Imprecision
How is an update on an iPad going to infect a Windows box?
Scammers plunder gullible iPad owners' backdoors
Malware scammers are trying to trick early iPad buyers into installing backdoor software on Windows machines, according to a security firm. The miscreants are punting emails claiming that the bigphone needs an iTunes update for "best performance, newer features and security", to be installed via their PC. Malicious links direct …
This topic is closed for new posts.
Spam still works??
"Dear dumbass..."
I'm amazed that it still works.
Brilliant!
"Since buyers are likely to have a lot of disposable income and not much sense..."
yep.
thats also why you hear about so many scammers hanging about at churches.
lot of disposable income and not much sense...
I suppose PH bought one?
Market Share
So, does the fact that scammers are targeting <1m people with Windows-specific malware mean that they should be falling over themselves to target the vastly greater user base for OS X?
If yes, why isn't it happening? (I know ~3 trojans exist for OS X, but there should be many orders of magnitude more)
If no, why not? (because it's obviously not due to market-share...)
Obviously...
Because it doesn't need them to (re-)write the Trojan to run on a Mac. All they've done is take an existing Trojan and slap up a web-site to trick gullible users in to running it. Duh!
It thought that at first but...
then I realised that only the email needs to be tailored towards iPhad buyers -- since hte email is the easy part then that's not exactly hard to do. To target OSX (or BSD or Linux) would take a good deal more effort -- even if it were as easy to write exploits for as Windows (which I doubt).
Ready to go malware
Probably because if you already have some handy Windows malware it's really easy to knock up a new spammy email message to trap a few early adopters, but writing a new piece of malware to target OSX + iPad users is too much effort for fewer than 1m users.
Mmm
I suspect it's because to have bought a Mac, you have to have made some kind of choice, OK, not necessarily the correct choice, but a choice nonetheless. That implies that you are at least vaguely aware of what a computer is/does and therefore somewhat less likely to fall for a ridiculous scam.
As much as the typical Apple customer is missing common sense, I'd still wager that the average 'computer IQ' level, if you will, in Mac users is substantially higher than the average Windows user. Couple that with the fact that market share is still a lot lower than Windows, and I'd guess you're still better off aiming scams at Windows users. The tipping point can't be far away though.
not so fast
It's easier to exploit any *nix machine that you might think, with most *nixes it's much easier than doing so on Windows, it's just laziness that stops most people, that and the lack of knowledge of such systems, and the fact that the effort involved doesn't pay as highly as just doing it to Windows. Now, a properly secured *nix machine is one of the toughest nuts to crack, but the reality of the situation is
Let's look at OSX, a UNIX (why God, why!?), operated mainly by types even the BOFH would try to avoid like the plague. Most of these folks don't even know they're using a UNIX system, and therefore only rely on whatever security Apple gives them, which is usually pretty minimal, they also usually run services that are very open and easy to pick at. These are all basically insecure *nix machines open to the net, and breaking into and/or installing software onto an insecure *nix machine is about as easy as it gets.
A/C
The ipologist knows he posts garbage, for he chooses to go A/C.
RE: not so fast
"Let's look at OSX, a UNIX (why God, why!?), operated mainly by types even the BOFH would try to avoid like the plague. Most of these folks don't even know they're using a UNIX system, and therefore only rely on whatever security Apple gives them, which is usually pretty minimal, they also usually run services that are very open and easy to pick at."
"Very open and easy to pick at" you say? If they're so easy, why don't we ever hear about Mac viruses? Another poster wrote that there are three trojans for OSX. Three. That's as many in total as are released on Windows every day.
"These are all basically insecure *nix machines open to the net, and breaking into and/or installing software onto an insecure *nix machine is about as easy as it gets."
I challenge you to break into an OSX box remotely and let us know how you get on...
Really?
OSX machines are cracked constantly at hacker meets and compilations. The only reason there aren't more OSX viruses is user base. The most optimistic figures from Mac blogs like OSX Daily show only about 11 percent share for Apple stuff. That would severely limit the potential size of a botnet when compared to windows devices. It has nothing to do with security or the supposed IQ of OSX users.
Yes, Really.
'OSX machines are cracked constantly at hacker meets and compilations'... when a security analyst spends several days of research to write a program(bug) to link onto HIS site to exploit on the day. It took him less than 2 minutes on his Macbook to log in and pull up HIS site.
There must be some 300,000 various 'virus' writers in the world with several formed every day. That's enough to fill 3 large stadiums. So in unison, they will ALL say: 'The only reason there aren't many exploits out there is because there's less of an install base, thus less of a target and not worth the trouble.' That is a cop-out.
While Apple waves a red flag as an invite to signal 'here is your chance'. If someone boasted and bragged in front of me and said how great they were, I would try my best in any way, by any reasonable means and (300,000) resources to bring that person down a peg or two.
'The only reason there aren't more OSX viruses is user base.' Cop-out!
Suppose you hate ginger people too, eh?!
I think you'll find, if you put your tiny, leaking brain back in its spongebag for just a second, that quite a few IT techies have shifted to the OSX platform as they spend all day faffing about with busted WIndows kit, they need a machine that simply works when they get home. Much as I love the penguin and all his ilk, the last thing I want to do when I get home is spend 4 hours trying to remember the magic command to get my desktop up and running, I do it all day long. I just want to go home and use something that doesn't make me want to put my fist through the wall when my browser crashes for the want of running a simple flash animation.
Doh
As the artical says, you need to update the ipads itunes from a Windows PC...
A typical Paris Post
Is this real?
I would love to give you credit for the funniest comment of the day, but I'm a pessimist.
Inverse snobbery, much?
" Since buyers are likely to have a lot of disposable income and not much sense, they make a great target for e-criminals."
People with lots of money tend not to be in the business of giving it away. That's *why* they have lots of money. So no, they're rarely a good target for e-criminals. (Yes, there are exceptions, but that's no excuse for painting everyone with a few pennies to rub together as a moron.)
Just ask the banking industry.
JEDIDIAH
> People with lots of money tend not to be in the business of giving it away.
I think Chanel & Versace would beg to differ here.
I recall someone bragging about how they saw all of the people in First Class running iPads. Nothing says "blow the wad like a sailor on leave" like First Class airline seats.
However, that's not the point so much since the malware pretends it's a software update. It doesn't show up like a sales pitch or a Nigerian scam. It's probably meant to get into the parts of the mark's wallet that usually requires a crowbar and blowtorch.
Re: Inverse snobbery, much?
"that's no excuse for painting everyone with a few pennies to rub together as a moron"
That's why he qualified it with the statement "and not much sense". I know reading a sentence with more than 11 words in it can be a real pain, especially for your rich types who probably don't have much time on your hands in between all the trips you need to make to the safe to stroke your money, but do try and keep up.
True, but...
I think you slightly missed the point. The article is saying that, by buying an iPad, a person must be one of those exceptions; they must have plenty of money AND be a moron.
Shush!
You'll ruin El Reg's habit of making fun of a group for as long it remains funny to do so. And then for about two years afterwards.
Lighten up
Obviously someone didn't get the joke. Do people with a lot of disposable income also lack a sense of humor ?
Also, people with a lot of disposable income aren't the same as people with a lot of money. Disposable income just means that you earn a good bit more than what you are obligated to pay out each week/month/year. It doesn't necessarily mean that you accumulate wealth.
Now go play with your iPad.
They must be really dumb....
'a lot of disposable income and not much sense'
...because they're running Windows, when they could easily afford a Mac ;-)
Perhaps
Perhaps you missed the point of why Bootcamp is so popular. Or Parallels for that matter. It seems a fair portion of Mac fans tend to run at least one Windows OS somewhere in their chain of computing hardware (remember the PR about tablets/iPads targeting people seeking a 4th or 5th computing device, after their 2 home computers, iPhone, and perhaps iPoD/Touch/Nano/misc Apple hardware).
And as for the other previous comment regarding "rich" people being so by not giving away money....the malware is a backdoor keylogger of sorts. It doesn't ask you to pay $40 to a "full version," it simply sniffs your bank info, CC details, etc. and shuttles them of to some data logging server. No "give me money" needed. That and it is easier to hide a few thousand dollars of bank transfers/charges amongst an account that have more than $6k/mo flowing through it.
Waste
Like the other guy said, people who have lots of money tend not to waste it.
Re-read the article
Obviously, none of these people would have disposable income if they bothered spending what's required to get a Mac and all the amenities.
Learn to comprehend what you read.
The quote in the article didn't say anything about "having a lot of money." It mentions "disposable income." The two concepts are not the same thing. "Having a lot of money" implies that you save what you earn, invest, or have some other means of accumulating wealth that you do not blow on junk. Disposable income refers to the moneys left are weekly/monthly financial obligations are met. It does not mean that you save or accumulate this money. I have a decent amount of disposable income, but I don't necessarily hold on to it...
Not much sense
If I apply the logic of the insult to its fullest extent, they'll probably have just enough sense to avoid running Windows in the first place.
The real point is . . .
how are spammers getting the specific email addresses of iPad owners as opposed to anyone using iTunes or just anyone in general?
Oh, yeah
That's the question a LOT of people are going to want answered, if I don't miss my guess. Of course, a lot of iPad users have been blogging about them, or tweeting about them, etc. ad nauseam. I suppose if you simply searched on google or twitter for "my new ipad" you'd get a lot of addresses right there. But still, there will be questions.
Re: The real point is...
Exactly the same way that Halifax scams are directed at Halifax customers, Lloyds scams are directed at.....etc.
They aren't, they shotgun everyone. Those that haven't got an iPad delete it, possibly accompanying that action with a "meh" if they can be arsed.
Market Share
Regarding OS's and market share - possibly the reason that malware authors tend to target windows specifically has something to do with this ...
http://www.w3schools.com/browsers/browsers_os.asp
Without saying anything about relative security, even the least popular MS OS comes out twice as popular as Macs and Linux, with overall market share hovering around 90%. Granted this is just stats from w3schools, but they do seem to reflect what's happening in the world at large.
Just sayin', is all.
RE: Market Share
...the problem is that FAR more than 99% of viruses, trojans and malware are for Windows. That's not only larger than the market share but some of these target a particular version of Windows...
Statistically, it doesn't add up.
So...
This is nothing to do with iPads per se, but is really about a Windows trojan?
Better Reg headline writers, please.
"Scammers plunder gullible iPad owners' backdoors"
So what? Apple can do whatever they like with their target market.
See what I did there? - Ha ha, eeeeh, I crack myself up sometimes.
Joke Alert
Damn - you beat me to it! I suppose I could have added:
"Scammers plunder gullible iPad owners' backdoors" - it wouldn't be the first time!
All roads lead to ...
Yet another avenue aimed at the wide-open rearend of Windows, backed only spottily by McAfee and their rear-guard ilk.
Why get all hot and bothered by the symptoms, and forget the cause?
not again
"Apple has sold just over a million iPads to date. Since buyers are likely to have a lot of disposable income and not much sense, they make a great target for e-criminals."
dammmnit malware thats the third keyboard this week...
Think you'll find if you...
...check the dictionary that the word gullible has been removed - go check it for yourself...
@AC Market Share
It could be there is less malware for Macs as the scammers know you've already been scammed by Apple and had sod all cash left for them to nick.
To paraphrase a well-known make-up peddlar - 'Because you're not worth it'.
To all the naysayers
As much as I hate saying anything nice about Apple, and as much as I hate the very idea of the iPad myself, I feel that I should just remind people that everyone called the iPhone a fad when it first arrived and yet look at how popular it is now.
Hurray for El Reg!
There hasn't been a story on El Reg for a a good few days that can prompt the Apple Vs Windows debate for this week.
Copy paste, copy paste.
>linux<
1 million sold?
So over 1 million people have shelled out money for iPads? Interesting, for a device that has no use, is overpriced, and only for fanbois.
But wait, Apple fanbois using windows? Methinks The Reg is confused. Or at least in denial....
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
