Feeds

back to article Malware authors target Mac emerging markets

Cybercrooks are looking beyond PCs running Microsoft as targets for attack, with Macs increasingly in the firing line of hacker activity. That's according to the latest edition of the SophosSecurity Threat Report, which predicts that - based on early flaws with the inbuilt Safari browser - Apple's iPhone devices might also …

COMMENTS

This topic is closed for new posts.
Stop

groan

No, seriously. groan.

0
0
Thumb Up

Malware on a Mac needs things that the OS doesn't supply

There are always ways for a thumb suckingly idiotic user to fsck things into the ground but s/he really got to work at it on a Mac.

Installing malware requires that the moron actually enters his password.

Even at that, it can affect his account while not necessarily screwing up the root account.

All in all, turning off the "automatically install" options and forcing the user to ask himself "Why the hell does this browser/web page want me to install something?" is usually enough to defeat viruses.

0
0

No Mac virus since 1992?!?

I guess I can expect the usual stream of abuse for daring to suggest that any Mac was ever affected by any form of malware whatsoever, but, leaving aside the period in the mid-90s when Mac users became Typhoid Macro Mary, has Tony Smith never heard of AutoStart or SevenDust? AutoStart in particular did a great deal of damage in the late 1990s, and to suggest that no malware, viral or otherwise, has had any impact on any Mac OS version since System 7 is, to put it politely, poorly researched. Mac users may never be at risk to the same extent as Windows users are now, but to rewrite history (or, perhaps even worse, be unaware of history) does no-one any favours.

0
0
Bronze badge
Gates Horns

hmm.

So a company that sells Mac anti-virus software is making claims that Macs are now much more prone to viruses and people should therefore purchase more anti-virus software? Then claims that their dire warnings aren't an excuse to drum up sales?

Does anyone other than me take this kind of advice with more than a grain of salt?

OK, I'll buy the idea that social engineering attacks will affect any system. Hell, if you could do a social engineering attack on a Multics system you could probably breach the security on that too. Since computer users in general are pretty clueless, social engineering attacks will generally work unless it's possible to lock out the user from the admin side of the machine while still allowing the user to perform useful work. Which you can do with MacOSX/*BSD/Linux/UNIX[tm] (a.k.a. "unixen" just because) but you still can't do with Microsoft products.

However, I somehow doubt that unixen, even with their primitive core security, will ever be as easy to breach as MS Windows - a system that was built from the ground up without any security, then had ineffective security theatre bolted on at the last minute.

I'm also quite amused by the article claiming that "Word macros" are also a problem. Yes, that would be "Microsoft Word", correct? Maybe the real problem is Microsoft software after all?

0
0
Anonymous Coward

Q&A

Try to fill those missing answers:

Are there OS-X viruses/trojans in the wild?: YES

How many?:

Are there Linux viruses/trojans in the wild?: YES

How many?:

Are there Windows viruses/trojans in the wild?: YES

How many?:

Furthermore:

What is the level of awareness and security perception of the typical user of those platforms:

OS-X: LOW (think about "switchers", leave out hard-core users)

Linux: HIGH

Windows: FAIR

You see, AV vendors smell easy money by addressing the emerging market of users that do not know they have a fairly secure system by design.

The title should say:

"AV Vendors target Mac emerging markets"

And they do by spreading FUD.

Where is an icon with Bill and Steve hugging dearly?

GB

0
0
Jobs Halo

Social engineering

Charles-A Rovira writes that you have to be a moron to install malware onto your Macintosh.

The financially-motivated malware that we have seen so far for the Macintosh typically disguises itself as a Codec to allow the Mac user to view a video. So the user *does* have a good reason to install the program that the website is telling him to download, and *does* have a good reason to tell his Mac that "Yes, carry on.. this is okay with me" if it brings up any security concerns about installing the code.

It's all about social engineering. It's the human element which is the big vulnerability - not which OS you're running. Mac users need to accept they are just as vulnerable to social engineering as their PC cousins if they're going to have a fighting chance at reducing the likelihood of attacks against Mac.

But there's an opportunity for Mac users right now to send a message to the bad guys that it's not worth looking for money on Apple computers. If enough people resist the social engineering, and don't fall for the tricks being pulled by the hackers to lure them into downloading Mac malware, then chances are that the cybergangs will return to their Windows roots and leave the Mac community alone.

It's like throwing chips at seagulls - if you keep giving them chips they'll come back for more. Don't get infected, don't be fooled into behaving unsafely, and you should be able to keep Macs as the much safer place that it currently is compared to Windows.

Graham Cluley, senior technology consultant, Sophos

0
0
Flame

@yeah, right.

> a system that was built from the ground up without any security,

> then had ineffective security theatre bolted on at the last minute

So the only version of Windows you have used/understand is the 95/98/ME?

You may argue about quality and technical merit of design, implementation and default settings - but the Windows NT versions (inc 2K/XP) were built with security in from day one! - Just everyone has tended to run as Administrator (seem to recall similar from some Linux distributions installers not too many years ago and something like that on Mac forums when the first OS X hit headlines a couple of years ago) and far too many apps are written without regard for security (so only run as admin) which no one will dump or clean up their act until things like XP SP2 started forcing them to

0
0
Anonymous Coward

@ By yeah, right

> a system that was built from the ground up without any security,

> then had ineffective security theatre bolted on at the last minute

So the only version of Windows you have used/understand is the 95/98/ME?

You may argue about quality and technical merit of design, implementation and default settings - but the Windows NT versions (inc 2K/XP) were built with security in from day one! - Just everyone has tended to run as Administrator (seem to recall similar from some Linux distributions installers not too many years ago and something like that on Mac forums when the first OS X hit headlines a couple of years ago) and far too many apps are written without regard for security (so only run as admin) which no one will dump or clean up their act until things like XP SP2 started forcing them to

0
0

@Charles-A Rovira

"Installing malware requires that the moron actually enters his password"

No it doesn't, not if it uses a security loophole, buffer overrun, that kind of thing.

0
0
Silver badge
Thumb Up

FFS

Here we go, I own (anything other than Windows) and it's perfect.

Just like the Titanic was unsinkable

just like Alcatraz was unscapable.

There will be attacks and exploits and while the smug bastards sit there going, Oh yeah ,we you need to be thick and run the software etc etc. Just remember how early MS expliots can to life. As software becomes more complex and easier to get to (DSL, bluetooth, WiFi), then there will be flaws, regardless of your systems.

So grow up and take note, it will happen, anyone who thinks otherwise is sadly mistaken

0
0
Jobs Halo

Squeaky clean, and smug with it

Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none.

0
0
Black Helicopters

@ Anon "Q&A"

Spot on!

I was going to place similar comments, but you have beaten me to it.

Well done!

0
0
Boffin

@yeah, right.

I have to say that I'm extremely satisfied with the security, stability, compatibility & performance of my Windows ME system & I advise all MacBook, MacBook Pro, MacBook Air, iMac, Mac Mini & MacPro owners to format their hard drives and install WinMe (for very cheap copies, goto e-bay).

I promise, you'll never regret it!

0
0
Bronze badge
Stop

Industry that cried wolf

Once every while one of my Mac clients phones me worried they have a virus, in every case so far, further inspection reveals the software responsible for the system malfunction to be none other than the badly ported AV shiteware some well meaning but misguided soul infested their machine with.

The whole AV industry is as much a racket as the malware they ineffectively protect the low hanging windows users with, clued up users don't need AV and AV can't protect the clueless.

0
0
Jobs Horns

@ Andy Turner

Wow there what's a "buffer overrun"? I own a Mac - it just works!

A Mac user. (not)

0
0

No real solution

Its all well and good saying that users should be more savvy but to be honest theres no hope of that.

There is still spam (OS agnostic) after all so people are still following up on these obviously dubious mails and hence perpetuating the whole thing, and spam I would have thought is alot easier to ignore as they usually so bloody obvious.

Maybe that computer license idea has merit after all :)

As an example of the how the average user fails to accept responsiblity for their computer. My sister recently caught a trojan that sent a virus loaded file to every one of her contacts on MSN, her reaction? umm to ignore it, apparently she was afraid i was going to give her a lecture. I only found out after it sent itself to me. This meant she was exposing all her friends on msn as it looks like it was pic sent from her, all because she was unwilling to accept responsiblity for her computer. AV software didn't pick this up either which i was a bit disappointed in. And then even with the use of a different package it couldn't fully remove it as the it had placed itself in system restore, manual removal was the only option. I was willing to do my research to find this out which other users seem unwilling to do.

Bootnote: AV software unfortuately has to be some of the worst on the planet, resource hog and nearly impossible to remove totally.

</rant> :)

0
0
Flame

@AC - Re: Squeaky clean, and smug with it

Bought my first Windows PC in 1993, been using them ever since.

Number of virus infections: er, none.

0
0
Bob

Live CD's

The only way to build a secure machine that's good for on-line banking, etc and is free from (technological) Trojans, keyloggers, etc. is to run an OS off a Live CD that you trust. Even if you get "infected", the infection is wiped out every time you reboot.

Of course, this is a pain...

There's also the problem of malware-infected routers. Other than the standard buffer overrun bugs, etc, in routers, a similar approach to locking down the router hardware is needed as well. Like... the software should be stored on a removable SD or CF card in the router, and the only way to upgrade the router is to remove the card and re-flash it, then put it back in. Allowing a router to re-flash itself via the web interface is insecure.

0
0
Coat

This Wouldn't Happen on Linux

It's true, I swear! Use Linux and you'll be immune from all forms of malware. And your breath will smell better, too.

(Grabs coat, ducks for cover and runs for door ....)

0
0
Paris Hilton

Squeaky clean, and smug with it

"Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none."

Well I've been using PCs since 1987. Number of virus infections: er, none.

I wonder if Paris has got any viruses?

0
0
Jobs Horns

@ Squeaky clean, and smug with it

"Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none."

Same here - except a Windows-based PC since 1996... I've never owned a Mac, nor do I intend to - they're not suitable for what I need. The vast majority of malware is avoided if you excercise some common sense and resist the BS, whether it's "double-click this .exe to see nude pics of Paris!!!!!" or "send me your bank details and I'll put £15,000,000,000,000" in your account!!!!".

It's the USER being targetted, not the OS in the case of these social engineering tricks. And many Mac users simply aren't as cautious as they might be, because they're used to not having to worry about such things, as they've not previously been targetted.

0
0
Jobs Halo

Right........

I don't claim Macs are perfect, but My Mac "recent switcher" does not get infected by web sites through the BROWSER!

The two worst ways to infect a PC are STILL IE and Outlook. Notice the worst threat to Mac security is Microsoft Office? See a pattern?

What you are saying is like saying, that if you are already a mechanic you can keep your car from breaking down. Thats fine for us, people who know how to maintain a computer. But at this point computers are ubiquitous to where they should not need hobbyist or above level skills just to be maintained.

I can leave an idiot alone with a broadband connected Mac for six months and come back and still find a clean running computer.

Anyone here who has left a clueless end user home with a PC knows what you will find when you get back. You are usually lucky if you can kill enough dubious running processes to even let you salvage data.

My Next Laptop will probably be Linux again. I like OS X, I really do. But I'm to old a geek to deal with Apple's patronization of its users and enforced 'hand holding" in its hardware support. But then again, we are not the end users.

For the home person to who the computer is like a TV not like a workbench, there is no question what they are safest with, and its not Windows.

0
0
IT Angle

do we even need anti-virus anymore

The anti-malware industry is worse than what they claim they will protect us from. Here is another example (following mcaffe and symantec) of a company who sees how bleak its future outlook is as people switch away from windows to mac and linux.

5 years without anti-virus and no infections, I guess that is because I run this vulnerable thing called Linux

0
0

Are we forgetting...

That a virus is an application written with a malicious reason. It does something you probably don't want it to do.

End users have to install and application (although worms can self-install granted, but they are few and far between)

Applications runs on Mac, Linux and Windows.

Users are the operators of Mac, Linux and Windows machines

To install an application, users are prompted with a security warning (and a password prompt normally) on Mac, Linux and Windows.

Windows has the most malware out in the wild targeting it.

Windows is the worlds most popular desktop operating system

Mac is growing quite fast.

Anyone else see why this article isn't a bad guess at the future?

0
0

@ Doc Dish

My brother is reasonably smart. He has two computers, a mac laptop and a PC he bought to run MS flight sim.

He phoned me to say that in the 10 minutes he had had the (brand new) PC on line activating windows and doing various MS updates so that he could actually use the thing, it was overrun. His AV software caught nothing. Disconnecting it and running some different AV found something like 70 different viruses and trojans, many of which it could not remove. He said the only thing to do was start again.

On the other hand, his mac has been connected for ages and............

As you've been virus free for so long on your PC, could you please let me know what "protection" you are using so that I can let him know that there is such a thing as a virus-free PC.

0
0

@Bob

> The only way to build a secure machine that's good for on-line banking (...) is to run an OS off a Live CD that you trust. Even if you get "infected", the infection is wiped out every time you reboot.

Hmm - but it's not very useful if you get infected through the browser shortly before starting an on-line session with your bank, is it?

I'll stick to using a grown-up OS, thanks.

0
0
Bronze badge
Alert

I'd Gladly Suffer A Mac Virus

before I'd ever install bloody Virex again - Jesus what a hog that thing was.

0
0
Linux

@Bit Twister

I'm sorry. I'm so very sorry they didn't have schools where you grew up and that you didn't have the advantage of any education outside of the farm. At least that's the only alternative explanation I can come up with for that comment, which is devoid of all reason.

You boot the LiveCD immediately before commencing your banking session. You can't infect the computer if there's no traffic beforehand.

Do you get it now? Maybe you'd like me to explain how bus tickets work or how to use a telephone?

0
0
IT Angle

Well ...

I've been using both Mac and PC operating systems in all their guises since 1989 and I have ever only had one actual virus (as opposed to spyware) as such: and that came from an infected disk from someone else.

It had no real payload and was quickly removed after a call from the infection source, apologising profusely.

0
0
Coat

Rather than "shoot the terrorist and win a free Xbox!"...

...might a Mac-malware-infected banner read something more like "spray the bonsai and win an organic vegetable hamper!"?

Is that what the Sophos chap means by "social engineering lures"?

Seriously, Mac folk are bright enough to see through these kinds of wheezes.

Mmm...organic vegetables...

0
0

@Anonymous Coward

> You boot the LiveCD immediately before commencing your banking session. You can't infect the computer if there's no traffic beforehand.

Let me quote from the original post, and my reply to it - apparently your dragging knuckles prevented you from reading it the first two times: 'run an OS off a Live CD that you trust. Even if you get "infected", the infection is wiped out every time you reboot.'

Says nothing about infecting the computer, does it, and clearly implies that the running OS may become infected at any time whilst on-line - so for that reason I'll continue using my grown-up OS, ta. It's all very well saying that the installed OS won't get infected but it's not much fun if the running OS gets hit by a keylogger.

Do you get it now? Maybe you'd like me to explain how bus tickets work or how to use a telephone?

0
0
Alert

Wait a second...

I am a PC-user (I dont actually use "Macs"). But, there seems to be a rather clear difference between the relative "security" of "Macs" vs "Windows PCs".

Generally...

A "Windows PC" can be (and sometimes is) -infected- simply by its being on, and having an active Internet connection. Or, more commonly, a "Windows PC" can be compromised simply by using it normally (surfing the Web, checking e-mail, etc). Whereas, a "Mac" user seems to have to actually be tricked into loading, and allowing, any such "malware".

Thats a HUGE difference.

0
0
Linux

@Bit Twister - Take 2

So you're entire volume of evidence was based on the contents of one post? That's it? You penned a misleading reply based on nothing but what's posted above? No years of experience? No employment qualifications? No research? No degree in computer science?

'Bob' (not me, by the way), who wrote the first post, used a worst case scenario to exemplify how useful a LiveCD can be. Even if you use it for general browsing, and suffer a malware infection (which, incidentally, is no more likely than using a hard-disk installed OS in the traditional fashion), there is no difficulty in eradicating the malware completely, leaving no shadow of doubt that it is gone. This is achieved simply by re-booting the LiveCD - because the LiveCD boots from a read-only medium, that is, a medium that cannot be compromised.

Of course, as most people with an IQ over 80 would have realised by now, the principal use of the LiveCD in the context of secure internet usage (i.e. free from malware) is to boot and use only for critical functions such as banking. No one is suggesting (except maybe you) that a LiveCD would be used for general web browsing. Whilst there's no technical reason preventing general use, it would be somewhat inconvenient - hence Bob's assertion (and I quote):

"The only way to build a secure machine that's good for on-line banking, etc and is free from (technological) Trojans, keyloggers, etc. is to run an OS off a Live CD that you trust. Even if you get "infected", the infection is wiped out every time you reboot. Of course, this is a pain...".

Bob's reference to "a LiveCD that you trust" means to not just use any old thing you download from the internet. People with experience in this field know that building a trustworthy LiveCD is not challenging, not at all, but requires a modicum of prudence, as would downloading and installing any software. A while ago, in comments for another article on a similar subject, I suggested that a bank could provide a LiveCD itself, pre-configured for that bank. This would provide a good degree of trust for the average user - someone not predisposed to build their own LiveCD - but is certainly not the only way to achieve trust in a LiveCD. And the most important point here, is that any LiveCD from a reputable source that permits web access will be more secure (by several orders of magnitude) for critical functions (like banking).

Has this explanation helped? Do you now understand why, when you said, "Hmm - but it's not very useful if you get infected through the browser shortly before starting an on-line session with your bank, is it? I'll stick to using a grown-up OS, thanks.", that you completely misunderstood what Bob had said, had clearly not bothered to do any reading on the subject and made yourself look rather silly?

And no prizes for guessing what your idea of a "grown-up OS" is!

To save space, read these:

http://en.wikipedia.org/wiki/Telephone#Basic_principle

http://en.wikipedia.org/wiki/London_Buses#Fares

0
0
IT Angle

Mac folk

"Seriously, Mac folk are bright enough to see through these kinds of wheezes."

Excuse me? I seriously doubt this, i had a "friend" who was a windows xp user, and you just couldnt believe all the toolbars and user-approved stuff he had installed victim of social engineering. Then he moved to Macs, because he couldnt tell the difference between legitimate and malicious prompts while using his browser.

"might a Mac-malware-infected banner read something more like "spray the bonsai and win an organic vegetable hamper!"?"

This was shockingly amusing, that same "friend" of mine was a vegetarian, i reckon it could work with him. That particular patronization you made about Mac users, makes me wonder up to what degree that is really a myth.

The only thing i dont like much about Macs is the stinking smell of some of their users arrogancy and elitism.

--Linux user

0
0

re: Wait a Second

Unfortunately, it's not a difference at all. Most current Windows malware is reliant on social engineering. So unless you believe that Mac users are automatically brighter than you are...

0
0
Flame

right........

"Excuse me? I seriously doubt this, i had a "friend" who was a windows xp user, and you just couldnt believe all the toolbars and user-approved stuff he had installed"

You want individual names??? Anyone who has worked on an idiots PC knows all about it. I've seen IE with FIVE toolbars, and of course thats just whats visible. Several installed as a "service" by other apps.

You want apocryphal? The anon posters who go on about Linux and OS X boxes loaded with viruses and exploits. Now THATS something you can't expect us to seriously believe.

Try again. We aren't buying it.

0
0

@ David Hartley

Web browsing windows with IE infects PCs. But does NOTHING to Macs. Or to my Linux box for that matter.

With either machine I can poke in sites I woudn't have dared bring XP.

Where does social engineering touch that?

0
0
Stop

re: re: Wait a Second

Actually... I was referring to inherent system-security (an underlying security-model, and implementation, that effectively decreases the dangers of any existing system-holes and security-flaws). In other words... a system, in which, without extensive user-interaction, such "malware" is effectively unable to cause damage, spread, or even, to function at all.

This type of "security" is something that "Windows-PCs" have been proven to lack.

And, by the way, many of those "social engineering" tactics (when applied to "Windows-PCs") often, actually, merely trick a PC-user into simply visiting a malicious-site... to allow the exploitation of existing, in-built, security-flaws (...holes, by the way, that have been repeatedly shown to be rife throughout the "Windows" environment).

In short, "Windows-PCs", simply by visiting a malignant Internet-site (or even, just by being allowed to be accessible via the Internet, at all) can be (and have been) fully-compromised... whereas, almost all of the "Mac" exploits that I have read about, require far more user interaction in order to defeat the inherent-security of the systems. And therefore, such attempts are not nearly as dangerous, or likely to succeed. Furthermore, lacking any un-assisted method of operation, this type of "Mac malware" cannot effectively propagate, "...in the wild" (...jumping, unassisted, from machine to machine) ...unlike many, actual, "Windows exploits".

Thats the -difference- I was pointing-out.

0
0
This topic is closed for new posts.