Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Botnet Security Apple

Apple Snubs Security Firm That Spotted Mac Botnet 409

Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"
This discussion has been archived. No new comments can be posted.

Apple Snubs Security Firm That Spotted Mac Botnet

Comments Filter:
  • by crazyjj ( 2598719 ) * on Tuesday April 10, 2012 @12:48PM (#39634007)

    Why would they communicate with a supposed security researcher who doesn't even know that?

    • With Steve Jobs' holy ghost blessings.., I for one recommend this final solution to wipe the terror botnet hive.
      http://www.youtube.com/watch?v=2s1MspmfEwg
    • by Anonymous Coward on Tuesday April 10, 2012 @01:31PM (#39634799)

      "It doesn’t get PC viruses."

      In other news, my electric car doesn't suffer from problems caused by low quality gasoline.

    • by dstyle5 ( 702493 ) on Tuesday April 10, 2012 @02:05PM (#39635297)
      Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise.

      Slashdotter who is Apple customer Testimonial: "I thought it was just an innocent file containing photos of goats..."
    • Wow. I don't know what's worse; Apple spreading this garbage or consumers believing it. Had the link not been provided, I'd not have believed they said it.

      Fun game, substitute "data" with various other nouns, like "kids" and enjoy measuring how true the statement still is.
    • Though people will pile on Apple (rightfully, see more below) you do need to remember that this hubris is somewhat justified. There was a time when Windows had tens of thousands of viruses to Mac OS's maybe, 8. Macs were just more secure. This was early web days, and there was some department of the government that recommended Mac OSX webservers. Partly because of design, partly because of the PowerPC chip which was hard to write exploit code for. Windows machines were defective by design. Outlook viruses w

  • by alen ( 225700 ) on Tuesday April 10, 2012 @12:53PM (#39634097)

    Mac's don't get viruses. it used to be magic pixie dust protected all the Mac's but my MacBook Pro and others bought since the death of St. Steve are protected by His Spirit

    • by HarrySquatter ( 1698416 ) on Tuesday April 10, 2012 @12:55PM (#39634157)

      Flashback isn't a virus...

      • by revelation60 ( 2036940 ) on Tuesday April 10, 2012 @01:01PM (#39634281)
        It's a feature.
      • by tacarat ( 696339 ) on Tuesday April 10, 2012 @01:06PM (#39634349) Journal
        The current version downloads and installs itself. No human interaction required besides viewing an infected webpage. Don't confuse the "viruses are impossible to get on a Mac" crowd more by trying to make them learn the subcategories of malicious software. The fact it was originally a trojan that required the admin password to install versus the drive by installer requiring none is something more for the academics quibble about, not the end users.


        Granted, this is /., so it's academics and fanboys anyhow >.>
    • by ColdWetDog ( 752185 ) on Tuesday April 10, 2012 @12:56PM (#39634177) Homepage

      Ah, but you're right. This isn't a virus. It's a trojan. And we all know that Trojan's protect dicks.

      (sorry Apple fans, that one hung out there just a wee too much).

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      When was the last time ANY computer got a "virus"? A self replicating piece of code that spread from that PC via contact with storage media, etc.?

      "Viruses" are long dead. They are now worms, trojans, spyware, etc. etc. They do not spread the way a real virus spreads. Its an antiquated term than people just use to mean "malware" these days.

      So apple can certainly claim they do not get "viruses". Neither do PC's.

  • by Anonymous Coward

    Because there isn't one?

    *rimshot*

  • Of course not. (Score:5, Insightful)

    by JustAnotherIdiot ( 1980292 ) on Tuesday April 10, 2012 @01:00PM (#39634257)

    We don't know the antivirus group inside Apple.

    Apple is to arrogant to admit they have any flaws, so odds are there isn't one.
    Just like with the iPhone 4 antenna, they'd rather take bad PR and have their users suffer than admit there's an issue.

  • by cpu6502 ( 1960974 ) on Tuesday April 10, 2012 @01:00PM (#39634261)

    "I found a security hole in your OS....."

    "It's your fault scumbag. Keep quiet!" - Apple. Other companies have tried the same tactic, trying to silence/punish security people from publishing known holes. Like Microsoft. Sony. Nintendo. The Bluray Cartel.

  • by Anonymous Coward on Tuesday April 10, 2012 @01:00PM (#39634263)

    Because there aren't any, I worked for them and customers that called in were routinely told there is nothing to worry about when it comes to malware.
    On their corporate side you would be amazed at who states exactly the same thing when they should know better.

    Just a taste:
    http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=OS+X&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve= [exploit-db.com]

  • "It's not the job of Russian security firms to know where our security holes are"

    And also, Macs only get malware "when you hold it wrong"

  • by gubers33 ( 1302099 ) on Tuesday April 10, 2012 @01:08PM (#39634399)
    Apple has had the benefit of so many years of being such a small market share that it did not make sense for people to create Trojans that targeted them. However, Microsoft has had to respond to threats over the years and had the time to develop processes to assess threats and work with security researchers. Apple has ended up behind the curve in this spectrum because of how long they had a small market share. If Apple is able to suck up their pride and work with the researchers they could end up being able to deal with such threats appropriately, but right now their pride is getting the best of them.
    • by sohmc ( 595388 ) on Tuesday April 10, 2012 @01:16PM (#39634517) Journal

      But in Apple's defense, the permissions structure of Macs are inherently different than on a Windows machine.

      Most mac users run at normal user level, a la Linux/Unix. When the computer needs to do something at the priveleged level, it asks for a password.

      Most Windows users usually run as administrator by default. Anytime some virus/trojan wants to do something, it just prompts the user with a "Hey, Windows Explorer wants to do something. Continue?"

      There is something different about having to type in a password than just clicking ok. Then again, Windows has so many random dialogue boxes that most users don't read them anymore.

      • But in Apple's defense, the permissions structure of Macs are inherently different than on a Windows machine.

        So? You still write a virius for it, you just have to find the weak spot. There have been virii for Unix-ish machines too,

      • by w_dragon ( 1802458 ) on Tuesday April 10, 2012 @01:29PM (#39634779)
        You don't need to be admin to be a botnet member, a user process will work just fine.
        • by IamTheRealMike ( 537420 ) on Tuesday April 10, 2012 @02:06PM (#39635325)
          Bingo. Getting root is useful but not required for viruses, and Windows has had very similar setups for a long time already. It's perfectly possible to make a program that hides itself, resists deletion, spams, steals passwords, logs keys etc all without having root and there are quite a few such viruses out there. MacOS isn't any better defended than Windows against malware, in fact it's significantly worse because so many users don't even have AV software installed (my Mac does, btw).
      • I would say that Windows users, especially with Windows 7, are running less and less under an account with Administrative permissions.
    • Pride goeth before the fall.

  • I don't know what they are talking about. What antivirus group inside Apple?

  • by VernorVinge ( 1420843 ) on Tuesday April 10, 2012 @01:11PM (#39634439)
    Apple products are overpriced, insecure, not upgradable, developed by a CEO who believed integrity is optional, and makes it's outsized profits on breaking labor laws in developing countries. Why do the supposed 'creative' class continue to support this pile of dung?
  • The iPhone is a juicy target for attackers. One wonders what attacks on the iPhone are in the wild but not generally known. Especially attacks that target individuals of interest.

  • Corroboration? (Score:5, Interesting)

    by CyberLife ( 63954 ) on Tuesday April 10, 2012 @01:53PM (#39635165)

    As with any other claimed discovery, I'd like to see independent corroboration. I'm not saying it doesn't exist, just that I personally haven't seen it. Everything I've read credits Dr.Web as the source. Has nobody else confirmed their findings?

  • In my experience... (Score:5, Interesting)

    by blueg3 ( 192743 ) on Tuesday April 10, 2012 @02:11PM (#39635391)

    Not surprisingly, the summary is not as accurate as the article.

    Sharov may describe this as "a symptom of a company that has never before had to work closely with the security industry", but the article correctly points out that it's more a symptom of having "little experience working with the community of security researchers who aim to dissect and shut down botnets." The botnet security community is different from the general security community. As far as I know, Apple has a decent working relationship with the latter. It's no real surprise they have limited experience working with the anti-botnet community, since until now they haven't really had botnet problems.

    The article also notes that Dr. Web is relatively unknown and that in the opinion of Kaspersky (which is at least more well-known), Apple is taking the usual appropriate steps.

    As far as them not getting a contact back, that disagrees with my experience in reporting a security vulnerability to Apple. You send a message to their easily-found, catch-all "security" address. In relatively short order, a security engineer gets in touch with you, and you communicate with that person from that point on. It seemed to work just fine, unless, I suppose, you're egotistical enough to think that you should be able to pick up the phone and talk to someone at Apple immediately -- which is a common-enough problem in security.

When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle. - Edmund Burke

Working...