Feeds

back to article Mac malware Crisis as Apple lets slip its Mountain Lion

Miscreants have developed a sophisticated multi-platform attack dog designed to maul Windows and Mac OS X computers. The malware comes bundled in an Java Archive file which pretends to be Adobe Flash Player, named AdobeFlashPlayer.jar. Inside the malicious archive is a .class file named WebEnhancer, and two files named win and …

COMMENTS

This topic is closed for new posts.

Page:

jai
Silver badge

AV for Mac

and while you're at the Sophos site reading their blog post on the issue, worth noting that they offer a free virus checker that so far, seems to work great at picking up windows viruses attached to emails, and it should check for any of the known mac viruses.

3
2

A worrying development

It would now appear that the Apple user community has reached a critical mass that it is worth the malware writers actively targeting OSX users. This means that security flaws which may have previously been ignored as "not worth it" are now valuable exploits, yet at the same time there is going to be resistance from the user community towards installing AV products meaning we may be in for a period of more announcements like this?

22
3
Anonymous Coward

Re: A worrying development

The "critical mass" myth again.

It's not about volume of sales, it's about security.

2
25
Facepalm

Re: A worrying development

"It's not about volume of sales, it's about security."

Don't talk out of your ass.....

a company can produce the most insecure os on the planet and if there is only a very few installations available, then they may indeed compromise that machine, but until enough units are in production and in use in ways that those exploits can become useful to hackers then they may keep an eye on it, but wont bother taking the time to produce malware or virus packages.... not sophisticated ones anyway...

apple machines for years have never really had a major roll in businesses and homes. but since the rise of the ipod/iphone/ipad people have taken a keener look on the macs, particularly because of the lack of virus and malware threats....

now that they are being used for more than design work and multi media editing, its now getting to the point where it is worth the coders time to code malware and virus for the mac and will gain results from the effort.

Because of the attitude apple have had towards security and there alleged secure OS, it is widely acknowledged that the actual security is on par with what microsoft were at at the turn of the century.

The critical mass theory IS NOT a myth, and saying it is over and over does not make it a myth... no matter what apples marketing department says.....

21
3

Re: A worrying development

You're half right, the security of the platform plays an important role in how quickly exploits can be, er, exploited. However all of these Malware vectors aren't just sat there with a neon light blinking away saying "HEY. THERE'S AN EXPLOIT HERE!" Somebody has to sit down and find them, then derive a practical attack using it. That takes time and effort, which isn't going to be much good if they're only going to infect a couple of hundred machines and make a few hundred quid.

As an alternative example: Take my Cisco 1921 router I have at home, the mechanics of it are unimportant here, but it has a cryptographically based licensing system. Now I am sure this could be overriden if somebody who knew what they were doing was to sit down with a copy of IDA and decompile the binary image and reverse engineer the software. However, what would be the point? There aren't that many people who use these routers that would want to enable all the features, so there isn't much reward for anyone to do it*.

*That's not to say there wouldn't be a lot of happy Cisco people if somebody was to manage it!

0
1
Bronze badge
Stop

critical mass hypothesis

critical mass theory IS NOT a myth

It is not a myth, it is hypothesis. It however becomes a myth when thought to be the main theory. Although there might be a correlation between the popularity of a platform and the number of successful infections, the correlation coefficient is very close to zero when applied to different from MS Windows OS's though.

Take GNU/Linux. Look at the figures of the web servers. According to netcraft.net the (overwhelming) majority of the OS's there are Linux (and BSD) .The critical mass theory doesn't seem to work here, since despite possibility of compromising these machine on the individual basis, there is no known malware to have been able to infect the said systems on the massive scale.

The difference between Windows and Mac OSX is that they stand upon very different ideas (Apple has nothing to do with that rather than just once having chosen NextStep). This difference is essential, since unlike MS Windows (or MS DOS) UNIX was thought a secure OS very early on. This distinction can also be explained, that UNIX was designed openly by many IT professionals and scholars primarily for themselves. It adhered to many IT principles, like KISS and modularity. These IT principles used to be UNIX principles originally. AS for MS Windows, most decisions on the design and security were made by merchants to better sell to a larger number of people. The quality questions got out of fashion as soon as competition died out . The closeness, lack of developers and constant desire to lock-in customers has played its role to foster malware production as well.

The recent flashback accident proves this, as a very moronic decision of those who run Apple Co. to "save" on Java vulnerability fixes would be a no go in a more competent IT environment. (How many times did we hear about poor and understaffed MS to save on software developers and coders?) Since then we now know that the Apple managers are not only fucking bastards, they are one moronic crowd of incompetent idiots, just like that from one company in Redmond, WA.

0
11
Anonymous Coward

Re: critical mass hypothesis

Take GNU/Linux. Look at the figures of the web servers. [...] The critical mass theory doesn't seem to work here

You never managed a server and seen it scanned for every remote vulnerability the attacker can think of, did you?

6
2

Re: critical mass hypothesis

My server wasn't even up for half a day and it already had people hitting the IP looking for various web applications (mainly PHP of course) to take advantage of, attempts to log in as root and numerous other attacks.

Linux servers are considered worthy of their time and it happens more than you think. No one is going to admit their server was compromised unless they really have to and annonymous' script kiddies aren't getting all this information they share because they're elite hackers. It's due to well known security flaws on servers (both windows and linux) that no one can be bothered to fix until it's too late.

Admittedly it's mainly software on Linux rather than Linux itself that's the problem but likewise applications that people click and run on OS X (or windows) are more a user weakness than an OS weakness.

5
1
Bronze badge
Mushroom

Re: A worrying development

Considering Mac OS-X has over 1600 known security vulnerabilities I would say more malware is a certainty. To put that in perspective, Windows XP has about 450.....Apple are about 10 years behind Microsoft in Security and OS-X is nearly as insecure as Linux.

1
7
Bronze badge
Mushroom

Re: A worrying development

Mac OS-X has an order of magnitide worse security than Windows (See Secunia.org). So why hasnt it been targetted before then?

1
5
Bronze badge
Mushroom

Re: critical mass hypothesis

Sorry, but critical mass theory certainly DOES work here. Linux is used most as web servers and is many times more likely to be hacked than say a Windows server: http://www.zone-h.org/news/id/4737

0
5
Anonymous Coward

@RICHTO

OS-X is nearly as insecure as Linux.

You better be kidding. OSX has an awful record concerning timely upgrades (some exploits are years old, Apple can't even be arsed to upgrade basic things like libc), whereas every decent Linux distro publishes the upgrades ASAP.

2
0
Anonymous Coward

@toadwarrior

Spot on.

The reason why Mac viruses/trojans are on the rise is because there are dumb users who run the exploits locally. Linux machines only have to bother about remote exploits (which are a PITA to leverage) because there are few desktop users.

QED re. critical mass.

0
2
Anonymous Coward

Re: A worrying development

Interesting figure - source?

I find it VERY interesting that the the Anti Virus companies (all of them) suddenly stopped listing which platform a virus was for - I can only assume this was after pressure from Microsoft (their main source of revenue).

From the data I had (which was from informal discussions with people I know at two Anti Virus vendors) the actual numbers were more like 25 M different bits of malware for Windows, about 40k OSX and about 15k for Linux - and that's not where the story ends.

I should have taken notes - the next remark was that a substantial amount of Microsoft infections were drive-y, i.e. did not need much activity from the user to install (Win 7 was in that respect at least a massive improvement), compared to a rather small percentage of Linux and OSX infections, where the majority was taken up by trojans - code that had to coax the user into installing it before it could do its evil thing. The java exposure is an example of drive-by risk, but they are rare because of the different security model (personally I think Apple could have used more of BSD's security layer, but I guess their line between security and usability is drawn closer to usability than my personal preference).

I think I'm going to fill up those guys again with beer - I need more accurate data. Maybe even do a project. I personally think we have Microsoft users/victim to thank for over 90% of spam and DDoS risks, but it is indeed worth putting hard figures behind it - otherwise the only thing that Microsoft ever did right will try to bury this again: marketing and BS.

Heck, even the MS consultants are a fraud: in reality, they are hired contractors who basically get paid peanuts to be hired out as MS suits (at least judging by the recruitment attempts where I live), so please don't try to give me BS based on figures. I sat though 20+ years of Microsoft sales presentations as part of my work and right up to this day they share one feature: figures that are either unattributed or were more creatively manipulated than the numbers in the UK speed camera effectiveness report. Been there, took it apart and will sure as hell not wear their T shirt.

2
2

Re: A worrying development

In Apple's Case if more like: What Security? CrapOS is a insecure as any version of windows....... why go for 0.0000000000000000000000000000000000000000001% of users?

0
2
Bronze badge
Mushroom

Re: @RICHTO

But Linux has lots more vulnerabilities than OS-X.....Even if they are fixed faster than by Apple.

(But not as fast as by Microsoft: http://www.computerworlduk.com/news/security/3629/microsoft-we-patch-faster-than-apple-novell-and-red-hat/ )

0
4
Silver badge
Thumb Down

You've never needed a password to install malware on a Mac

There's no need to. Find a drive-by exploit via Java, Flash or social engineer one with Safari (which insists on running 'safe' files), install in the current user's homedir, and run it. It's got access to all your juicy documents.

4
6
xyz
Devil

Re: You've never needed a password to install malware on a Mac

No Mac user would ever concern herself with things like "homedir." That's stuff that's uncool and not shiny. Give it 6 months and there will be queues of fanbois clutching their melted Macs, wailing outside Apple stores and chanting in the name of Jobs that they be saved from this plague that's destroying their righteous lifestyles.

14
17
Silver badge

Re: You've never needed a password to install malware on a Mac

Apart from those rare systems that really do run Java in a sand-box, user files on *ANY* platform will be vulnerable to this type of attack. The OS, however, shouldn't.

What is worrying in this article is the issue of it installing a rootkit on MacOS. I'm not sure whether I am talking about the same thing, but I define a rootkit as something that gains privileged access, and then alters the OS start-up process so that it will have running privileged components that will monitor whether the rootkit is removed from the system disk, at which point it will re-infect it.

The operative word here is "privileged". It implies that there is something that will cross the privilege barrier, which requires an OS security weakness or vulnerability. Of course, I could have the MacOS security model all wrong, but I thought MacOS was relatively robust. If it is a user-mode rootkit (is there such a thing - a process kicked off in user-land during the user's start-up, but not running as a privileged user) then I might be able to understand it.

2
1
Anonymous Coward

Re: You've never needed a password to install malware on a Mac

Oh boy oh boy. Jealous?

FYI, not everyone buys a Mac to be cool (I couldn't care one way or the other), some use it because you can actually get work done instead of either waiting for gigabytes of patches and updates, or endless fiddling with config files or finding a machine losing USB support through a simple kernel update.

I haven't quite decided what is more irritating: fanboys or anti-fanbois, but I'm getting to the point where I hate both equally.

10
12

Re: You've never needed a password to install malware on a Mac

"some use it because you can actually get work done"

Like having to use Final Cut Pro as part of your job, or even just using Photoshop on big files without continually having to restart it.

2
5
Flame

Re: You've never needed a password to install malware on a Mac

oh grow up......

gigabytes of patches? you mean a few tens of megabytes every second Tuesday of the month or whenever it is, that will patch known exploits, it may even create a few more UNKNOWN exploits, but hey, its still more secure than sticking your fingers in your ears going " LA LA LA LA ",

Endless fiddling with config files? yet another fail..... maybe when installing a new bit of software on a linux box, but once its done, its done.....

as for losing usb support from a simple kernal update, I suppose you are talking about a linux distro?, but is that any worse than a os upgrade breaking a bucket load of software and when you call support they tell you to buy new software because the software you have been using for ages, and has no problems is not compatible with the new os?

the thing that irritates me more than fanbois, or anti fanbois is people talking utter bolocks !!

15
4
404
Bronze badge

Re: You've never needed a password to install malware on a Mac

Thinking about it, you spend more time and space 'consuming' your average movie download - less than the accumulative patches since XP first reared it's head on PC's - so where is the problem? At least Microsoft tries to correct issues and has never claimed (AFAIK) you're holding your PC wrong.

Your 'gigbytes of patches and updates' statement is null.

4
0
Bronze badge

Re: You've never needed a password to install malware on a Mac

"...Safari (which insists on running 'safe' files)"

By "insists on running 'safe' files", I assume you meant to say "gives you the option in the Preferences panel to open 'safe' files or not", since that check-box has been there since Hector was a pup.

OS X has flaws, but (worst case) lying about non-existent ones or (best case) repeating something that you heard once online and know nothing about doesn't really help anyone.

5
0
Silver badge

Re: You've never needed a password to install malware on a Mac

In this case it's userland malware which opens a backdoor and, if authenticated with a password, installs a rootkit.

1
0

Re: Your 'gigbytes of patches and updates' statement is null.

@404

"Your 'gigbytes of patches and updates' statement is null."

I have got to slap your wrists on that one.

1. Install Windows Server 2008

2. Enable a few things like Active Directory, Backup and so on

Total disk usage at this point: less than 10 GB

3. Now run Windows Update

4. Rinse and repeat until no more updates are available.

5 Notice that total disk space consumed is close to 20 GB. If you did this inside a Virtual Machine for training purposes., an initital allocation of 20 GB might not be enough.

2
3
Silver badge

Re: You've never needed a password to install malware on a Mac

"or even just using Photoshop on big files without continually having to restart it."

When was the last time you ran Photoshop on Windows? In my experience every version since about 6.0 has run faster on Windows. If you're buying similarly priced hardware it should be significantly faster considering the premium Apple put on it's machines.

5
1
Silver badge
FAIL

Re: You've never needed a password to install malware on a Mac

@Mike:

1. I've got an iMac.

2. The box came checked by default.

3. See icon, fanboi.

0
0
Silver badge
Windows

@Wensleydale Cheese. RE "I have got to slap your wrists on that one."

You are using the install/update process when installing a new os (when you of course get all, accumulated updates/patches) as an argument? You are suggesting that on "Patch Tuesday" it is a Windows user's regular experience to get several gigs coming down the pipe rather than (order of magnitude) megs? Well, far be it from to hinder you in making an ass of yourself but I would suggest that you re-think that line of argument.

1
1
Anonymous Coward

Re: "Gigabytes of updates"

I am currently trying to get started with iOS development. To do this, I need to buy a mac... check.

In order to download Xcode, I was first told by the website that I needed OS X 10.6.6 or later. I ran software update.

Now I am sent to the mac app store, which helpfully informs me that I need OS X 10.7 (Lion) or later. Luckily, my office already purchased it so I am currently downloading the 4.2GB install file.

After this is finished it looks like the download for Xcode is 1.7GB as well, which will be the very least that I need. That is before I can even write a line of objective-c.

What was that you were saying about large updates? I hate Apple more than ever today and I haven't even opened the IDE yet.

0
0
Anonymous Coward

Re: "Gigabytes of updates"

You bought a Mac with an OS prior 10 10.6.6 - that's equivalent to buying hardware old enough to come with Windows 98 and you're whinging? Sjeez..

0
0
Bronze badge
Mushroom

Re: Your 'gigbytes of patches and updates' statement is null.

Utter crap. Windows 2008 is about 2.5GB for a full install or 1.5 GB for a core install. I got growth of about 400MB of disk space by fully patching it - and most of that is temp files and backups of previous file versions and can be deleted if required...

See http://support.microsoft.com/kb/2592038 for how to clear it.

1
2
Anonymous Coward

I wonder how many people will install a "improve your browsing app". Oh, who am I kidding, there is one born every minute, right?

8
0

Unfortunately yes.

And the more we make security and PC's idiot proof, the better the idiots become at compromising their machines through stupidity.

7
1

"The threat has not appeared in the wild"

Only in Sophos' lab, right?

4
1
Anonymous Coward

Mac malware?

In this article you managed to not once mention the underlying platform :)

http://www.theregister.co.uk/2012/07/25/japan_finance_ministry_trojan_attack/

0
1
Gold badge
Facepalm

Well, duh

.. it's Facebook, obviously. Now known as lost-face book given the local culture..

0
0
Anonymous Coward

Something doesn't add up in this article

Maybe I get overly critical when a vendor happens to observe something that helps their market penetrations (but then again, they actually have the talent to spot this) - I read on the one side that it's all sophisticated and scary ("see how we protect you"), but I also read that it hasn't been spotted in the wild.

WTF? How did they get hold of it then? Homebrew? Explain to me why this is a worry yet for end users?

3
1
Anonymous Coward

Re: Something doesn't add up in this article

Sorry to be a bit slow today - this is probably Sophos trying to ride the Mountain Lion publicity wave. This article will conveniently show up in any search for Mountain Lion now..

2
0

Re: Something doesn't add up in this article

Some clever hacker writes a exploit to show what can be done.

Sophos and any good security companies are watching these underground places for this activity. The hackers mostly don't mind either; its not about being good or bad.

Then some kiddie gets the exploit and manages to package it into some form which CAN be used in the wild.

3
0

Yet not a single quote...

... from Graham Cluley - is he on holiday or something? He must be gutted.

2
1
Anonymous Coward

Re: Yet not a single quote from Graham Cluley

Yep.

This is purely personal opinion, but .the man appears to me to be a media whore and for those who disagree with that, look up his Wiki entry.

Intego have also been guilty of crying wolf about Mac viruses which have never been seen in the wild.

0
1
Anonymous Coward

Re: Graham Cluley

I agree. Some of the things he has come out with in public statements demonstrate a generous level of stupidity, and I have had to argue with Sophos on previous occasions about downright misinformation in their "white papers".

Which is why I can't help subconsciously morphing his surname by changing the 'y' on the end for a double 's'.

1
0
Devil

I'm convinced

That half the malware out in the wild was concocted in some IT security firm's computers and released intentionally for the sake of job security. Crazy? Like a fox.

3
0
Mushroom

Don't be silly, everyone 'knows' that OSX is immune to malware. AV is not neede!

4
4
Thumb Up

I hear you can catch a virus if you hold it wrong.

4
3
Silver badge
Linux

Antivirus protection is needed about as much as a spell-checker.

4
2
Bronze badge
Linux

And neither are used that much from what I've seen.

3
1
Silver badge
FAIL

@Dave Oldham:

Ah, another child who fails at Internet 101: "How To Search The Internet And Not Look Like An Idiot."

The popular myth is that Macs (since OS X became the standard OS for them) don't get viruses. To be fair, this is technically correct: there are indeed no known viruses on OS X.

Older, pre-OS X versions of the Mac OS did occasionally suffer from the occasional virus as that older OS had a much more basic security model and barely supported multitasking properly. (It shared a lot in common with pre-NT versions of Windows in that area.)

OS X was derived from NeXTSTEP, which was in turn built on a BSD UNIX variant. UNIX was designed from the outset as a multi-user operating system and has a very strong security model.

The article is not talking about a virus however. It is talking about a trojan. A trojan requires user interaction to install itself, usually by pretending to be something the user might want to install—hence the name, "trojan". It relies on the weakest link in any OS' security chain: the users themselves. By default, OS X 10.8 ("Mountain Lion", the version that was released today) prevents any unsigned application from installing. You have to go into the Preferences panels and explicitly tell OS X to allow unsigned application to install too.

A good IT Admin will set that same Preference panel to its most paranoid setting: "Only allow Mac App Store apps to install." This adds an additional layer of security.

Furthermore, the trojan in question is actually a vulnerability in Oracle's Java VMs, not OS X itself. Note that it attacks Windows as well, and requires the user's password to actually install its nasty bits.

Apple haven't been responsible for the OS X version of Java since the release of OS X Lion. Neither are Microsoft responsible for bugs in Oracle's Java VM for Windows.

The security failure lies with Oracle.

Granted, it'd be nice if the OSes were 100% bulletproof and perfect, but the OS that can unerringly spot a user doing something seriously bloody stupid has yet to be developed. Not even GNU / Linux is impervious to such social engineering vectors.

And yes, GNU / Linux-based web-servers are hacked on a frequent basis. What do you think many of those hacked databases full of emails, passwords, and other user details we keep hearing about were running on? BeOS? Why do you think there are companies out there offering specialised "security hardened" Linux distros? If GNU / Linux were that secure out of the box, such distros wouldn't be necessary, would they?

There is, in fact, only one way to ensure you never get hit by a trojan: never install any software you don't trust. On Macs, that means sticking with the curated App Stores for the most part, and only venturing outside the gated community when you really need to. Apple won't stop you if you're determined to go on such an adventure. That's Apple's fundamental design philosophy: you can't assume your users are trained in IT administration, so you simplify things for them and reduce the need for such training in the first place.

The best anti-malware solution is to not install malware in the first place.

9
0
Bronze badge
Mushroom

Re: @Dave Oldham:

WRONG. Mac OS-X DOES have known viruses:

http://www.sophos.com/en-us/press-office/press-releases/2006/02/macosxleap.aspx

0
6

Page:

This topic is closed for new posts.