Apple has updated Mac OS X to detect a piece of scareware that managed to bypass its malware-blocking measures. As previously reported, a variant of a rogue antivirus package known as MacDefender was introduced on Tuesday that evaded the malware protection feature built into the latest version of the Mac operating system. In a …
And another thing...
Also, "Safe downloads list"? Should surely be called "Unsafe downloads list", shouldn't it? Don't suppose it's really a white-list....
And therein lies the problem. How long will it be before someone starts appending random garbage to the ends of the installer files so that every single download has a different signature?
Apparently Facebook has already managed to block the attacks:
F-Secure also has some interesting discussion about what will happen when Google Images finally successfully blocks the malware links showing up there, effectively bursting this bubble.
Finally Sophos adds:
"It also appears that this malware is using the tried-and-true affiliate distribution method. The writers recruit other people to perform black-hat SEO, infect web pages and post blog spam and assign each one a unique affiliate ID to use in the URL for their traffic.
This allows the criminals to track which affiliate referred the victim and pay them a commission upon purchase of the fake software, enabling the criminals to cast a much wider net by sharing a portion of the profits with their "affiliates.""
Affiliate malware, who would have thought...
But surely if the affiliate ID parameter in URLs has been identified, Google can use it to block the links, both in Images and via their Safe Browsing service that is used by Chrome, Safari and Firefox.
until they start targeting us linux users
Although the best defence I've seen is to set your window frame colours to a non-standard setting
'Hmmmm I have a nice green frame, yet this popup window scanning my HDD is in light blue....."
You're probably quite safe
Demographic differences are the most relevant thing I think - amongst the Mac demographic is a significant group of people with no technical grounding. A desktop Linux user is unlikely to believe that there's some magical piece of antivirus software installed that they didn't know about, and weirdly never saw before becoming 'infected', or alternatively that you can virus scan from within a browser, and is very unlikely to act without secondary confirmation (by manual inspection of the filing, possibly) and without first checking the web for suitable open source tools.
saved me a couple of times.
I run Windows 7 with zero graphical features, you can be sure 100% of fake OS interfaces on the web are standard ones.
Too bad you can't (as far as i know) have a "naked" interface on Mac.
"I run Windows 7 with zero graphical features,"
Really? CMD or PowerShell?
You might want to take a good, hard, look at Android. Which is built on Linux (albeit an increasingly divergent fork of it).
Also, I seem to recall a bunch of netbooks originally appearing with various flavours of Linux on board. Are you seriously claiming every single one of them has only been sold to knowledgeable IT people? I'd love to see your evidence if so.
Every human being on Earth suffers from some degree of ignorance. It's not limited to platform, career, or intelligence: it's just not possible to know everything about everything today.
"...amongst the Mac demographic is a significant group of people with no technical grounding."
Like every pee-cee user has a degree in anything vaguely techy. Anyway, research has shown that Mac users are better-looking, smarter, richer and more fun to sleep with. Or was I only dreaming that last part?
Will Apple re-re-release this "protection" when the malware installer simply changes its name? This is like playing whack-a-mole. A more comprehensive approach (or a more intelligent, behavioral one) is required when dealing with this issue.
The real fun will
begin when an obfuscated malware will find its way through the AppStore.
In the meanwhile, the folks can just recompile with another compiler or change really small pieces of code to get a different signature that Apple will have to add to its detection tool.
They'll always be one step ahead.
And heuristic is no help as the trojan (for what i have read) perform zero suspiscious actions...
The game of catch up has begun for Apple
MS is still playing and failing in this game.
Now Apple is joining too.
It's a game that does not end, so have fun Apple.
Is that how mac security comes out of the box, with everything except safe downloads auto-update turned off? Not impressed if so. Apple are in danger of ending up repeating every mistake M$ ever made only about a decade later...
... it's enabled by default. Also, no user has root-level privileges, everything runs in userspace.
Even when installing apps, you do so as 'admin', which is not the same as 'root'. It's a lot harder to fully compromise a Mac since, unlike Windows, no user has root level privileges unless they are explicitly (and difficultly) granted.
That's not to say you couldn't have serious security problems while running in userspace, but it's not nearly has bad as every user having full control over the machine's core...
Administator on windows isnt the same as root, the system account would be, system has all permissions on the OS, the default administrator account / group doesnt.
Best anti malware
A little appropriate knowledge and a generous helping of weapons grade cynicism.
Begun, this clown war has.
Fear leads to anger,anger leads to hate,hate leads to suffering,suffering leads to the Dark Side.
Presumably a lot of pkg files are called that?
Instant installer DOS attack?
Hope they're checking filesizes as well. If not then hey, you can have this advice-101 for free, Apple.
Boy are people thick!
Maybe we should insist that people have a computer licence, similar to the driving licence?
Lets make sure the number of these halfwits is kept to a minimum.
re: Maybe we should insist that people have a computer licence
Because yeah, licensing drivers keeps all the idiots off the roads.
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Updated + vids WHOA: Get a load of Asteroid DX110 JUST MISSING planet EARTH
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Very fabric of space-time RIPPED apart in latest Hubble pic
- Massive new AIRSHIP to enter commercial service at British dirigible base