Friday, May 20, 2011

New Mac Malware!

A new piece of malware has caused an uptick in Apple customers reporting infected machines, renewing a timeless debate on the state of Macintosh security versus Windows.

The trojan horse is called Mac Defender. It’s a web pop-up containing a spoof message that tells customers their machines are infected by a virus and they must install anti-virus software. If customers agree to install the software, the program sporadically loads porn websites on their computer.

ZDNet writer Ed Bott was first to spot a long thread of complaints in Apple’s support forums related to Mac Defender, with at least 200 posts of customers reporting they’ve been infected by the malware.

“I’ve done similar searches in the past … [and] I have never found more than one or two in-the-wild reports,” Bott wrote. “This time, the volume is truly exceptional.”

Furthering his case, Bott in a follow-up article quoted an AppleCare technician who claims that phone calls to AppleCare support have grown four to five times recently, and the majority of the calls are related to Mac Defender.

Customers and technology observers have debated for years whether the Mac is truly more secure than a Windows PC.

The general consensus among security researchers is that there’s nothing about the Mac that makes it inherently more secure than Windows — indeed, the Mac platform has been easily penetrated in the Pwn2Own hacking contest in years past. But Windows has always been a juicier target for malicious hackers because it has much larger market share than the Mac.

As a result, when customers switch from a Windows to a Mac, they’re often under the impression that they’re switching to a more secure, sterile environment where they won’t need to install expensive, resource-hogging anti-virus software. While it’s not true that the Mac is more secure, the platform is generally “safer” because fewer people target it, security researchers have told Wired.com in the past.

Bott’s discovery renews this debate: A new piece of malware seems to be fooling more Mac customers than past examples. So does this change the scenario? Should Mac customers install anti-virus software by default like most Windows customers do?

Charlie Miller, a security researcher who has repeatedly won the annual Pwn2Own hacking contest by hacking Macs and iPhones, told Wired.com he doesn’t think so.

Miller noted that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform, he said.

And while 200 posts complaining about Mac Defender in Apple’s support forums may seem like a lot, that’s still a small fraction of the millions of Mac customers in the world.

While Mac Defender does show that the problem is getting worse and people should be more wary about malware, it doesn’t necessarily mean that every Mac user today should rush to buy anti-virus software, Miller said.

Ultimately, it’s up to the customer because there’s a trade-off involved. Anti-virus software will help protect your system from being infected, but it’s expensive, uses system memory and reduces battery life.

“Mac malware is still relatively rare, but is getting worse,” Miller said. “At some point soon, the scales will tip to installing antivirus, but at this point, I don’t think it’s worth it yet for most people.”

In looking into the effects of Mac Defender, Wired.com’s sister publication Ars Technica did a thorough investigation on the state of Mac malware, speaking with 14 Mac support specialists.

“The truth is hard to tease out,” ArsTechnica’s Jacqui Cheng wrote. “Partly because Mac OS X still makes up a comparatively small percentage of the global OS market share, and partly because Apple itself is a secretive company, it’s not easy to find out whether malware on the Mac is indeed becoming more common, or it’s simply being reported on more often.”

The results were all over the map, with most certified Mac support specialists logging a low number of malware reports. But some Apple Genius Bar technicians noticed an uptick in malware instances, thanks to Mac Defender.

Though the conclusion is unclear, the moral of this story is to be wary that Mac malware is in the wild, and be cautious about installing sketchy software from unfamiliar sources. Mac Defender may be the first wake-up call for people who believed that Macs don’t get viruses.

---------------------------------------
This is what I've been talking about.  The Malware is out there for Mac as well.  It's also reasonable to believe that there are some Mac computers out there that have Malware or are acting as Bots and the impact on the computer may not be enough for the untrained user to notice.  And they may never know if they don't have security software.

21 comments:

  1. The only ones that allowed the bogus "MacDefender" to infect their own computers were those who had become convinced (by doomsayers like Dave) that they ought to install antivirus software. Ironically, people who trusted in OS X's inherent security weren't fooled into allowing this trojan in.

    ReplyDelete
  2. So, mac users were too stupid to know the difference.

    ReplyDelete
  3. Good call Anonymous.

    What is the excuse for the millions of Malware infected PC's then?

    ReplyDelete
  4. Believe me, there are lots of stupid PC users as well. No hiding that. But Mac users are no better and no OS is trouble-free. So the extra money you pay for a Mac really doesn't give you any advantage. There's no "you get what you pay for" there.

    ReplyDelete
  5. "So the extra money you pay for a Mac really doesn't give you any advantage."

    Which decade are you living in? Long gone are the days of Apple being overpriced compared to PCs. Take example, the current top of the range iMac. It's expensive. However it is the only place you can get the latest i7 chip - Apple released hardware before Intel let anyone else sell it. The lower price machines are about the same price as any named box maker, Dell, Lenovo etc. When you spec their machines to match the machines Apple have available.

    Apple's RAM prices are outrageous. No-one, or very few, buy RAM from Apple's site.

    When you look in the tablet space it looks like Apple's pricing is the target to beat and that is pretty hard to do from the current competition.

    "But Mac users are no better and no OS is trouble-free."
    This is a social engineering exploit. It warns you that your machine is infected with a virus and downloads and installs some software. IF YOU GIVE IT YOUR PASSWORD. Social engineering. The OS does nothing with the file if you don't give it your password. There are no self propagating viruses on the Mac in the wild. The bad guys have to use social engineering tricks to get any traction on the Mac.

    But I don't expect you to see the difference as that spoils the thrust of the article, doesn't it?

    ReplyDelete
  6. Um no. The top of the line iMac is way more expensive than the best PC. On top of that, there is more software made for PC so it is the better value. Apple does have a good hold on the tablet market for now but the Android devices are really growing and will probably overtake Apple very soon. At least that's what most experts say. I read that iPad sales dropped about 30% in the last few months due to the rapid growth of Android tablets.

    There are definitely self-propagating viruses on Mac and always have been. I knew someone that had a Mac and got a virus through iTunes and it spread thru her email to all her friends. Social engineering is a very powerful way to spread malware but it's not the only way to infect a Mac.

    ReplyDelete
  7. Macs are so much less likely to suffer the consequences of malware than PCs that It's pathetic the way the haters have to reach for examples (dig way back into pre-OS X history, submit unqualified anecdotes, reference laboratory proofs of concept exploits, and trojans where the user must deliberately grant access).

    At every turn, the haters exaggerate Apple's flaws and overlook the competition's. I think the purpose may be to distract themselves from the misery of their own purchasing decision. It comforts them to imagine that Apple users suffer as they do (if not now, then someday real soon).

    ReplyDelete
  8. 'The top of the line iMac is way more expensive than the best PC."

    OK here's the spec:
    3.4GHz Quad-Core Intel Core i7
    4GB 1333MHz DDR3 SDRAM - 2x2GB
    1TB Serial ATA Drive
    AMD Radeon HD 6970M 1GB GDDR5
    Apple Magic Mouse
    Apple Wireless Keyboard

    Remember this is the Intel Core i7 Sandy Bridge processor @ 3.4 GHz

    Here's the test. Go to Dell, HP and spec up an equivalent machine.

    Post the price.

    Apple's price is $2,199.00. This is the top of the range iMac at present.

    Here is a clue. Dell only do AMD chips in their all in ones.

    ReplyDelete
  9. Show me ONE single SYMPTOM from a "virus" or "malware" on OSX *WITHOUT* the user running an installer, and inputting their admin password. You won't be able to find any. Their hasn't been a single SYMPTOM from any of these "threats" EVER on OSX. Anyone can install a program to f**k up their computer - duh! I can also willingly shoot myself in the foot! Should I walk around with bullet proof shoes to prevent myself from shooting myself in the foot? I know, I know ... I'm getting really philosophical here. But isn't philosophy what this issue is really about? People *think* their are threats to Macs, however the only threats have been things that would be considered a comical self inflicting wound. Again, show me ONE symptom that has appeared on OSX without the user going through a full blown installer.

    What did the MacDefender program even do to the OS? NOTHING! OOOHHHH NOOO it put a startup item in my startup items list!!!! OMG!?!!?! Ok lemme start this serious virus removal by removing the startup item! OK done...that was friggin hard!!!

    If I really gave a rats behind about some self inflicted wound that I did to myself such as MacDefender, all I would have to do is boot off my Leopard disk and run an "Archive and install" which would leave my user folder and applications intact while completely rebuilding the OS. All better, and without any noticeable change! Too bad rebuilding your computer on Windows isn't as easy as that! Poor Windows users =[ . So let it be known that even in the case of the laughable "Macapolipse", all the Mac users will need to do is boot off the OSX Boot DVD and run an "Archive and install". Sounds scary!

    Their aren't any current threats to OSX other then the user's stupidity. I don't like to resort to insults, but when people act like these lame-duck attacks are anything Mac users should be worried about - it's insulting to the truth. As I said before, when ONE person can show ONE symptom from an attack without running an installer and entering your admin password - then I'll give two s**ts about what these ignorant fear mongering n00bs say about Macs.

    ReplyDelete
  10. my bro-in-law had a virus on his macbook air that came in through itunes. He never entered his admin password at all, he doesn't even know it so he would have had to ask me. He didn't notice it right away but then one day he had a problem getting online. He had someone look at it and it turns out it was a virus(or malware) and someone got a hold of the CC# he uses only for itunes and now he's fighting a case of identity theft. Sounds like this virus caused considerable damage. I don't now if this is related to the other itunes accounts that get hacked, but it still sucks. Do you give two sh*ts now or do you want to just say I made it up?

    ReplyDelete
  11. Either way guys, I just wanted to say thank you for coming to my site. The more content and comments I get here the more traffic I get. It gives the site credibility. I'm approaching 30,000 visits so, again, THANKS!

    ReplyDelete
  12. @Jeff

    I'm not saying you made this up (after all it's just hearsay anyway).

    This anecdote raises several questions. Who is the expert that "looked at it" and made the determination? Which Virus or malware was it? How did it actually "come through iTunes"?

    It could be that someone just guessed his iTunes password and hijacked his iTunes account. Or maybe he responded to some fraudulent email masquerading an official Apple communication and inadvertently gave out his iTunes (not admin) password. Does your brother also have occasion to run Windows on his Mac? (Unfortunately some people do.)

    Without knowing what actually happened, it's not at all clear that AV software would have made a difference in your brother-in-law's case.

    By the way, Charlie Miller, the very same guy who routinely manages to hack the Mac in the Pwn2Own contests, when asked if Mac users should install anti-virus software by default like most Windows customers do, told Wired.com he doesn't think so.

    http://www.wired.com/gadgetlab/2011/05/mac-malware/

    ReplyDelete
  13. Well, all I know is the tech said it was something downloaded into his itunes library that was infected and hijacked his email. No he did not respond to a fraudulent email and he does not run Windows (unfortunately for him) on his mac. He never told me the name of the malware was but I know it wasn't some accidental click. The tech did recommend he use AV in the future.

    ReplyDelete
  14. This is not a Mac problem: it's a user problem. If the user downloads this program, then the OS is doing exactly what the user tells it to when it runs it. Windows would do the same thing.

    The only reason this caught on at all is because it's new. There has been a software update that will now give a warning when visiting a website with this software.

    Also, is this site for actual Apple haters, or is it a satire of Apple-hating? I can't tell. Some of the things you say are so blatantly absurd and fanboi-ish that I can't help but feel they're a joke.

    By the way, I'm a Windows and Mac user. I have no special love for Apple. I just think that you should deal in the truth rather than blatantly false flame.

    ReplyDelete
  15. Also, due to your comment above, I shall never visit this site again. Given that almost every comment is negative, it gives your site publicity, but not credibility. And 30,000 views is nothing. One of my (well, not MINE, but I worked on it) Youtube videos got about ten times that in a day. It's a parody of Friday. Yes, hate me for making yet ANOTHER parody, but one of the hundreds of parodies up has more views than your site.

    Sorry for the double post.

    ReplyDelete
  16. Well. actually, it IS a Mac problem because that Malware creation kit was made specifically for Mac OS X. And I'm not saying 30,000 views is going to take over the internet but for a simple blog, I'm happy. Oh and yes, this is an Apple hating site but most of the things said here are from reviews, articles and news from the web, not me. I don't really care if you never visit this site again.

    ReplyDelete
  17. A good many of those views wore probably mine. :)

    ReplyDelete
  18. GUYS!!! HACKERS FUCKED MICROSOFT AND THEY WILL SOON FUCK APpLE TOO!! you really think there can be a TRUELY secure os....pfff...please go cry in a corner with lame iphones and slowcoached ipads.....LET THE HACKING BEGIN BITCHES!!!! HEHHEHEHEH

    ReplyDelete
  19. Simply put, no one is safe from hackers or malware.

    ReplyDelete
  20. Some are more exploited than others. Along with the bragging rights of market share go the perils of attracting malware.

    ReplyDelete
  21. Well, most Mac users are oriented to do as they are told by their Apple appliance. So, they are less likely to question a message from the all-knowing Mac-OSX in front of them.

    So, they are already primed to accept trojans of this sort. Let the games begin!

    ReplyDelete