Forgot your password?
typodupeerror
OS X Security Apple

OS X Crimeware Kit Emerges 202

Posted by Soulskill
from the probably-just-holding-it-wrong dept.
Trailrunner7 writes "Crimeware kits have become a ubiquitous part of the malware scene in the last few years, but they have mainly been confined to the Windows platform. Now, reports are surfacing that the first such kit targeting Apple's Mac OS X operating system has appeared. The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that's quite similar to the Zeus construction and has the ability to steal forms from Firefox." Mac users are also being targeted by a new piece of scareware called MAC Defender.
This discussion has been archived. No new comments can be posted.

OS X Crimeware Kit Emerges

Comments Filter:
  • by TaoPhoenix (980487) <TaoPhoenix@yahoo.com> on Monday May 02, 2011 @06:14PM (#36005056) Journal

    "It can't be! Macs don't get malware! Protect us, Steve J!"

    • by fuzzyfuzzyfungus (1223518) on Monday May 02, 2011 @06:22PM (#36005138) Journal
      Not to worry, my faithful, mandatory binary signing will be here soon enough.

      Sent from my iPad.
      • Re:Masses reaction (Score:5, Interesting)

        by melikamp (631205) on Monday May 02, 2011 @06:53PM (#36005454) Homepage Journal
        The funny thing about signing binaries, it only helps to authenticate the author and to defend against the random memory corruption. It does nothing at all for defending from things like local and remote exploits, which corrupt the memory intentionally by using bugs already present in the signed binaries.
        • by mellon (7048)

          This is true. The next step up from this is restricting what apps can access, which Apple does in iOS and to some degree Google does in Android. I don't see how they'd do this for every MacOS application, but there are plenty of MacOS applications they *could* do this for. It doesn't matter if your C compiler is vulnerable to a stack smash if there's no way for a network attacker to get to it.

          • Yeah, right. Because, thanks to the restrictions inside iOS, no exploit has ever been made against iPhones. No one has ever successfully jail-broken them~~
            Neither for the PlayStation 3 : as soon as Sony blocked the OtherOS, absolutely nobody found alternative way to get homebrew on the PS3~~

            DRM gives you only the illusion of security.

      • Re: (Score:2, Insightful)

        by mysidia (191772) *

        Not to worry, my faithful, mandatory binary signing will be here soon enough.

        Yes, worry. The "malware" binary will be validly signed; and in some way, not technically malware -- the malware will be part of the unsigned data payload loaded by the benign binary. The benign binary will be something like /usr/bin/python, and may be shipped with the OS itself... (how much higher a level of trust can you get for a binary?)

        • by mwvdlee (775178)

          So just like IOS, you won't be able to install any application that lets you create or run unpaid^wunsafe code.

      • Re:Masses reaction (Score:5, Insightful)

        by cybermage (112274) on Monday May 02, 2011 @07:34PM (#36005878) Homepage Journal

        Of course, Faust's deal with the devil was signed too.

    • Re:Masses reaction (Score:5, Interesting)

      by jo_ham (604554) <joham999@@@gmail...com> on Monday May 02, 2011 @06:36PM (#36005278)

      Not wanting to go for a cheap "FTFY", I'll just say that the reaction of everyone imitating a Mac user's reaction will be yours.

      The rest of us actual Mac users carry on as normal, just like the Linux users.

      Interestingly, does this count as the 44th malware threat on OS X (based on a cited post from the AV thread yesterday that said there are 43 threats over the life of OS X), or does it count as more than one, since it's a tool kit. Is a swiss army knife one tool or several? :p

      • Actually I was playing off quotes about 2-3 stories ago "Mac doesn't need anti-virus" where slahdot users were promoting that very idea.

      • Re:Masses reaction (Score:5, Insightful)

        by hairyfeet (841228) <{bassbeast1968} {at} {gmail.com}> on Monday May 02, 2011 @08:46PM (#36006414) Journal

        Actually, and I'll probably get flamed for saying this, you'd be surprised how many have bought the "you just can't infect a Mac!" meme. I got called into an SMB a few years back, where the guy instead of listening to me and paying me to set up a sensible top to bottom least permission approach bought into the "can't infect a Mac!" meme and then was shocked! shocked I tell you, when he found out he got pwned thanks to one of his kids wanting to watch a naughty video and getting the DNS changer bug.

        You see the problem is something we that have been in the trenches for quite awhile (I started with Win 3.x, what was that? 20 years ago?) sadly run into far too often, it is what I like to call "magical thinking". it is the "If I use product X I won't have to change my habits or anything, and I'll be unhackable" bullshit. Hell I remember when firewall resellers were pushing the "if you have a firewall you are invisible and untouchable!" and it was bullshit then and it is bullshit now.

        NEWS FLASH...ALL OSes can be hacked, full stop. ALL OSes are extremely complex pieces of code, with interactions on top of interactions with third party code thrown in the mix just for shits and giggles. There is NO perfectly unhackable OS and if there was one that person could hire Bill Gates to shine his shoes. The last real legitimate gripe about Windows, the brain dead "hey lets run everyone as admin!" finally died hard with Vista, so frankly all OSes are on about the same footing, as in TFA it all comes down to what the malware writer thinks is profitable.

        Think OSX is immune? Read TFA. Think Linux can't be pwned? Look at the Android malware or the KDE screensaver malware that spread awhile back or even this handy how to guide [geekzone.co.nz] on writing Linux malware.

        The ONLY solution is a top to bottom least permissions approach, not magical thinking. Least permissions and users not being so brain dead they actively help the malware writer [msdn.com] is the ONLY solution.

        As a final note let me give a recent example. I set up a box, had it locked down nicely, required password for admin, least permissions, yet it got pwned in under 45 days. Did I miss something? Nope, the user decided he just had to have Limewire, even though I told him not to, so he disabled the antivirus because it wouldn't in his words "shut up" and then promptly gave permissions to Limewire to do whatever it wanted. And boy did it, 60+ pieces of malware.

        So in the end it doesn't matter what the OS, it doesn't matter what kind of permissions model you set up, if you have someone with admin rights that says "I want my emails from Melissa [wikipedia.org] and you WILL let me have them!" then no matter what OS, you're screwed. An OS is only as good as the PEBKAC sitting in front of it.

        • by DJRumpy (1345787)

          This isn't a hack. It asks for an admin password and then launches an installer, assuming you have Safari set to open 'safe' packages. It's another trojan, not a virus. I seriously doubt that anyone believes a Mac is unhackable (white hat conventions put that to bed years ago as OS X is typically one of the first to be hacked). This is a lot of noise about nothing and no different than someone downloading software from an unknown source and installing it, putting in the admin password when prompted, and the

          • by weicco (645927)

            Last time I had to clean up a Windows was because my ex-wife's 13 year old cousin just needed to have smileys on Messenger. I don't know where she downloaded the package. She got smileys and couple of other things which took me 4 hours to remove.

            So in my mind trojans aren't just noise about nothing. They may need user interaction to install or run but there's plenty of users who happily install every application they get their hands on.

            You are right. The problem is the user. But you are wrong about Windows.

          • :"Social engineering" is indeed a "hack". The malware creator somehow enticed the user into desiring to install the malware, and the user let down whatever defenses prevented the malware from installing. H B Gary Federal was "hacked" through social engineering, along with other methods. Mac, Linux, and even Unix can be hacked in the very same way. Ask the user for whatever you need to bypass his defenses, and if he responds favorably, you have "hacked" him.

            Every hacking guide that I have ever seen inclu

          • white hat conventions put that to bed years ago as OS X is typically one of the first to be hacked

            Because they require you to use zero-day exploits - IOW exploits that have never been used before even theoretically.

        • by jbolden (176878)

          .ALL OSes can be hacked, full stop.

          I'm not sure that's entirely true at least in a meaningful sense. For example moving from a permissions system to a capabilities system and really using capabilities makes an OS vastly less hackable. Systems where the OS has multiple one way penetrable barriers like VMWare view or MVS tend to be from a practical sense much less hackable. Apple's culture of being able to dictate to their developers, and a developer expectation hat OS bugs can very easily require an

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Interestingly, does this count as the 44th malware threat on OS X (based on a cited post from the AV thread yesterday that said there are 43 threats over the life of OS X)

        43 confirmed viruses for OSX. Virus is only one VERY specific type of malware, and in fact viruses are seldom seen on any platform these days.

        When was the last time Apple actually claimed to be immune or secure from viruses? They don't. They make vague claims of being "more secure", and run ads which seem to imply they don't get infections although they don't actually ever say It. Instead, they just make vague comments about how "vulnerable" the "PC's" are (as if a Mac isn't a personal computer or something

    • Re:Masses reaction (Score:5, Insightful)

      by bmo (77928) on Monday May 02, 2011 @06:39PM (#36005316)

      Nobody with a brain has ever claimed that OSX is impervious. And nobody with a brain has ever claimed that OSX is impervious to PEBCAK.

      What *has* been claimed is that the automatic propagation of evil over OSX (and BSD and Linux and *every other sane OS out there*) is terribly inefficient, because unless you pack the evil in a container, permissions (including the permission to execute) are stripped as soon as you send your file. And then you have to either unpack it or you have to manually assign the execute bit through right clicking and using the dialog or using chmod. And only then can you run the file.

      Compare and contrast this to the Windows world where the execute bit is tied to 3 letters in the file name and Windows will duly execute the file as soon as it's double-clicked. Malware in this system goes from machine to machine because Windows assumes that a file is permitted to execute if it whispers the correct shibboleth of "exe, com, scr" or what have you.

      While OSX's advantage of using the Unix model of tossing permissions does not cover warez, the equivalent of purple gorillas on OSX or braindead users, even the small amounts of protection that OSX gives goes a long way in preventing network effects on the spread of malware.

      --
      BMO

      • Re: (Score:3, Interesting)

        by mrnobo1024 (464702)

        This might have been a good point in 1987, but today most serious malware spreads by exploiting bugs in legitimate software. Why rely on the user to run your evil program manually when buffer overflows and such are so abundant?

        Having an "execute bit" doesn't do anything to stop that (unless you mark all your programs non-executable, of course; that'll make sure you're secure ;))

        • by MeNeXT (200840)

          You missed his point. The software runs as the user and does not run as ROOT or SYSTEM, meaning limited access at most. You may infect the user account with a buffer overflow but you won't get SYSTEM access. Now compare that to Windows and be real about it.

          • by DeadCatX2 (950953)

            In Windows, software doesn't run as root or system by default, either. Since Vista, there has been UAC, unless you turned it off. Modern Windows applications cannot even write anything to Program Files without elevated permission.

            That said, you seem to wrongly think that there are no privilege escalation exploits that allow malware to gain root or system privileges.

            • by Jezza (39441)

              Sadly I know of (because we have the bl**dy thing deployed) Windows applications that don't run with UAC switched on OR the user running as anything other than administrator... I know!

              In fact, in the UK pretty much EVERY school administration system is setup this way - because the software demands it. On Windows 'legacy' is one of the greatest enemies of security. On Mac OS X there is very little legacy, "Classic" is long gone, and PowerPC isn't installed by default on Snow Leopard. Expect more of the same

              • And people can configure software to run as root as well. Intentionally disabling your security system should not be a valid argument.

                • by Jezza (39441)

                  My point is there are a whole lot of Windows systems that HAVE to run in a way that anyone at Microsoft would probably weep at, to run legacy software. This "I'll just keep running it" attitude is endemic. It is one thing that just doesn't exist on the Mac - you simply can't, Apple take the legacy support away - quite quickly actually. It would be possible to improve Windows security a great deal faster, if they took a more "Apple approach" to legacy.

                  My point is legacy is the enemy of security.

                  When people c

                  • by hairyfeet (841228)

                    Actually your point would better be phrased "MSFT should just say I quit and tell everyone to buy an iPhone" as backwards compatibility is what sells Windows and if I can't run my programs why in the hell am I gonna pay for Windows? I can run Linux for free or just buy a Macbook.

                    And you know what? For all the Linux and Apple guys creaming about legacy cruft we Windows guys like backwards compatibility same as most of us happen to like the registry, thank you VERY much! I LIKE having a new quad core with 8Gb

                    • by gmhowell (26755)

                      Methinks the lady doth protest too much.

                    • I think that you help to make GP's point. You can't have legacy and security together. If you want good legacy support, you get crap security. If you want good security, you sacrifice the legacy. Take your choice, but you can't have both.

                      I quote GP: "When people complain that Windows Vista/7 won't run this or that bit of legacy software, and that they want better security - they are trying to argue both ends of the problem. You can't have your cake and eat it."

                    • by hairyfeet (841228)

                      Really? Frankly (knock on wood) I haven't had a single Win 7 machine come back in infected. Not a single one so far and I've been selling it since it came out. Now that Limewire has finally bit the dust the infection rates have been falling pretty steadily, especially once folks saw how easy it was to rip MP3s from Youtube. Now that UAC and sandboxing the browser with lower permissions has been killing drive bys dead my constant headaches from dealing with infected boxes has gone way down TYVM and my softwa

                    • by jbolden (176878)

                      You can look at IBM. You can do it. The OS has to have capabilities for handling legacy applications which are unsafe, sandboxing them and virtualizing their interconnections with other applications.

                • by jbolden (176878)

                  Of course it should as disabling occurs in real life. Windows NT since the 3.51 days had an excellent capabilities security model that software (including explorer / shell) didn't use. Installers didn't use. There weren't good user commands for it. And so it was effectively disabled and worthless.

              • by hairyfeet (841228)

                Uhhh...you DO know there is a butt simple way around this, yes? 1.-Install the software, 2.-Install Deep Freeze [faronics.com] or other similar software. 3.-There is no step three because at every boot you have a clean system and if there is any doubt at any time a simple reboot gets you a clean slate.

                Now personally I wish MSFT would have simply built this ability into the OS, but with antitrust they'd probably be slammed by both the AV and the companies like Deep Freeze if they tried it. They offered a free version on XP

                • by Jezza (39441)

                  Look I totally agree with you. The system is a mess (I'm talking about the application - "SIMS") it is shocking that it simply doesn't work properly with Windows (because it really is working against Windows). I don't "blame" Microsoft at all for this. Pretty much EVERY UK school has the same setup. I can't change it, as I'm not the one looking after SIMS - it is frequently updated (mostly because stuff doesn't work properly, usually the updates break something else) again by the local authority, and wow th

                • by jimicus (737525)

                  But in the end you really can't blame MSFT for this one, since their recommendations on writing permissions has been the same since Win2K pro, it is just nearly every third party vendor just gave MSFT the bird and wrote everything as admin because it was the lazy way to go. But if you are dealing with a vendor who after FOUR YEARS of UAC STILL hasn't bothered to write an acceptable program with normal permissions I would seriously be pushing for another vendor. After all if they can't even code correct permissions, what other shoddy code have they let slip by?

                  As would I, but the OP you're replying to is a slightly special case because they're working in a school.

                  Educational software tends to fall into one of two camps:

                  1. It does a first-class job of getting the message across to the pupils. Unfortunately the person who wrote it wouldn't know a Microsoft recommendation if it bit them on the bum. It ships to the school with installation instructions saying "Visit every PC in turn, insert the CD and go Start, Run, D:\install.exe"; there isn't an MSI. Further in

              • This doesn't matter much.. most home users have only one account on their computer, and is often set to automatically login... what do you need root privileges for when you can execute as a user, and access all the user's data. What would be needed would be separate data stores protected per application, per user... This isn't the case in windows, linux, or osx.
          • by mellon (7048)

            You may find this less comforting when all your bank account information, which is owned by you, not by root, gets scooped off of your computer over the net. Likewise, it's trivial to add startup items; these run with your permissions, so they don't have total control over the machine, but they can still stick around and propogate.

            • Re: (Score:2, Offtopic)

              by oakgrove (845019)
              On my machine, every single userspace program runs with a different uid. No program has read or write permissions to any other program's data. And that's just one line of defence. And for people that run everything as themselves, there is http://en.m.wikipedia.org/wiki/AppArmor [slashdot.org]"> apparmor that will effectively do the same thing.
            • We've come across more than a few malware apps these days that don't bother to try and install in to the system, they just install for the user. The assume correctly that most systems are single user so owning a user account is as good as owning the system.

              We discovered it when someone got nailed with something Malwarebytes cleans up nicely. We ran it and it came up with a big negative, however when the user logged back in, there it was. Turns out that Malwarebytes (at the time) didn't scan all users, just

          • Except, of course, when the software with the vulnerability is already running as root or SYSTEM. Perhaps the flaw is even in the kernel (which happens from time to time).

            Seriously, the execute bit argument is stupid. If someone sends a user an attachment of lady gaga nude, they're going to set the damn execute bit to view it. And malware can be malware even if it runs as the user (it can still send tons of spam and be used as part of a zombie network to DDoS people, it can still rape your address book a

            • by Jeremi (14640)

              If someone sends a user an attachment of lady gaga nude, they're going to set the damn execute bit to view it.

              One would hope that anyone smart enough to know how to set the execute bit, would be smart enough to know not to set the execute bit.

              (One would probably be disappointed, though ;^))

          • by jimicus (737525)

            Okay, so let's look at the practical differences between infecting a user account and infecting a system account.

            1. If you're running as a user, you might find it harder to start an application as part of the boot process. Not the end of the world, however, because it's easy enough to start as soon as the user logs on - and this is true on Windows, OS X and Linux.
            2. You can set up TCP/IP connections as any user. You can't listen on a privileged port, but that's hardly a showstopper.
            3. You can still ste

      • by scot4875 (542869)

        Compare and contrast this to the Windows world where the execute bit is tied to 3 letters in the file name and Windows will duly execute the file as soon as it's double-clicked. Malware in this system goes from machine to machine because Windows assumes that a file is permitted to execute if it whispers the correct shibboleth of "exe, com, scr" or what have you.

        This hasn't been true for a *long* time. Go ahead; try downloading something and run it on any patched and updated XP, Vista, or Win7 box. At the

        • by epyT-R (613989)

          Of course, maybe Macs still have an advantage here, in that the OSX is the pinnacle of design perfection, so no user would ever *want* to download and install a purely cosmetic change.

          wow. fanboi much?

      • Re:Masses reaction (Score:4, Interesting)

        by errandum (2014454) on Monday May 02, 2011 @06:59PM (#36005514)

        You miss the point, I think.

        Whoever double clicks something to install assuming it is legit will also gladly insert their username/password.

        In terms of security windows is actually more robust from a security standpoint than mac os, but it's also targeted a lot more. And I don't mean file permissions, I mean actual design flaws.

        You're safer while using a mac, no doubt about it. But the OS with the most security features IS windows.

        And if you don't believe me, I'll quote:

        "Paul Kocher, president and chief scientist at Cryptography Research: "The fair answer is that with the latest versions of each operating system there isn't a compelling security reason to pick one or the other. It used to be that Apple was doing a better job, but with Windows 7 Microsoft has caught up. There are some differences; Windows has a better security ecosystem. On the other hand, Apple tends to have more expensive hardware and has a smaller market share, so it attracts fewer malware writers. Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit."

        or

        "Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware."

        or even

        "Rich Mogull, CEO at Securosis: "It depends on which version of Windows we're talking about. Clearly there are major differences between Windows XP and Windows 7. Second is, are we talking about safety versus security? Microsoft has done more in terms of its inherent security features than Apple has in the operating system. All of that said, Microsoft gets attacked a lot more than Apple does. Right now your odds of being infected as a Mac user by malicious software are quite a bit lower than a Windows user, unless you do stupid things, such as download free versions of commercial software. And some of the pornography sites on the Internet, the dark corners of the Internet have stuff that will hurt a Mac."

        It's not my opinion. It's the expert's opinion.

        • Re:Masses reaction (Score:4, Interesting)

          by rsborg (111459) on Monday May 02, 2011 @07:15PM (#36005668) Homepage

          "Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]...."

          Your quote from Mr. Miller is way out of date. Apple now doesn't include Flash or Java by default, and does implement (although weakly) ASLR.

        • "But the OS with the most security features IS windows."

          By this logic, the largest military force would also be the best military force. Maybe you've missed some of the Hollywood movies, like 300, that attempt to depict the heroic efforts of small forces handing the asses of larger forces to the larger force, on a platter.

          I don't want more security features, especially if those features cost a lot in terms of resources and performance. I want SAFETY, ie, efficient security. Besides - no security feature

      • by Haedrian (1676506)

        Nobody with a brain has ever claimed that OSX is impervious

        There you go. There's your problem right there.

      • by exomondo (1725132)

        Compare and contrast this to the Windows world where the execute bit is tied to 3 letters in the file name and Windows will duly execute the file as soon as it's double-clicked.

        No it doesn't, don't spread FUD. You will always get security warnings when trying to run unsigned executables.

        • Beyond this, NTFS does have distinct execute priv's.. on XP/2K I've been known to set iexplore.exe to alow write, butnot execute privs... so that it isn't ever runnable as a browser choice... this way it doesn't break updates, but still doesn't let another user/gues execute old IE versions.
        • by cbhacking (979169)

          Also, technically Windows does have an Excute bit (lots of them, even - one for each ACL, allowing you to permit or deny on a fine-grained basis).

          Of course, Windows also has a distinct tendency to default the Execute permission to Enabled. This is a terrible idea, but 9x didn't have file permissions at all, and most people seem completley unaware that NT has them, so it would be a huge problem for Microsoft to change the default behavior.

        • Compare and contrast this to the Windows world where the execute bit is tied to 3 letters in the file name and Windows will duly execute the file as soon as it's double-clicked.

          No it doesn't, don't spread FUD. You will always get security warnings when trying to run unsigned executables.

          Which why you will soon ignore them and just click yes - because you can't easily get rid of those warnings for things you start often. Very clever design.

      • You make a valid point, but Safari seems to auto-open certain "safe" files in the case of this crimeware kit: http://www.securitynewsdaily.com/new-malware-goes-after-mac-users-0747/ [securitynewsdaily.com]

        However, a huge amount of malware doesn't propagate by someone running an executable - these days it frequently uses exploits in browsers, Flash, PDF readers, etc. Simply visiting an infected website or opening a malicious PDF is enough to execute the malware on your machine. Exploit kits make it easy to set up a website that w

  • Well? (Score:5, Funny)

    by fuzzyfuzzyfungus (1223518) on Monday May 02, 2011 @06:18PM (#36005098) Journal
    All I want to know is whether this malware is worthy of the Apple platform or not: Does it use Grand Central Dispatch to efficiently allocate the load of multiple form-stealing processes between all my system's cores? Are the misleading dialog boxes that frighten me further into folly fully compliant with Apple's HID guidelines?

    If I'm going to get Mac malware, I damn well better have the best malware experience that the industry has to offer. Heck, I'd probably even be willing to pay $20 for something that windows users get for free and linux nerds compile from source, if the interface is good enough...
    • Mods, parent is brilliant satire!

    • by jo_ham (604554)

      Despite the obvious satire, the answer is yes, since the system handles GCD for the software running on it :p

      • by Guy Harris (3803)

        Despite the obvious satire, the answer is yes, since the system handles GCD for the software running on it :p

        Well, no, actually, the system doesn't magically make all software use GCD. If it's using a framework where the run loop is inside the framework, the Snow Leopard and later version of the framework might use GCD, but if you have your own run loop....

        • by jo_ham (604554)

          No, this is true but it was designed to make multi-threaded apps more simple to develop. If you're writing for OS X you can assume it's there for you in SL.

        • by shmlco (594907)

          "If it's using a framework where the run loop is inside the framework, the Snow Leopard and later version of the framework might use GCD, but if you have your own run loop...."

          GCD requires the application developer to explicitly call dispatch_async and pass in the task blocks to be executed.

          • by Guy Harris (3803)

            "If it's using a framework where the run loop is inside the framework, the Snow Leopard and later version of the framework might use GCD, but if you have your own run loop...."

            GCD requires the application developer to explicitly call dispatch_async and pass in the task blocks to be executed.

            O RLY? [apple.com]

    • by joh (27088)

      All I want to know is whether this malware is worthy of the Apple platform or not: Does it use Grand Central Dispatch to efficiently allocate the load of multiple form-stealing processes between all my system's cores? Are the misleading dialog boxes that frighten me further into folly fully compliant with Apple's HID guidelines?

      Well, that "MAC defender" scamware uses Growl [growl.info] for its fake virus notifications and with this uses the theme you selected for notification bubbles and such. Depending on your own style it's surely stylish. And you can of course even customize the theme it uses! Try that with Windows.

  • Is it available at the app store?
  • I googled the phrase and I got a lot of non-meaningful results (and links to TFA). Is this some basic keylogger-type thing?

    • by Lord_Jeremy (1612839) on Monday May 02, 2011 @06:52PM (#36005442)

      Assuming that this software is actually intended to be running on the "compromised" system (which I find no indication of in either TFA, the article it links to, or google results), then what it does is exploit FireFox to "hijack" cgi webscripts on websites and use them to send spam email. Pretty much it would send data through a web request to a page that's intended to send email (like forum registration perhaps) that would essentially make the email handler crash or open a backdoor and then inject spam email into the form that would get sent by the website's server. It's a clever way of getting around spam filters blocking known spam email carriers - if your spam is being sent from multitudes of legitimate websites that just have poor software security it's much harder to identify and block.

      My big question is how this is supposed to get on the target system. To date, the only Mac OS X malware discovered in the wild has been virtually harmless, since it all comes in the form of a trojan. Some not very nice person disguises their malware in a piece of pirated software and upload it to torrent sites or whatnot. Some people download it and get infected because they don't realize the danger of such an occurrence. From what I've read, the security firms typically classify these trojans as extremely low-risk, with something like fewer than 50 confirmed infections. The point is, there are as yet no "drive by" or otherwise spontaneous infections you can get on a Mac. Any bad things that could happen rely on some form of social engineering or deception. The way OSes work, if you can convince an Administrator (of any system) to run something then you generally can do whatever you want. The Mac OS X security model is in many ways stronger than the Windows security model, but it's certainly not infallible. Macs are immune to the type of autorun viruses that are spread by removable media because they don't support automatic execution of programs on removable media (I can't for the life of me understand why the hell anyone would want autorun enabled on their system). On the other hand, the default OS X user/first one created is an Administrator. They aren't a superuser but things like global-scope installers have the permission to use the equivalent of 'sudo' if an Administrator enters their password. It's like UAC on Vista/7 - a large majority of people don't think twice about clicking "Yes" to whatever comes up on their screen (the other day my fiancé unwitting installed a browser toolbar and changed her home page on her PC because she didn't uncheck a few boxes in the installer for some freeware). I'd like to think that by being asked to enter a password a user is more likely to consider what they're authorizing but in most cases, the user is the weakest link.

    • by smartr (1035324)
      It sounds more like a CSRF, a sort of link-jack you might say. I believe the damage would be contained to the browser. http://en.wikipedia.org/wiki/Cross-site_request_forgery [wikipedia.org] I suppose the whole grab part means there's an additional ability to scrub whatever the user is doing for other sites.
  • by Anonymous Coward

    MACDefender requires that you agree to install it. It's not able to infect your Mac without your knowledge and consent.
    AND : Just drop it in the trash bin to get rid of it. Hassle free. Click and drag. That's it.

    BTW : The Kit has not yet proven it's functionality and works (if it does) currently only with FireFox.

    Still too early for iHate, schadenfreude or panic.
    There is still no single widespread, dangerous and working malware for OS X out there. Period.

    • MACDefender requires that you agree to install it. It's not able to infect your Mac without your knowledge and consent.
      AND : Just drop it in the trash bin to get rid of it. Hassle free. Click and drag. That's it.

      I know of no malware that (a) would give up so easily or (b) would not take the opportunity once it got the first privileges to run with them as far as they could.

      Drag it to the trash? If it doesn't rewrite .bashrc to start a process to make sure it's installed and running when the system starts u

    • by exomondo (1725132)

      MACDefender requires that you agree to install it. It's not able to infect your Mac without your knowledge and consent.

      That's the case with software on all platforms.

  • by sqrt(2) (786011) on Monday May 02, 2011 @06:39PM (#36005314) Journal

    The reason Apple will be able to win here where Windows hasn't been able to is because of the App Store for the Mac. Users who are not sufficiently savvy to vet software themselves can rely solely on the App Store to do that, and since only software that is verified by Apple can get on there, we are unlikely to see any malware sneak into the App Store or stay there for long. And if it does, Apple has the author's identity (CC info, etc), which although able to be faked could still serve as a starting point for a criminal investigation by the police. People who know enough to keep safe can still install software from other places, but for most people the App Store, privilege system based on the Unix model, and a more secure starting codebase is going to protect them.

    • Re: (Score:2, Insightful)

      by Skuld-Chan (302449)

      You're assuming they get this malware from installing an app - more likely they get this while browsing the net.

      Anyhow who's to stupid not to know how apps work or are installed won't know not to click on a dialogue that pops up while doing something "you need to update your mac - click here!".

  • Idiotware? (Score:2, Interesting)

    by Hamsterdan (815291)

    Since you have to enter the admin password for it to install, what's different from NT,*NIX and other OSes?

    *ANY* OS can and will be compromised if the user sitting at the keyboard grants root access...

    We're not talking about malware hidden inside freepr0n.wmv that will install via Windows Media Player or via an ActiveX control, or by itself on a pre-SP2 WinXP...

    • by Haedrian (1676506)

      Ah, but we all know macs don't get viruses. So what's the problem with letting this totally legit-looking program install?

      http://www.youtube.com/watch?v=M3Z386vXrt4 [youtube.com] See? Macs don't get viruses. Only silly PCs do.

      • by jesser (77961)

        On the other hand, fake-scan scams rely on Windows users' fear of Windows viruses in order to trick users into installing malware. I guess evil psychology tricks hurt users of both platforms.

    • Re:Idiotware? (Score:5, Interesting)

      by joh (27088) on Monday May 02, 2011 @07:19PM (#36005714)

      The difference is that only very few Mac apps require an admin password since most are just bundles you throw into your Applications folder (or where you want them to be) without actually "installing" (= spraying files and data all over the system) anything.

      Maybe not a really huge difference, but most people are not really used to that and any app running an actual installer is eyed with suspicion.

      It would help a lot if apps like Adobe Reader wouldn't needlessly come with such an installer. But then it's very nearly malware anyway.

  • by PopeRatzo (965947) * on Monday May 02, 2011 @06:54PM (#36005470) Homepage Journal

    God, I love jargon.

    "Crimeware", "scareware"... I heard there's a group of Buddhist cybercriminals who have created something called "Beware". When it infects your system it gives all your worldly possessions to them.

    If you happen to encounter this type of malware while using your computer, kill it.

  • What I have not seen is a validation that the offered kit actually -works on a Mac- (or Linux) running Firefox. It's been asserted by the malware's marketing literature this works, but the Danish company does not state they've validated that claim.

    Not only do we have no verification this works on Mac OS X/Firefox, but the "sales literature" also claims Safari and Chrome "real soon now". I'd be so shocked to see have a vendor's marketing literature end up being wrong....

    Or could this be someone trying to

  • No matter if your OS is Windows 5.x, 6.x, Mac OS X 10.x or GNU/Linux Kernel 2.4.x or 2.6.x. If your machine is a desktop run an antivirus.

    You owe it to the rest of the world to extermitate viruses, both the many (or few) that your machine is susceptible to, as well as those that, even though will not infect your machine, will be passed on to someone else...

    . ;-) ...because YOU, saavy and enlightened slashdot user, did not catch and exterminated it. Do it for the unwashed mases, that are clogging the pipes w

"I have just one word for you, my boy...plastics." - from "The Graduate"

Working...