not only is this trojan laughable, it's not very widespread. i have spent time actively looking for it and have yet to find it. so sad
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Video of Mac Defender Malware Installation
- Thread starter MacRumors
- Start date
- Sort by reaction score
Good thing I use Firefox
Why do people think that Firefox is immune to this? It is not.
The flaw is in the user.
Whether using Safari or Firefox, flawed users can easily install the MacDefender malware.
It's Inspiring
The ZDNet team has devoted more pixels to this relatively lame attack than to the 40,000 currently active malware exploits on the Windows platform. Thank God for them and Ed Bott, without which we'd still be in the cruel care of the megalomaniacal Apple. /sarcasm
However, they take this video, and that will only mean more variations on this devilish attack!
It's true, we should beware. Give a free iOS device to all those who can't understand the simple measures you have to use to defend yourself against this one.
The ZDNet team has devoted more pixels to this relatively lame attack than to the 40,000 currently active malware exploits on the Windows platform. Thank God for them and Ed Bott, without which we'd still be in the cruel care of the megalomaniacal Apple. /sarcasm
However, they take this video, and that will only mean more variations on this devilish attack!
It's true, we should beware. Give a free iOS device to all those who can't understand the simple measures you have to use to defend yourself against this one.
The Ed Bott Microsoft shill still does not mention the reality that Mac is safer despite of this trojan scam.
Because Firefox won't automatically open and launch the thing, making it look "official" or as part of the OS to non-savvy users. I haven't heard of anyone using Firefox being duped by this, because the user would have to go into the downloads folder, find something they don't recognize, and open it just to get to the point where Safari users who have "open safe downloads" enabled would be.
Overall you are right though, this all on the user.
Actually that is not strictly true. There are certain traits that many of these virus/malware programs have in common and anti-virus vendors have gotten quite good at looking for certain footprints that these have in common and are able to warn you of a possible attack even if they don't have a specific signature for them. These are commonly called "heuristic" methods of detection.
Yes, you're understanding it right. As is the case with 100% of all Mac OS X malware that exists in the wild (which is only a handful of trojans), nothing can infect your Mac unless you deliberately, intentionally, actively install it.
That makes no difference, since this lame threat is not browser-specific.Good thing I use Firefox
Antivirus software isn't required to defeat this threat. It can be easily thwarted by an informed, careful user.
False. Mac OS X is not immune to viruses. There just aren't any in the wild.
This is the case with all malware that exists in the wild. None of it can affect Mac OS X unless the user actively installs it.
To think, everyone freaked out over this. This has been going on for a few years now, and each time a news article pops up about it, the "Macs better watch out now!", "the Macs aren't so safe now!", "Look who's got viruses now!". It's a bunch of hype.
Quite amusing and annoying at the same time.
Move along folks, this ain't nothing new yet.
Quite amusing and annoying at the same time.
Move along folks, this ain't nothing new yet.
I still would not like it (there is always the case of false positives), I would find it confusing if webpages get closed automatically.
(But then what I prefer might not be what would be best for those people who would fall for this.)
Well, it took Apple only about a week to respond (and from now on only 24 h, the same interval in which Windows anti-virus apps are updated).
And Apple basically now has committed to offer a built-in antivirus app in OS X (Snow Leopard and up) by introducing this daily check. So, assuming Apple is as good as the existing antivirus vendors, Macs are at no disadvantage.
It's bit like somebody knocking at your window while you look out, flashing a fantasy badge (or declaring the landlord is sending him) and saying he is an anti-burglary expert and you need better window locks and he will install them for you.
And when you let him install them, he naturally keeps an extra key for himself to easily burgle your house later.
-----------
Comment: Sorry about the consecutive posts, when there is high posting rate, you want to get out your answer as fast as possible (as you, eg, want to correct or expand on a statement you consider incorrect or incomplete as fast as possible). And it takes some time to read through all posts in a thread, so you post as come across something worthy of a reply. And if there really is a high posting rate, these posts won't show up as consecutive posts. But you only know that after the fact. But I agree, after finishing replying one should check whether ones' posts are too consecutive and merge them (but this time I honestly got interrupted by a long phone call).
Last edited:
Depending upon your preference settings, Firefox might automatically "open and launch the thing."
Personally I do not think it looks even remotely official in Safari, but I am curious about why you think it looks less official in Firefox.
Reference the following attachments :
Attachments
I did a WHOIS lookup and one of the server's IP addresses used originated in Germany.
IP address: 78.159.102.196
It wont do any harm if you try going to just this IP address (FYI).
Registered to:
125 Rampart Way
Suite 300
Denver
CO
80230
US
Phone: +1.7202492374
I am guessing the creators are smart enough to mask their location(s) and that they aren't anywhere near Germany or Colorado...
Another: 91.213.117.213
Kiev, Ukraine
IP address: 78.159.102.196
It wont do any harm if you try going to just this IP address (FYI).
Registered to:
125 Rampart Way
Suite 300
Denver
CO
80230
US
Phone: +1.7202492374
I am guessing the creators are smart enough to mask their location(s) and that they aren't anywhere near Germany or Colorado...
Another: 91.213.117.213
Kiev, Ukraine
Last edited:
That's the address of Protected Domain Services, which handles private website registration. They don't own the site. Instead, the owners of the site register through them, to keep their identity private.
I agreed with you up to that disclaimer of yours. I could call a cow a sheep and put a disclaimer that says "all mentionings of sheep are in fact cows", but that wouldn't change the fact I'm using the wrong word. Although, I don't even see you using virus to mean malware anywhere so...
EDIT: Oh, there's one.
Last edited:
I wonder who paid for MacDefender...
Was it Norton? Or McAfee? Or Avast?
If I were the suspicious type, I'd suspect that the anti-virus vendors have an interest in maximizing the number of viruses and phishing attacks. Just a thought.
Oh, and it might seem just a little too convenient that MacDefender hit the news right before Avast announced their app. Coincidence?
Was it Norton? Or McAfee? Or Avast?
If I were the suspicious type, I'd suspect that the anti-virus vendors have an interest in maximizing the number of viruses and phishing attacks. Just a thought.
Oh, and it might seem just a little too convenient that MacDefender hit the news right before Avast announced their app. Coincidence?
Amen. It reminds me of some cheap thing one would have made back in the day using geocities or something. These people didn't even try to emulate the style of Apple. (Like cut and past apple graphics and logos to make it look legit.)
It has all the grand elegance of one of those "congratulations! you just won a free i-Pad click here" scams. The people who were dumb enough to download list are probably checking the post every day for that free ipad that never came too.
I had to work to find the Macdefender download, so I'd be really surprised if the average user would just stumble across it. There are a few interesting things I noticed. The sidebar of the macdefender window and what's actually on my computer don't match up; although a casual user might not notice this. The Apple security alert window that popped up is missing the yellow "!" icon, and there are no "cancel" or "remove all" buttons. (I have "open safe files" turned off in the preferences, so maybe this affect this dialog.)
As long as I lingered on the website, the MacProtector.mpkg.zip file downloaded continually. I ended up with six copies. None attempted to install automatically.
Of course there are lots of flashing lights and blinking words on the so it must be serious, right?
As long as I lingered on the website, the MacProtector.mpkg.zip file downloaded continually. I ended up with six copies. None attempted to install automatically.
Of course there are lots of flashing lights and blinking words on the so it must be serious, right?
Attachments
+1 I am not usually one for conspiricy theories but with the lows some of these companies are willing to go to to make a dollar... you might be on to something.
Imagine you were an employee of one of these companies. What do you think how much would Apple pay you for that information? Anybody or any company that has money in the bank that is accessible by US courts wouldn't dare pulling a stunt like that.
Thanks for the video's, OP. Apple's pop up warnings do seem like they could have been done a little better. It's just a mess of windows and flashing lights going off. I can easily see why a non-savy user (Which is most of my family members) could fall for this.
You can expand that beyond computer users to most people, period. It's shocking how intelligence has gone downhill in all walks of life.
I've seen this kind of "Apple security center" page once this week when surfing the Web using Google Chrome. It didn't start to install anything as far as I know, but it was difficult to close Google Chrome and Mac after seeing this kind of page. I didn't press any buttons, but I got scared of course.