Video of Mac Defender Malware Installation

[MacRumors]

ZDNet's coverage of the latest Mac Developer malware includes a full video of what it looks like to get infected by Mac Defender:

But even with Apple's protection, it's a confusing mess of windows and dialog boxes that could leave the user uncertain what to trust.


Article Link: Video of Mac Defender Malware Installation

 

[David Ormesher]

I haven't been paying THAT close attention to this story, but I didn't realize that you had to be completely naive and gullible (no offense to any reading this that fell for it) to get nailed. I thought it happened more in the background. It looks like you pretty much have to open up the door to your computer and invite the hacker in and offer him or her a beer.

Am I understanding this right? You have to fairly pro-actively install this on your computer, it doesn't happen behind the scenes like Microshaft products do?

 

[Eddyisgreat]

Am I understanding this right? You have to fairly pro-actively install this on your computer, it doesn't happen behind the scenes like Microshaft products do?

Yes. The user has to explicitly install this trojan onto their machine.

Also yes, this is nothing like say windows viruses that use actual exploits in the OS to deliver the payload and spread through the network. Such attacks require no user intervention and the best Anti-virus, even those with decent heuristics won't be privy to pick them up. A properly configured firewall and removal of all non essential services may slow or prevent the infection on hosts.

 

[caspersoong]

But this is still quite worrisome for senior citizens. I would've thought that Apple can really make it clear enough to dispel my fear but it doesn't seem so from the video.

 

[sketdansu]

wow

i am at awe at how stupid and computer illiterate you have to be to fall for this...

 

[David Ormesher]

i am at awe at how stupid and computer illiterate you have to be to fall for this...

I'm fairly certain that 90% of the active users of this site wouldn't fall for this crap. I thought this was something new to actually be concerned about, but it isn't.

However, the fact that they're playing cat and mouse with Apple now is just funny and kind of news worthy. LOL

 

[bmburton13]

Good thing I use Firefox

 

[DanMan93]

How to clean up the mess...

To cut down the clutter and confusion why don't they do what UAC does where everything except the notification blacks out so you know you are supposed to be looking at that dialog box, and then when the user clicks on "move file to trash" have it automatically close all Safari windows so the user isn't tempted to click on anything else on that website.

As an added measure Safari could also take note of the site that the download was on, report it and give you a warning the next time you try to visit that site.

What do you guys think, what else could they do?

 

[coder12]

Huh, so that's what it looks like. Thanks for the video, MR! I was honestly curious to see how it worked

 

[spillproof]

I like how the first pop-up box said "PC."

 

[Conner36]

cmd-I

What happens when you show files in the installer?

 

[the Rebel]

To cut down the clutter and confusion why don't they do what UAC does where everything except the notification blacks out so you know you are supposed to be looking at that dialog box, and then when the user clicks on "move file to trash" have it automatically close all Safari windows so the user isn't tempted to click on anything else on that website.

I would be EXTREMELY LIVID if Apple arbitrarily decided to close all of my Safari windows simply because I randomly encountered a stupid hack social engineering trojan. (FYI, at this particular instant I have over 50 active web page tabs open in 14 Safari windows and this has been a slow night.)

As for the mimicking the MS UAC behavior, bringing attention to the dialog box is one thing, but I certainly do not want the OS to force me to deal with the dialog in lieu of whatever else I might want to do; this is a multitasking environment after all.

As an added measure Safari could also take note of the site that the download was on, report it and give you a warning the next time you try to visit that site.

From what I have seen, this particular malware is not linked to specific URLs. If it were, then those websites could simply be blacklisted at higher level (ie Google Domain blacklist).

 

[DanMan93]

I would be EXTREMELY LIVID if Apple arbitrarily decided to close all of my Safari windows simply because I randomly encountered a stupid hack social engineering trojan. (FYI, at this particular instant I have over 50 active web page tabs open in 14 Safari windows and this has been a slow night.)

Well I guess closing all windows would be a bit extreme, but they could make use of Apples sandboxing technology and close just the tab that the download started in. That sounds a bit more reasonable, no?

 

[PCMacUser]

The way this malware installs is nearly identical to current Windows-based malware, which is frightening.

 

[Skika]

omg my computer is in danger and this program from apple security center wants to protect it, it all came from nowhere while i was browsing the web.

Seems legit!

 

[rajfantastic]

Really?!?!?

As Macenstein notes, it's easy to imagine someone getting tricked by the process.

You have to be kidding me...

 

[ikir]

Good thing I use Firefox

You don't need FireFox (btw Safari/Webkit is better), you just need a brain, a thing most computer users (Mac, PC and anything else) don't have nowdays.

Macs are secure, but there is not way to protect users from their own stupidity.

 

[NightFox]

I'm fairly certain that 90% of the active users of this site wouldn't fall for this crap. I thought this was something new to actually be concerned about, but it isn't.

But if I can also offer a ballpark statistic: 90% of Mac users do not have the technical know-how of active users of this site.

Remember, Mac's have for so long been marketed as computers for people who don't want to have to learn about the technology to use them - your parents, your partner, your children, your friends.

 

[0815]

Wow ... they even produce now videos how to install malware on a mac - this shows how special and rare this kind of thing is (and how involved the user is in the installation) ... When was the last time a 'How to install malware on Windows' video was produced?

 

[roadbloc]

I posted this post in another thread, but I think it suits here as well. This is just my opinion.

We are currently witnessing some real effort of malware designers for Macs. And I think the whole big "hoo-har" over the Mac Defender all spans down to the fact that if it was a Windows malware program for Windows, the user's antivirus would have picked it up and nothing more would have been said. Unfortunately, OS X systems rarely have anti-viruses installed on them, and the Mac Defender was able to slip through OS X's rather dire malware detecting system and infect systems.

As much as I hate to admit it (I always love saying smugly that Macs don't get viruses to my Windows using friends,) we are seeing a large interest in OS X and malware. Even Apple are panicking slightly, hence the quick update enhancing OS X's malware detecting system. What we have now, essentially, is an Antivirus integrated in the OS. I think we will be seeing a lot more of this malware for OS X in the future. It's happened. This is what I'd call widespread, and I don't think it's going to stop anytime soon.

Apple now have a choice. Admit that OS X isn't as squeaky clean as they like to, or lock down OS X like iOS (but run the risk of upsetting a lot of X users.)

DISCLAIMER: By virus, I mean all types of malware. I know OS X cannot get a true virus, but such occurrence is also rare on Windows now. I was using virus in the generic sense, like a layman would.

 

[nastymrx]

Them mother f@@@@ *******s. O in the good ol days we would send Clint Eastwood and Lee Van Cleef after the bastards, and Eli Wallach would act as bait.
All malware and virus makers should rest on boot hill.

 

[marcbolh]

Apple has recently release a software update that addresses at least some variants of Mac Defender, but users should be cautious as new versions seem to be popping up already.

Thanks for the update!

See below for the Apple knowledge base article and download information for the Mac OS update.
http://support.apple.com/kb/HT4657

Best,
Marc

 

[milo]

Wow, you have to hit INSTALL to get infected? From how it was reported, it sounded like it was some sort of automatic thing. Sure, it doesn't require a password to install, but after seeing this I'd say you really DO need to be an idiot to install this.

This isn't a virus or anything close to it, it's much more like a phishing email where the user is foolish enough to hand over the keys. It's great that Apple is putting in protection for this, but these sorts of threats will always be around and the solution is for people to have the common sense to not click INSTALL on an app that they didn't ask to download and that they've never heard of.

Honestly, seeing this video makes me feel like macs are MORE secure.

Although Apple could make the warning/remove interface less confusing. I'd almost say they should just block it automatically instead of giving the user a choice, and block the website as well.

 

[Eddyisgreat]

Unfortunately, OS X systems rarely have anti-viruses installed on them, and the Mac Defender was able to slip through OS X's rather dire malware detecting system and infect systems.

Protip: No anti-malware package on Windows, Mac, Linux or whatever can detect a virus for which they don't have signatures for. XProtect was updated to detect the A variant of the trojan as well as auto update itself, (then the B variant was released) so the B variant may already be detected by XProtect.

 

[Jolly Jimmy]

Entertaining videos. The flashing lights are laughable .