Forgot your password?
typodupeerror
OS X Security Worms Apple

Apple Support Forums Suggest Malware Explosion 455

Posted by Soulskill
from the macpocalypse-is-nigh dept.
dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"
This discussion has been archived. No new comments can be posted.

Apple Support Forums Suggest Malware Explosion

Comments Filter:
  • by Azadre (632442) on Wednesday May 18, 2011 @04:16PM (#36170322)
    Make everything install through the OS X App Store ;)
    • by Nerdfest (867930) on Wednesday May 18, 2011 @04:24PM (#36170436)
      There's stories floating around about companies complaining because Apple is not distributing available security updates to their products [sophos.com], supposedly because of approvals. The App store is apparently not a good solution currently.
      • by zonky (1153039)
        Linux has similar problems - i.e, Ubuntu can "lag" a firefox release for hours or days behind a general security release.
        • by oakgrove (845019)
          Er, if it bothers you that much, go to getfirefox.com and download the latest version like I did?
          • by dingen (958134)
            That's fine if the only software you're running is Firefox.
            • by oakgrove (845019)
              Where do think any linux software comes from? Chrome/chromium comes from Google. Adobe reader comes from Adobe Flash comes from Adobe. All of it can be downloaded from the respective websites the second it is released.
              • You are already aware that your suggestion is insufficient for the needs of the hypothetical average Joe, who has no idea that the vulnerabilities need patching in the first place, and doesn't tend to subscribe to security news sites. The hypothetical average Joe shouldn't need to be aware of those technical details.

                Good and efficient management of the logistics of distributing security patches downstream (automated as much as possible) is essential to the viability of any package-managed system—wh
              • by mwvdlee (775178)

                So every evening I boot up my computer, read up on the latest security advisories, visit all the sites of programs I use, download and install the latest bug- and securityfixes then go to bed because I have no time left to actually use my computer.

        • by Nerdfest (867930)
          Yes, but you can add the Firefox PPAs directly. I think Opera has one as well. Apple doesn't currently let you do that, nor are they likely to in the future.
    • by chfriley (160627) on Wednesday May 18, 2011 @04:59PM (#36170932) Homepage

      The slightly different option is to default to only installing through the App store with an option for users to turn that off, perhaps in the Accounts section of System Preferences. This gives a compromise where people on Slashdot can use whatever method they want and naive users will be much more protected.

      Remember that 99% of the users out there know very little about computers. They think a Computer Science degree or Computer Engineering degree means you "know how to fix computers." Kind of like an "electrical engineer" can come and wire your house or a "mechanical engineer" knows how to fix your car.

      The question here is: how much do you protect users from their own naivety/stupidity/credulity (depending upon how you want to phrase it)?

      I believe that in the long term, like it or not, the trend will be that the operating system will be closer to the walled garden approach for just this reason.

  • by LunaticTippy (872397) on Wednesday May 18, 2011 @04:18PM (#36170342)
    I would expect as Apple becomes more popular it will become more of a target for malware. This is not very surprising. I just hope Linux never becomes popular!
    • Not A Virus (Score:5, Insightful)

      by GFLPraxis (745118) on Wednesday May 18, 2011 @04:33PM (#36170550) Homepage Journal
      The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware. It can't propagate itself nor install itself automatically from a web site. People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac. Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.
      • by amliebsch (724858)

        OP didn't even mention the word "virus." Nobody really cares what technical category it falls into. It is malware.

      • Who cares. Users will always do stupid things. You can always blame users. They should have patched, they shouldn't have downloaded an executable, they shouldn't have entered their credentials to install some software or have smileys in their emails, etc.
      • Re:Not A Virus (Score:5, Insightful)

        by recoiledsnake (879048) on Wednesday May 18, 2011 @04:58PM (#36170906)

        The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware.

        It can't propagate itself nor install itself automatically from a web site.

        People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac.

        Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.

        I believe that the vast majority of malware targetting Windows also uses social engineering and not exploits. Things like ASLR, sandboxing etc. have made it hard for real exploits so instead the blackhats have gone for things like fake codecs, fake smiley packs and fake antivirus applications. Even granting your point, usually Safari is one of the first to fall in contests like pwn2own which use drive-by exploits and not social engineering.

      • Re:Not A Virus (Score:4, Insightful)

        by Jaktar (975138) on Wednesday May 18, 2011 @06:56PM (#36172440)

        Stupidity is platform independent.

    • Linux is already popular - on servers. The ones that hold vast quantities of valuable information.

      • by wagnerrp (1305589)
        And just the same, there's a crapflood of compromised Linux servers out on the internet. Those hundreds of brute force SSH attacks you get daily are proof of that.
        • by Adambomb (118938)

          How exactly are floods of brute force ssh attempts proof of compromised Linux servers? SSH isn't some magical protocol restricted that is Linux clients only.

          Or do you mean the fact that botnets and such are _trying_ to compromise Linux servers, that indicates a large number of compromised linux servers?

    • Re:Hardly surprising (Score:5, Informative)

      by grcumb (781340) on Wednesday May 18, 2011 @05:14PM (#36171104) Homepage Journal

      I would expect as Apple becomes more popular it will become more of a target for malware. This is not very surprising. I just hope Linux never becomes popular!

      Well, if we do a quick calculation, perhaps we can get a ballpark idea of just how big this threat is:

      Number of distinct threats: 1

      Number of distinct reports: 42

      Now, let's be generous and assume that for each of those 42 threads, there were about 1000 other people who experienced the same problem. That makes about 42,000 people who inadvertently installed and ran a Mac trojan. I'm not certain about the size of the Mac desktop/laptop installed base, but I suspect that a reasonable estimate is in the tens of millions.

      Now, compare this with Microsoft's admission [slashdot.org] that 1 in 14 downloads on Windows is malicious, and I think it's safe to say we have two problems of distinctly different scope.

      The article's author, Ed Bott, asks whether we should be crying wolf about this latest surge in Mac malware. Near as I can tell, there is a threat, but it's more akin to an excited chihuahua trying to hump your ankle than a ravening wolf.

      Once again, those who claim to see direct parallels between Windows security and Mac/Linux security are guilty of false equivalence [imagicity.com].

  • PC users knew all along that the only reason Mac users went relatively unscathed throughout all those years is that the Mac install base was too small to bother. The more popular Macs became, the bigger the target on their backs.

    Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.

    Being unpopular does not mean you are safe, but it doesn't hurt. Crackers, virus writers, malware creators, and botnets target the path of least effort.

    • by migla (1099771) on Wednesday May 18, 2011 @04:33PM (#36170548)

      >Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.

      Yes. But I think it would be easier to get Linux users to just stay with the repositories of open source code, than to download all kinds of crap from everywhere. Not all users, but a lot of them.
      That should disarm the threat somewhat.

      • Part of the infection path is search engine poisoning.

        Seriously - you could be searching for lawn chairs and end up at a site that announces that your computer is seriously infected with viruses. Video of one install process [youtube.com]. That one is lame, as it's a Windows lookalike, but this one is more convincing [intego.com]. And keep in mind - most users are idiots, and even more believe that they'll never ever fall for such scams.

        Are you also suggesting that Linux users should stay away from the Internet? I mean, it would remo

      • by shutdown -p now (807394) on Wednesday May 18, 2011 @04:55PM (#36170870) Journal

        Most Linux users today fall into two categories: either they are more or less geeks, and understand the concept of software security (and how it relates to using official repositories); or they're "aunt Tilly" type users who had Linux set up for them by their geek children or grandchidren - those don't install software at all, and thus immune to PEBKAC malware vector.

        On Windows and OS X, on the other hand, the majority of users are those who are aware of the ability to extend the OS by installing third-party apps, and capable of doing so, but not understanding full security implications of that. Hence why it's a problem there.

        Should Linux overtake Windows and/or OS X in their markets, it would also get that part of their userbase, and inherit the same problem.

    • Linux may not be popular on the desktop, but I'd say Linux has a very high percentage of servers since roughly 60% [securityspace.com] of mail server responses are exim, postfix, and sendmail, while microsoft continues to decline. My own vanity domain is "tested" daily hundreds of times, and let me tell you, Iptables and ACL keep my server secure, not obscurity.

      • by b0bby (201198)

        I've got a vanity domain too (on an old PIII Linux box) and I'm always amazed at the number of attempts at attacking it. A server does have a lot less attack vectors, though; I'm not browsing from it, I'm not adding software to it, I'm not opening email attachments on it. So it's a less attractive target than a desktop machine from that point of view.

      • Servers (esp. Linux ones) are run by admins, not casual users. They understand software security.

    • by Bert64 (520050)

      Linux however, has long been a big contender on the server... The difference however, is that a linux server typically has a completely different set of packages installed, whereas a windows "server" (and i use the term loosely) basically is a desktop with a few extra background processes.

    • Where do the virus writers get the most bang for their buck? Well, now that Mac has a large enough user base, they may become a target. Frankly, one of the only ways I see avoiding that is if the number of un-patched Windows machines remains high enough to keep attention there.

      The real test will be once there really *IS* an explosion. What will it look like and how will Apple and other companies be able to respond to that issue? If there is a slow response, or any serious denial we'll end up with a br

  • by gilesjuk (604902) <.giles.jones. .at. .zen.co.uk.> on Wednesday May 18, 2011 @04:22PM (#36170400)

    Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.

    If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications. But then people would complain about lack of freedom.

    The security model of OSX is fairly proven, Windows struggles due to backward compatibility at times.

    • by Burz (138833)

      it is the nativity of the user.

      Wait - You're saying the user is Baby Jesus??!

    • Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.

      Well, one approach would be to have the browser pop up scary looking warning boxes, and if the user clicked 'okay' then refuse to download any executable files for the next 24 hours...

    • What, the user needs to take responsibility for the actions they perform, and that those actions can damage their security on their computer? What are you, some European Socialist pig?!

      Oh, as far as security models? Security models mean squat when you hand over all the keys to Spunky the Spyware...

    • Is it possible to protect a user from themselves?... If Apple made the installation of non-App Store software on the Mac possible then it would stop a lot of rogue applications.

      That's how you protect users from themselves.

      But then people would complain about lack of freedom.

      Unfortunately, iPhones are still selling like hotcakes, so I'm not convinced this is the reason. But I really, really don't like either direction. If people could be bothered to learn anywhere near as much about their computers as they typically understand about their cars, we wouldn't have this situation.

      • people could be bothered to learn anywhere near as much about their computers as they typically understand about their cars, we wouldn't have this situation.

        I don't think it's a good comparison. I treat my car as an "appliance" in a sense that is used for iPhone - it's a device that does the job I need, and I'm not inclined to find out more about how it does it. I most certainly don't try to extend it myself; if I did, I'd probably mess something up pretty bad.

        The problem with PC model is that it makes arbitrary extensibility very easy (anyone can install an app, or run executable code). Thus people can and do that without understanding the consequences.

      • by tlhIngan (30335)

        Unfortunately, iPhones are still selling like hotcakes, so I'm not convinced this is the reason. But I really, really don't like either direction. If people could be bothered to learn anywhere near as much about their computers as they typically understand about their cars, we wouldn't have this situation.

        Users are complaining though. Check /. everytime an App Store article comes out and watch all the Android is better folk chime in on how the Market is freer.

        The thing is, though, people don't care. They ha

    • by fermion (181285)
      MS Windows increasingly did this or allowed the administrator to do this. For example, it was quite vogue for a while to not allow active content over email. In fact many problems on MS Windows occurred simply because opening an email could infect a computer, and MS Outlook was set up by default to open an email when user selected it, or automatically show the most recent email. Back in the very late 90's when I started using PCs again for work I had a machine infected in this way. SInce I had been away
    • If Apple decided to "protect users from themselves" would that be just a bit too 1984?
    • by grumbel (592662) <grumbel@gmx.de> on Wednesday May 18, 2011 @05:35PM (#36171380) Homepage

      Is it possible to protect a user from themselves?

      Yes.

      If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS

      Wrong.

      it is the nativity of the user.

      Wrong again, its the historical ballast of 30 year old OS design that hasn't kept up with times.

      But then people would complain about lack of freedom.

      Freedom and security are not opposites, they go hand in hand. The problem with todays OS design is that it provides application freedom, while it should focus on user freedom. A good OS should allow a user to run whatever piece of software he wants without fear of system corruption, data theft or anything else. Instead todays OS to the opposite, they force the user to carefully select which apps to run as he has no way to limit what an app might do.

      Simple steps for a much more secure OS (really not that much different from a application running in your browser):

      1) run all apps in complete isolation
      2) make file load/save dialogs a part of the OS, so that the app can exchange data without ever having filesystem access

    • by makomk (752139)

      If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.

      It's not necessarily the fault of the OS, but there are ways to make it easier for users to make the right decision - like making it clear to them that they're downloading software from an untrusted website and restricting how much control the website has over the information displayed - and ways to make it harder. Allowing websites to automatically download to the desktop or even open an installer package - like Apple seems to think is good idea - definitely falls into the "makes it harder to stay safe" ca

    • by Teckla (630646)

      Is it possible to protect a user from themselves? If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS, it is the nativity of the user.

      Unfortunately, if you're using Safari's default settings, it will download and run the MacProtector malware installer automatically. Safari considers the .mpkg "safe content", thus the fully automatic download and install of the MacProtector malware installer by merely visiting a web page.

      Of course it's true that a truly determined user will trash their system, but Safari, using its default settings, makes it much easier for the malware people to trick users into installer their Trojan.

      Apple should change t

  • I know this isn't going to be popular here, but if you don't want problems, don't download warez, stay within the walled garden. There are thousands of titles available from the Apple store, games available from sites like MacGameStore [macgamestore.com] or Steam and others, as well as many independent software authors.
    • by Haedrian (1676506)

      Don't visit websites which could have code in them specifically to dump viruses in your system ("Drive by downloads").

      Don't visit websites which have advertisers which could have been compromised to do the above.

      Pretty simple innit.

    • don't download warez, stay within the walled garden.

      False dichotomy. You could also download safe/sane third-party software -- open source stuff, or even the dozens of proprietary apps that the Mac had before there was a Mac store for Apple to be able to take a slice of the profits.

      In fact, you seem to be suggesting just that -- but understand that, if it really was the sort of walled garden you've got on the iPhone, you wouldn't have Steam.

  • Easy... (Score:2, Funny)

    by Haedrian (1676506)

    "and what do Mac users need to do?"

    Switch to Linux.

    • It all went downhill when we convinced them to start using 2 button mice and scroll wheels...

    • Re:Easy... (Score:5, Insightful)

      by MartinSchou (1360093) on Wednesday May 18, 2011 @04:44PM (#36170712)

      How does Linux prevent you from installing bad stuff onto your computer?

      The installer asks the user to enter their admin password - and they do. That's why they get infected.

      But I'm sure you can explain exactly how Linux' security model prevents a user from using sudo to install rogue programs. And if you can't come up with something better than "the user account shouldn't have have wheel rights", then you need explain how the user is ever going to install useful stuff that requires sudo.

      You cannot protect a user from himself - at most you can make it difficult for him.

      • > How does Linux prevent you from installing bad stuff onto
        > your computer?

        Bad stuff for Linux is in short supply. Malware authors seem to care only about the most popular platforms.

    • by jo_ham (604554)

      I would, but I can't resize my screen from 640x480 - the settings window is taller than that and the ok button is off the screen with no way to select it. I sent a text from my android phone to someone who could help me fix it, but I don't think he got it. I then logged onto an unsecured wifi access point in the coffee shop I was in, and a guy next to me said "hey, I know that guy in your email address book too!".

      I was so frustrated with all these security issues I instead switched to BeOS.

  • Apple products are the best things ever, and obviously more secure than everything else. Everyone knows these are never compromised during pwn2own.
  • by doggo (34827) on Wednesday May 18, 2011 @04:38PM (#36170636) Homepage

    Pffft! Whatever.

    At work I worry about our Dells running Windows. But not our Red Hat server.

    But hey, we use AV on our machines.

    At home I don't worry about my Mac.

    Much ado about one malware kit. Overblown.

    And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.

  • Assuming they're similar to windows "viruses" Mac users will have to adjust their behavior.

    Practice mindful computer use.
    Don't download every little amusing flashing light.
    Is this really something your friend would be sending you?

    Install a JS blocker. Simply the best thing I've ever done to better my web browsing experience. The majority of JS on a page are the things on a page you hate. Many many pages work perfectly well without it and the rest work with white listing the main domain and maybe a resour

  • by Vitriol+Angst (458300) on Wednesday May 18, 2011 @04:43PM (#36170704)

    When they "explosion", do they mean more than a dozen?

    Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."

    I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.

    >> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.

    I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.

  • From one of TFAs: AppleCare: Well, Iâ(TM)m sure youâ(TM)re aware of what Mac Defender pops up on your screen if you donâ(TM)t buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didnâ(TM)t want them seeing the images.

    Those stupid virus writers got it backwards. They're supposed to ask you for money *before* they show you the dirty pictures. That's the time-tested strategy for making a profit on the Internet.

    Also, I don't have M

  • by Anonymous Coward on Wednesday May 18, 2011 @04:51PM (#36170798)

    I have seen this "malware" in the wild. My elderly mother called me, last week, about this. She reported "something came up on my screen, telling me that my computer is infected and that I should click to remove them". I had her take a screenshot and send it to me:

    http://imagebin.org/153902 [imagebin.org]

    She is almost as computer illiterate as one could be, but even she had a suspicion that this wasn't legitimate.

    Out of curiosity, I went to the URL (which inspects the user-agent, to avoid showing this scareware screen to non-Mac users), clicked "remove all", downloaded/unzipped the file, _manually ran the installer_, and clicked through several install steps.

    This is not drive-by malware, it doesn't use an exploit in a vulnerable browser plugin, etc. It's a fairly-hardmless trojan that is easily removed. A google search for "remove mac protector" will yield detailed instructions, e.g.:

    http://www.bleepingcomputer.com/virus-removal/remove-mac-protector [bleepingcomputer.com]

    I have saved the installer, if anyone would like a copy of it for analysis. It contains some remnants of Russian language settings from Xcode, among other interesting tidbits.

  • They need to join the rest of the world in the fun of learning how machines work, and how to use them safely. Glad to see that they're well-rested. The good news is that by now, the rest of us know exatly what to do, and how to teach them.

    Welcome to computers. Is this your first one?

  • by jo_ham (604554) <joham999@@@gmail...com> on Wednesday May 18, 2011 @04:56PM (#36170884)

    I can see exactly why this has happened. The offending malware is a trojan, that is installed via social engineering.

    It have seen a couple of hits lately on google image search, where clicking on one of the images takes you to a remote server where you get the familiar-to-windows-users "this is your hard drive" trick, where the browser shows a reasonable approximation of a Finder window, and shows a "scanning for viruses" progress bar, followed by an inevitable "your computer is at risk! click here to fix the problem!". I assume the link takes you to a site that downloads the "MacProtector" trojan which is what many people have been complaining about - essentially a simple program with no close button or quit option that nags you to pay for removal software. The website clearly uses browser detection and just serves up the appropriate windows/osx version of the con page.

    You can kill it using the terminal, or using command+option+escape, or from the Activity Monitor (and it's not sophisticated enough to be able to stop you, if you know how to terminate processes unlike some of the more nasty malware on windows that disables the task manager etc). I suspect that it's only a matter of time before it gets more difficult to remove.

    However, the term "malware explosion" seems very sensationalist - it's *a* piece of malware that has hit a lot of clueless users all of a sudden who are not used to dealing with this sort of thing due to the generally low malware issue on OS X to date.

    Mac OS X users need to be aware of social engineering scams like this and to be careful about what they install (this is not a virus or drive by install) - it's no different to the trojan that was being distributed in the warez copy of Office for Mac that deleted files etc, just that the delivery method can now target people who are simply browsing google image search.

    As always with security-related stories, no Mac users don't think our platform is immune to threats. It seems the only people making those sort of wild claims are the anti-Mac people who crow that it's what they think we would say (wow, awkward sentence). There are no "immune" systems, merely "safer" vs "less safe".

    When it comes to trojans though, every OS is equally vulnerable, although this is skewed by the userbase somewhat (for example, far fewer 'normal' computer users on Linux distros who would be taken in by the social engineering). If we assume the Mac and Windows user base is broadly the same in terms of distribution (ie, from clueless all the way up to power users) then it is only a matter of time before a "big" trojan comes along for OS X - and here it is.

    Calling it a "malware explosion" is just inaccurate though.

  • My wife's Mac has a separate account for her, and I'm not entirely sure I remember the password on the privileged-by-default first account. I do the same thing on Linux; my user name is not in the privileged list. If want to be root, I damn well have to do it on purpose.

    And, no, Flash is not available on either of our accounts, or the privileged ones.

    At most, on the Mac, I MAY bother to do software updates by switching the screen to the other account, but Apple breaks enough stuff, and slips in enough sho

  • by zeet (70981) on Wednesday May 18, 2011 @07:59PM (#36172994)

    Many of the Windows ones look like a specific default theme - XP's blue Luna theme or the default OS X theme. How about if the default color scheme was mildly randomized? It wouldn't change things for users who set things to something other than the defaults, but that way everyone who just leaves it at the default settings would have slightly different colored windows. They would know their 'system color' and a fake window would stand out like a sore thumb as it would be a different color. The range of random colors would not even have to be that large to make it obvious to most people. If the Mac default color was 'nearly gray' instead of pure gray, nobody would notice until a fake window popped up that was a different gray.

Someone is unenthusiastic about your work.

Working...