. It's fairly mac-centric seeing as it doesn't call out Apple taking forever to actually implement ASLR anyway.
What's the point of talking about actually security design if you are going to complain about old windows news, but not complain about much more recent failings on Apple's behalf? Then you say windows sucks because there are some chances for DEP vulnerabilities but OSX is ok because there aren't a lot of 32 bit applications?
Windows is bad because it doesn't require a password but OSX is good because it prompts you to make one (even though it doesn't require it either)?
When will people admit that hackers don't bother to tear OSX up because there is very little financial incentive to do so, legitimately or otherwise?
The exception handling is complete ******** because it doesn't even begin to address how OSX handles exceptions and what about it is more secure than windows. If anything it reflects the nature that no one knows **** about OSX because there is very little money in doing so, otherwise he could've provided just as many articles on how OSX exception handling.
All you are demonstrating is that OSX generally receives much less attention
What's the point of talking about actually security design if you are going to complain about old windows news, but not complain about much more recent failings on Apple's behalf? Then you say windows sucks because there are some chances for DEP vulnerabilities but OSX is ok because there aren't a lot of 32 bit applications?
Windows is bad because it doesn't require a password but OSX is good because it prompts you to make one (even though it doesn't require it either)?
When will people admit that hackers don't bother to tear OSX up because there is very little financial incentive to do so, legitimately or otherwise?
The exception handling is complete ******** because it doesn't even begin to address how OSX handles exceptions and what about it is more secure than windows. If anything it reflects the nature that no one knows **** about OSX because there is very little money in doing so, otherwise he could've provided just as many articles on how OSX exception handling.
All you are demonstrating is that OSX generally receives much less attention
It looks at all more recent versions of both operating systems.
DEP without ASLR is useless. ASLR without PIE is useless. So, DEP without PIE is useless. Windows doesn't have PIE. This is why Windows 8 is still hacked at pwn2own but Mac OS X L/ML are not compromised.
The runtime security mitigations of 32 bit processes are defeated by brute force if an exploitable vulnerability is present regardless of the quality of the mitigations. This means 32 bit is no longer reliably secure. More recent version of OS X are only 64 bit and very few OS X applications are 32 bit. MS still releases fully 32 bit versions of Windows 8.
Also, read #11. It explains how canaries are a more effective mitigation than ASLR. Canaries are not dependent on other mitigations to function properly. It makes more sense to properly implement the more effective mitigation first.
Many functions, including Sudo, in OS X are not available unless a password is used. http://support.apple.com/kb/HT4103
The terminal functions that could be leveraged by malware to compromise protected storage in OS X require Sudo, which isn't available if no password is set.
Marketshare is a myth. Several analogous examples to the Mac OS X / Windows relationship show this to be true. One example is the interaction between iOS / Android.
Until sometime in 2010, iOS had way more marketshare than Android but Android still has more malware than iOS. iOS, given its current marketshare, should actually have malware in the wild if the marketshare argument were valid but iOS doesn't have any malware.
Exception handling in Mac OS X and Linux uses predefined system calls. Read #6 and #7.
Ya, because it is much more difficult to produce profitable malware that targets OS X.
Last edited:
All that stuff isn't valuable information for most. I mean seriously, who cares about all that crap?
The technicalities matter less than the fact as (you pointed out), OS X isn't foolproof and it's still vulnerable through other means and that all users whether you're a Windows user or OS X user, should learn at least some of the basic risks and mitigation measures to lower your overall risk from malware.
I prefer using an operating system that is far less likely to be compromised in a way that doesn't involve user error.
Windows is far more likely to be compromised even if the user is among the most security conscious because Windows runtime security mitigations have been defeated and Windows contains far more exploitable vulnerabilities.
If that's the case why use OS X then? There's other OS's that have a cleaner track record if you're mostly concerned about an OS's track record on compromises.
Besides the term "compromise" is general and vague. You seem to think that just because something "can be" defeated, you confuse it with "it will be". Just because a security firm found a vulnerability, doesn't necessarily mean it's public knowledge.
Stuxnet, Duqu, TDL-4, etc, etc, ....
Windows is exploited via bypassing runtime security mitigations in the wild.
Of the mainstream operating systems, OS X has a comparably clean record especially in relation to privilege escalation vulnerabilities.
For example, Linux doesn't have as secure IPC as Mac OS X. This causes Linux to have more privilege escalation vulnerabilities than OS X.
But, I would use Linux if I didn't use OS X.
You're missing the whole point of my previous post. So what if Windows "can be" affected by TDL-4, it's doesn't mean a Windows user "will be affected by TDL-4". TDL-4 can be countered easily and machines rendered immune to it with a simple change from a traditional BIOS implementation to UEFI assuming the computer supports that function.
It's the same argument for OS X and viruses. For example while someone could easily state that there "are" viruses for OS X (perhaps in private testing), none actually exist in the wild so in the end it doesn't mean anything to the end user because the user is currently not at any risk despite the actual "existence" of it.
You're still not getting point about how an exploit found doesn't necessarily equate to exploit implemented in the wild.
It's not that I'm not getting the point you're trying to make.
It's because the point you're making is mutually compatible with the point I have demonstrated.
That point being that an operating system that has more exploitable vulnerabilities will be exploited more in the wild.
You're definitely not getting what I said because you're saying the contrary of my posts.
I think you're just hatemongering Windows by providing reasons involving exploitation to justify your comments. It's like saying humans are inferior animals because they can be killed 1000 different ways in the wild. That doesn't mean every human being will die and encounter those same, some or all of those 1000 factors during their lifetime.
There's no concrete proof that exploitation will occur if you use Windows because the data doesn't cover the likelihood of a Windows user being exploited. To dumb this down and make it simple, a grenade can kill you, me and any other human out there in the wild. Will you die from a grenade injury? Will I? Will many others you know of? What's the likelihood of you encountering this situation?
I'd counter and partially agree with your posts IF we're referring to the type of user that's involved in very unsafe, risky habits while using their computer(s), but that's like saying the most careless type of user is the most vulnerable to those exploits, but then we'd be saying nothing we don't already know.
Even OS X alone isn't adware/trojan proof otherwise there'd be no need for XProtect.
saying marketshare is a myth and pointing to iOS vs android as evidence is such a joke. The entire argument is disingenuous. it has more to do with the store and distribution model than anything else. you don't do anything to support the idea that the technical hurdles prevent profitability in terms of exploits per time spent when windows has the most seats.
if the only time you are going to get paid is at pwn2own, it doesn't help much to spend your time working osx over when you have an entire industry DEDICATED to finding windows exploits. Come on man. If you are really informed enough to understand any of the things you've provided then you should be clear on the fact that you computer isn't hacked because no one gives a ****, which is why it's so funny you list 3 military cyberweapons as evidence of windows vulnerability, when the reason windows is targeted is because it's the host for SCADA systems. i.e. iranian centrifuges don't run on OSX. So why the hell would the U.S. government write malware that targets OSX to control software OSX doesn't have?
The only way it would ever be profitable to focus on osx exploits was if OSX's insecurity was greater than the number of people that use windows, seeing as no one with a brain thinks that such a thing will happen, I don't think it serves as great support for the point you are trying to make
and seriously? no 32 bit apps in osx? go check your applications folder, dude. I have at least a dozen, I'm running 10.8.2
I'd generally agree with you if it weren't for the fact that something about your argument seems entirely disingenuous
if the only time you are going to get paid is at pwn2own, it doesn't help much to spend your time working osx over when you have an entire industry DEDICATED to finding windows exploits. Come on man. If you are really informed enough to understand any of the things you've provided then you should be clear on the fact that you computer isn't hacked because no one gives a ****, which is why it's so funny you list 3 military cyberweapons as evidence of windows vulnerability, when the reason windows is targeted is because it's the host for SCADA systems. i.e. iranian centrifuges don't run on OSX. So why the hell would the U.S. government write malware that targets OSX to control software OSX doesn't have?
The only way it would ever be profitable to focus on osx exploits was if OSX's insecurity was greater than the number of people that use windows, seeing as no one with a brain thinks that such a thing will happen, I don't think it serves as great support for the point you are trying to make
and seriously? no 32 bit apps in osx? go check your applications folder, dude. I have at least a dozen, I'm running 10.8.2
I'd generally agree with you if it weren't for the fact that something about your argument seems entirely disingenuous
Last edited:
It's times like this that I'm glad that OS X has XProtect.
Oh yeah. And I'm happy I also wield common sense.
It's all just common sense. Sadly, it's not the seasoned user who tends to get stung by this type of thing. The elderly and new users ( PC and Mac) are the people who get fooled.
It's greater than that of an OS X user.
Careless users typically fall victim to malware that relies on social engineering.
Gatekeeper also greatly reduces the likelihood of this type of malware.
Malware that relies on exploitation isn't impacted by "store and distribution model."
Androids insecure "store and distribution model" just make it easier to distribute more profitable malware that includes privilege escalation exploits.
A profitable size botnet is only a small fraction of the size of the entire Mac market share. But, successful and profitable botnets only seem to exist targeting Windows.
The only relevant Mac botnet was Flashback, which only made its developers $14,000, and it didn't cause any financial loss to its victims but earned profit through ad-click fraud. Flashback didn't include a privilege escalation exploit. Factoring the costs to develop and deploy Flashback, it wasn't a success or profitable.
A variant of TDL-4 included the same privilege escalation exploit as found in Stuxnet and used that exploit after it became public but before it was patched by Microsoft. This variant used that privilege escalation exploit to bypass DAC to compromise protected data entry and storage to collect banking credentials. Victims incurred financial loss and it was much more profitable than Flashback. Cyberweapons trickle down to mainstream malware.
The only apps that matter in terms of exploits that bypass runtime security mitigations are those that receive direct remote input, such as the web browser, because only these types of apps are targeted by exploits that bypass runtime security mitigations. None of these apps are 32 bit on my system (10.8.3).
Last edited:
That doesn't mean anything because it could mean percentage or total number. You don't even know what "greater" actually comes out to in any tangible number or figure. You're just assuming it has to be greater because there are more Windows machines in operation than OS X.
Like I said, not limited to just Windows users. A Mac user isn't magically a better user than one using Windows.
There are several layers of security besides just the OS (for Windows) already in motion. Websites/search engines, user's ISP protection measures, browsers (and their plugins), choice of antimalware software, etc.
Besides Gatekeeper is a new implementation by Apple, which tells us that previous OS X versions (without Gatekeeper) wasn't exactly the malware-immune OS as once thought. In addition to that, Apple implemented XProtect which clearly proves OS X isn't malware-proof or as malware-resistant without it.
Last edited:
Right, feel free to pick and choose when I'm referring to malware in general or exploits in particular. That's a very honest approach! I surely wasn't referring to the 'malware market' in general. Furthermore, I don't know why you focus on an arbitrary distinction in key OS features vs more general failures in system design and how they relate to malware options. You say windows is bad because of privilege escalation control, but android has an app store that will install malware for you. so why do you pick and choose when it's relevant?
iOS has plenty of exploits available, so I don't know why you don't bring that up? The malware market targets android because of it's distribution model, to an extent, and it's obvious that you agree - so why do you say the marketplace is myth? It's all about the greatest number of opportunities, and that's rarely going to be an option with OSX. No, I don't think the very short time period that apple had a lead in mobile marketshare serves as good testimony to the design of the operating system considering that you could browse to a website to jailbreak your phone. Apparently all the hackers were going to learn objective c
it's the way the entire industry works - you go where the money is. your citation of flashback is my exact point. Even if you wanted to deploy malware that didn't require novel exploitation and time investment, it wouldn't be profitable BECAUSE IT RAN ON OSX. Really, what don't you get about that???
you are just deluding yourself into believing that the security precautions in osx are significant enough to act as a detriment when it's never even a factor because it would outright unprofitable unless osx was so completely insecure or windows somehow turned into openBSD.
You don't really seem to understand the point I'm making, because you never address it. The idea that stuxnet's exploit would break out into the wild isn't even relevant to what I'm saying, because the reason that exploit exists is beyond any commercial factor. To act like such an institution couldn't target OSX is laughable considering the number of political dissidents covering the cameras on their macbooks. Yes, it would be more difficult than windows, but once again that has very little to do with why hackers don't bother with OSX.
I don't get you - you clearly know what you are talking about but your argument is never completely honest.
Just like with 32 bit applications, I have at least 5 that take direct remote input, but yes none of them are safari (although it can run in 32 bit mode, but it's not windows so you wont bother to mention that). So why didn't you just say safari instead of making a pointless grandstand about 32 bit apps in general, which wasn't even true?