Apple Snubs Security Firm That Spotted Mac Botnet 409
Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"
Re:there is no Apple AV group (Score:4, Informative)
Flashback isn't a virus...
'We don't know the antivirus group inside Apple.' (Score:2, Informative)
Because there isn't one?
*rimshot*
Blaming the messenger (Score:5, Informative)
"I found a security hole in your OS....."
"It's your fault scumbag. Keep quiet!" - Apple. Other companies have tried the same tactic, trying to silence/punish security people from publishing known holes. Like Microsoft. Sony. Nintendo. The Bluray Cartel.
'We don't know the antivirus group inside Apple.'" (Score:5, Informative)
Because there aren't any, I worked for them and customers that called in were routinely told there is nothing to worry about when it comes to malware.
On their corporate side you would be amazed at who states exactly the same thing when they should know better.
Just a taste:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=OS+X&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve= [exploit-db.com]
"We don't know the antivirus group inside Apple"? (Score:1, Informative)
Seriously? Is it really that difficult for a security company to search for "security" on apple's website and find this page?
https://ssl.apple.com/support/security/ [apple.com]
Re:there is no Apple AV group (Score:5, Informative)
Granted, this is
Re:Mac's don't get malware (Score:5, Informative)
Can you please provide any links to folks that have claimed that Macs dont' get malware?
Here you go:
Mac Commercial (produced by Apple) [youtube.com] and Apple's own webpage [apple.com]
And yes, "viruses" are not the only kind of malware out there- most people on /. know that. But no one else in my family does, and neither do the vast majority of people those two examples target for marketing. Apple's claim that Mac's don't get "viruses", in my mom's mind, equate to "Apple's don't have malware".
No overwhelmingly surprising (Score:5, Informative)
Re:Mac's don't get malware (Score:4, Informative)
Re:Blaming the messenger (Score:5, Informative)
Re:"We don't know the antivirus group inside Apple (Score:4, Informative)
'We don't know the antivirus group inside Apple.' means they haven't been to able to talk to them and get to know them. I saw the website, and I feel safe saying I don't know the Apple AV group. I'm sure Sharov found the website. As they said in the article, they just get no response from Apple.
Re:there is no Apple AV group (Score:5, Informative)
Apparently I still go by the traditional definition. What do you think I'm missing?
Re:Mac's don't get malware (Score:2, Informative)
Sorry but that says ,"Macs dont get PC viruses" which is 100% correct. It's just like Microsoft saying "everyone loves windows" IT's true just out of context and misleading.
Re:Not a virus, numbnuts (Score:2, Informative)
I think we might as well get over having lost this battle. All of the major media outlets (and thus the vast majority of Mindless Media consumers) are calling it a 'virus'.
You don't get a trojan from just surfing the web. Installing kracked software from TBP and then authenticating with your admin password is a loooooong way from random innocent people getting clobbered by drive-by malware.
Re:Mac's don't get malware (Score:5, Informative)
Re:Mac's don't get malware (Score:2, Informative)
Re:there is no Apple AV group (Score:5, Informative)
It sounds to me like it's exploiting a Java vulnerability using an applet that does not disguise itself as something useful, it is specifically to install the payload. That sounds like a traditional virus.
A virus is self-propagating. AFAIK, while this does propagate over networks, it isn't self-propagating (i.e.: infected nodes don't go around infecting other nodes). Hence, not a virus.
That's not to diminish its threat; simply that correct taxonomy aids in discourse towards finding a solution, and preventing similar malware in the future.
Yaz
Re:Mac's don't get malware (Score:5, Informative)
You're right how dare they, "get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit."?
"According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com."
Source: http://news.drweb.com/?i=2341&c=5&lng=en&p=0 [drweb.com]
Gotta be careful downloading all of that "kracked shit" from manufacturer's own websites.
Re:Mac's don't get malware (Score:5, Informative)
Also:
As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
From here:
http://www.pcmag.com/article2/0,2817,2402641,00.asp [pcmag.com]
So - yes, it required a trojan-esque password entry to fully activate, but it installed and was active even without it. Which means that it was probably ready and waiting for the next legitimate use of a password entry.
Your walled garden has been breached, and instead of putting your head in the sand, perhaps you'd better wake up to the fact that yes, security really is, at the end of the day, the user/owner's responsibility.
Re:And the users are blaming Java, not Apple (Score:2, Informative)
Have already seen numerous comments from fanboi's that it's "Java's fault" and "Apple is stuck fixing someone else's problem". So Apple is going to get a pass on this one at least from their users.
Actually, when it comes to java, it IS Apple's fault.
Apple made a deal with Sun/Oracle that Sun/Oracle would no longer release java for the mac. Sun/Oracle passes along the code to Apple, then Apple distributes it after modification.
As a result, when serious flaws are discovered/announced in java, it takes many months for patched versions of java to be available for the mac. Until then, macs have a well-documented security flaw that is easy to exploit with a simple web page.
Re:there is no Apple AV group (Score:3, Informative)
A virus is self-propagating. AFAIK, while this does propagate over networks, it isn't self-propagating (i.e.: infected nodes don't go around infecting other nodes). Hence, not a virus.
No, a "virus" propagates when you boot your computer from a floppy disk that you got from your friend. A "worm" is the one that goes out on its own over the network.
Re:there is no Apple AV group (Score:2, Informative)
I can think of several in recent memory. Hell, Stuxnet (remember that?) used at least 3 different methods to ensure it gets installed by USB drive. And viruses do exist, because otherwise airgapped networks would be perfectly safe from them.
The big one was an exploit using Windows Explorer's auto-thumbnail processing. And Stuxnet was also a worm because it tried to find vulnerable hosts once introduced inadvertently to the secure network.
And given the poor security of SCADA systems out there and everyone saying they should be airgapped, well, Stuxnet proves you don't need an internet connection to still be vulnerable.
Oh, hell, didn't the USAF get infected with a virus? Apparently they brought USB drives containing map updates to the Predator control computers and those got infected. Sure they couldn't do much (yet...), but it goes to show.
Nevermind those infected iPods, LCD photoframes, hard drives and other stuff that came out of the factory with viruses on them that infected the user's PC. Older, but probably still relevant.
Re:Mac's don't get malware (Score:5, Informative)
Re:Mac's don't get malware (Score:4, Informative)
Apple does believe macs are PCs.
http://technologizer.com/2010/12/16/apples-mac-store-is-a-go-and-the-mac-is-a-pc/ [technologizer.com]
Re:Mac's don't get malware (Score:2, Informative)
A four legged animal isn't necessarily a horse. Windows is the only platform that can get a virus, but any platform can get a trojan. Both are malware, just different kinds of malware.
Re:there is no Apple AV group (Score:5, Informative)
Woo pedantic! Here are the given definitions, as I understand them:
Virus = self-propagating, but does not run on its own. Requires some legitimate program which it exploits and modifies saved data to maintain itself. For example: a virus would enter a system as an infected word document, which would add macros into your copy of word infecting all of the word documents you edit after becoming infected. In general, the virus itself is not very useful, but frequently they're used as a piggy-back which downloads a...
Trojan-horse = program which gives a malicious user control over a system remotely. This is frequently done via IRC, but newer programs have become far more sophisticated using P2P protocols of their own design or hiding it as fake HTTP requests making traffic analysis more difficult. The trojan horse itself is NOT self-propagating, but it will put a ton of hooks around the system to re-download/re-deploy itself if it gets shut off. In general its only goal is to just keep running and allowing the malicious user to abuse the machine. Now frequently the malicious user will use the trojan horse to send out fake emails or other things which leads to propagation, but the program itself doesn't necessarily do it.
Worm = program which attempts to spread itself. It gets on a host machine and does something (normally immediately, sometimes with an incubation period, frequently involving email, sometimes 0-day exploits to networked computers) to try and get to more machines. After it has attempted to spread itself around, it will frequently follow-up by downloading a trojan horse, or sometimes it will contain the trojan horse functionality itself.
Straight up worms have kind of fallen out of style these days though. They're a bit too obvious and their repeated, predictable behaviour leads to them being spotted and blocked after not very much time out in the wild. And without some sort of trojan horse functionality there's not much point. Trojan horse functionality allows a central command to update the code and makes the worm a more useful product, eventually getting it on more computers and keeping security researchers guessing longer.
Anyway, hope this actually gets modded up by someone and people use these and or tell me I'm an idiot.
Re:Mac's don't get malware (Score:4, Informative)
Cast your mind back to the early 1980s, the era of the Commodore PET, the ZX81, the TRS 80. They were all personal computers, known as PCs. Then in 1981 IBM launched the IBM PC and swiftly manufacturers sprung up selling IBM PC compatibles. Within a year the letters PC had developed dual connotations - personal computer and PC compatible - compatible with the IBM PC. This duality of meaning has survived to today, so while you can (correctly) fulminate that the Mac is a PC, others will (correctly) fulminate that it isn't. You'll have to get used to that, I'm afraid.
Re:Mac's don't get malware (Score:5, Informative)
Just for kicks:
"The App Store revolutionized mobile apps. We hope to do the same for PC apps with the Mac App Store by making finding and buying PC apps easy and fun. We can’t wait to get started on January 6."
--Steve Jobs