Apple Support Forums Suggest Malware Explosion

dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"

The Only Feasible Strategy...

[Azadre]

Make everything install through the OS X App Store ;)

Re:OSX

[zonky]

I realise you're trolling but there are two common malware paths these days: (1) Drive by Downloads - where exploits in things like PDFs, or Flash cause Remote Code Execution on the affected users box, by exploiting flaws in installed software. Hopefully privileged elevation requiriring sudo or UAC will prevent these programs running as admin/root, but often it's just enough that these apps run as a user class. (2) Stupid Users- people who have been trained to download anything from anywhere and just run it. OSX, like Windows, is vulnerable to both, because the software distribution model is totally broken. The app store may help, but i'll still put my trust, for now, in the linux repo model.

Macs have never been malware/virus proof

[Bloodwine77]

PC users knew all along that the only reason Mac users went relatively unscathed throughout all those years is that the Mac install base was too small to bother. The more popular Macs became, the bigger the target on their backs.

Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.

Being unpopular does not mean you are safe, but it doesn't hurt. Crackers, virus writers, malware creators, and botnets target the path of least effort.

Re:OSX

[Anonymous Coward]

Windows is much more robust that it used to be, and becomes moreso every time a Tuesday patch is released. The kernel is only a small part of the OS as a whole, and OSX has not been battle-hardened nearly as much as Windows has been. As Apple becomes more popular and even somewhat useful for those of us who are not the hipster content creator types, you will see that bullseye become larger and larger and I for one cannot wait for that first killer virus that spreads like wildfire, steals data and wipes machines across the world, and wipes that smug grin off of every Apple user's goatee-decorated face.

Re:OSX

[Targon]

That is a foolish way to look at it, since there are so many layers between the kernel and the user at this point. You can take a great foundation and put something with a poor structure on top of it, or you can work around a weak foundation with a lot of engineering on top to avoid problems. MacOS X has been proven to have a lot of weaknesses, and while the CORE of the OS may be good, there are many flaws on top that can be infected or exploited. Only an idiot would assume that they are safe with MacOS right now since Apple takes years to fix any vulnerability that is found.

Re:Finally!

[Anonymous Coward]

Finally! I am so sick of smug Mac users talking about how Macs can't get viruses because they're so secure.

Well, this still is no virus... Manually installing malware and typing in the administrator password to do it is bad. But no virus.

Re:Finally!

[0racle]

It's not a virus, it's a trojan. You can't technically fix stupid; users that install everything they see will always be the weakest point in system security.

Re:Macs have never been malware/virus proof

[migla]

>Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.

Yes. But I think it would be easier to get Linux users to just stay with the repositories of open source code, than to download all kinds of crap from everywhere. Not all users, but a lot of them.
That should disarm the threat somewhat.

Not A Virus

[GFLPraxis]

The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware. It can't propagate itself nor install itself automatically from a web site. People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac. Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.

Tempest in a teapot

[doggo]

Pffft! Whatever.

At work I worry about our Dells running Windows. But not our Red Hat server.

But hey, we use AV on our machines.

At home I don't worry about my Mac.

Much ado about one malware kit. Overblown.

And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.

What is ZERO to TEN?

[Vitriol+Angst]

When they "explosion", do they mean more than a dozen?

Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."

I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.

>> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.

I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.

Re:Easy...

[MartinSchou]

How does Linux prevent you from installing bad stuff onto your computer?

The installer asks the user to enter their admin password - and they do. That's why they get infected.

But I'm sure you can explain exactly how Linux' security model prevents a user from using sudo to install rogue programs. And if you can't come up with something better than "the user account shouldn't have have wheel rights", then you need explain how the user is ever going to install useful stuff that requires sudo.

You cannot protect a user from himself - at most you can make it difficult for him.

Re:Macs have never been malware/virus proof

[shutdown -p now]

Most Linux users today fall into two categories: either they are more or less geeks, and understand the concept of software security (and how it relates to using official repositories); or they're "aunt Tilly" type users who had Linux set up for them by their geek children or grandchidren - those don't install software at all, and thus immune to PEBKAC malware vector.

On Windows and OS X, on the other hand, the majority of users are those who are aware of the ability to extend the OS by installing third-party apps, and capable of doing so, but not understanding full security implications of that. Hence why it's a problem there.

Should Linux overtake Windows and/or OS X in their markets, it would also get that part of their userbase, and inherit the same problem.

Re:Not A Virus

[recoiledsnake]

The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware.

It can't propagate itself nor install itself automatically from a web site.

People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac.

Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.

I believe that the vast majority of malware targetting Windows also uses social engineering and not exploits. Things like ASLR, sandboxing etc. have made it hard for real exploits so instead the blackhats have gone for things like fake codecs, fake smiley packs and fake antivirus applications. Even granting your point, usually Safari is one of the first to fall in contests like pwn2own which use drive-by exploits and not social engineering.

Re:Bring out the FanBoy!

[jo_ham]

The "hole" here is the user.

It's a trojan that you need to download, unpack and then manually install, giving your admin password along the way.

Other than taking away the user's ability to install software (hey, isn;t everyone yelling about how evil Apple is for going for a walled harden approach on iOS?), I fail to see what they can do here, other than educating users on the dangers of installing untrusted software.

I am all for railing hard on security - if there are security issues they need to be dealt with (like the change in behaviour of Safari if 'open safe files' is checked - I do not believe any file from the internet can be classified as 'safe'), but this is such a very big storm in a socially engineered teacup.

Another user posted a screenshot of what you see if you click on a link that takes you to the malicious server (I got sent to one via clicking an image in Google Image Search, for example): http://imagebin.org/153902 [imagebin.org]
It clearly uses your UA string to detect what OS you have and displays an appropriate con. The one I was shown actually animated, with a progress bar moving along as it "found" the malware you can see in the image and then "completed" to show that dialog box.

The security culture is going to have to change, but since when is that new? Social engineering is an enormous hurdle to computer security.

So, let me be clear - there is no "security update to combat that problem" that Apple will "eventually" release. Did you even read anything about it at all before posting? Oh wait, this is /. - I'm amazed you even read the summary.

Re:Protect users from themselves?

[grumbel]

Is it possible to protect a user from themselves?

Yes.

If a user chooses to install some software and it turns out to be rogue then that's not the fault of the OS

Wrong.

it is the nativity of the user.

Wrong again, its the historical ballast of 30 year old OS design that hasn't kept up with times.

But then people would complain about lack of freedom.

Freedom and security are not opposites, they go hand in hand. The problem with todays OS design is that it provides application freedom, while it should focus on user freedom. A good OS should allow a user to run whatever piece of software he wants without fear of system corruption, data theft or anything else. Instead todays OS to the opposite, they force the user to carefully select which apps to run as he has no way to limit what an app might do.

Simple steps for a much more secure OS (really not that much different from a application running in your browser):

1) run all apps in complete isolation
2) make file load/save dialogs a part of the OS, so that the app can exchange data without ever having filesystem access

Re:If they keep taking 8 months to fix security bu

[bonch]

Malware has been "about to explode" on the Macs for the last 10 years according to pundits. People, this is Ed Bott's Microsoft blog. Why are you falling for such obvious flamebait?

I love these dramatic phrases like "about to explode" and "malware explosion."

Re:Not A Virus

[__aaqvdr516]

Stupidity is platform independent.