back to article New Mac fake-defenders similar to Windows scareware

Researchers at Microsoft have discovered striking similarities between the recently emerged wave of scareware packages targeting Mac fans and the longer established rogue anti-virus applications for Windows. MacDefender falsely warns that Mac OS X machines are infected with malware in a bid to trick prospective marks into …

COMMENTS

This topic is closed for new posts.
  1. Mark 65

    Fortunately

    In both the cases of OSX and Win7 I believe you will be asked to authenticate before installing which should therefore stop it in its tracks except for the unfortunate swing-door security everyday user who doesn't realise what utter pricks there are out there.

    1. xenny
      Unhappy

      don't always get asked to authenticate on Windows at least.

      I've witnessed instances installed into the user profile via a web browser plug in compromise. No other activity necessary.

  2. Anonymous Coward
    Megaphone

    As an Apple User...

    <RANT>

    What Really Pisses me off is there are still people on the Apple forums saying you don't need Anti-Virus/Anti-Malware on an Apple; the "No Viruses Here, Move Along" attitude is WAY out of date and is just plain dangerous!

    Also the AV products available are all very poor in comparison with the Windows versions, maybe it's time Apple pulled it's head out of the sand and produced/bought a reliable AV product (like wot MS did).

    </RANT>

    1. Marvin the Martian
      Thumb Up

      Think it through...

      The only way to get this virus/malware is to believe in the real-world existence of a Mac virus/malware!

      So disbelievers continue to disbelieve, and your type of pessimists (who install the malware themselves) feel justified; opinion splits and both feel right.

      What this stuff also does is give the mac user a bite of the windows malware apple... I'd call it all irony, but it's more like bronzy.

    2. Anonymous Coward
      Thumb Down

      Actually it's people like you that have shaken confidence

      of Mac users in their secure platform. Mac still does not need an anti-virus but people are frightened into believing the contrary and so they easily fall for this scam.

      1. The Fuzzy Wotnot
        Pint

        Yeah you carry on deluding yourself there bub!

        I have a couple of Macs and a Linux box and every single one of them has some form of malware/AV software installed! Every O/S is a target these day, FFS, even smartphones are being picked-on so what makes your machine and your practices absolutely fecking perfect you will never get infected, you smug git?

        You are the reason people still believe the bullshit that spews from Jobs' mouth. I like OSX and I like Macs, I just think Jobs is the world biggest arse!

        1. Anonymous Coward
          Alien

          Mac and Linux box malware

          @The Fuzzy Wotnot: I have a couple of Macs and a Linux box and every single one of them has some form of malware/AV software installed!

          Can you tell us how this 'malware' got on without you explicitly downloading and running and entering the admin password?

          1. Anonymous Coward
            FAIL

            re: Can you tell us how

            It's ANTI-malware software he's talking about, dimbo.

    3. Anonymous Coward
      Thumb Up

      Sorry, but... the latter is not always the case

      Been running the Sophos Mac Home Edition (it's free, don'tcha know) and it's pretty good.

      I suggest you download it :-)

    4. ThomH

      No viruses yet...

      ... but a growing list of trojans. Platform security obviously helps prevent viruses (I'll bet the number for Windows 7 is tiny compared to Windows 95 when it was at the same level of adoption), but platform unpopularity is the only way to safeguard against trojans. I guess someone is dipping their toe in the water to test the viability of this sort of scam given Mac market share.

      1. bex

        virus

        I can.t remember the last time I saw an actual virus on a windows machine just malware

  3. Select * From Handle
    Jobs Horns

    I think the reason for Apple's denial of this trojan's existence is

    that people who would want their money back for their crapintosh, could just install this mac defender onto their mac and demand their money back under the sales of goods act for failing to provide them with their impervious computer that they were SOLD.

    people who by macs tend to pay ALOT for each unit. i dont think apple would like to give them the same amount of money back :D

    1. Anonymous Coward
      Anonymous Coward

      I think you've never bought a computer.

      If you buy a computer from say Toshiba or Lenovo, you spend the same for similar spec or more.

      If you buy toys from Advent you pay less. You get what you pay for.

      1. Anonymous Coward
        Anonymous Coward

        I think you've never actually compared similar spec'd machines

        It now seems another regulay apple fan comment to claim that a similar spec'd machine by *vendor* is a similar price without an actual example - just because you keep saying it doesn't make it true

        1. ThomH

          @AC

          You could post the counterexamples if you think evidence is important.

          I think I generally agree with you though, as it stands to reason. Some manufacturers lower costs by accepting money to install the Norton Tools or whatever trial versions on their machines. Apple don't. So even if Apple and those manufacturers spent exactly as much on production and applied the same markup, the Apple machine would be more expensive. You don't have to allege that Apple are charging higher margins or in any other way pumping up prices to get to the conclusion that the Apple machine should cost more.

      2. system

        I think you've not even looked.

        MacBook Pro 17 inch 4GB/i7 2.2GHz/8X DVD/750GB is £2099.

        Tosh Satellite P775 17.3 inch 8GB/i7 2.0GHz/BluRay and DVD RW/750GB is £1199.99.

        That's a difference of £899.01. Slap an extra 4GB of Ram in the MacBook, and there's over a grand difference.

        1. Anonymous Coward
          FAIL

          @system ERROR: Unfair comparison reading post

          The 17" MBP display does 1920x1200, which is Full HD at 16:10.

          The Tosh you quoted is a paltry 1600x900, which is.. well pointless for video editing.

          The MBP has a i7-2720QM 2.2Ghz processor (including VT-d and AES instructions) the Tosh has an i7-2630QM 2.0Ghz (with none of the new stuff)

          Price compare failed

          Abort, Retry, Fail?

          ps - I''ll forgive you the lack Thunderbolt port since no one else seems to have it yet. But external PCI-E rocks, it's worth some cash.

          1. Captain Underpants
            Badgers

            @ AC 17:54

            Apple's prices aren't actually too bad compared to equivalent-spec rival machines. Eg a 13" Toshiba with equivalent spec to a 13" MBP is more expensive by almost 20% at the hardware level.

            That being said, few vendors take the piss as much as Apple in terms of support or accessories - eg I've yet to see a non-Apple laptop where I need a £30 dongle to connect the machine to a fscking VGA display. Or, in the case of the MBA, a dongle for ethernet access. And a custom non-USB-standard-compliant optical drive that freaks out if you use it on a USB hub (which you need 'cos the first generation only had one fscking USB port). And that's before we mention things like their move away from letting users replace or upgrade components like RAM, hard drives or batteries.

            From personal experience, Toshiba will usually sell a 3-year NBD onsite support contract for a laptop for between £120 & £150. Apple *don't* offer this. If you want 3-year service you need to buy AppleCare (which, for consumers, is ~£200 on the MBP range) and you *still* have to take it into the fscking shop. Even if you're a large customer you don't get onsite service, you get something along the lines of a 5-day-turnaround CAR support (though at least for the educational sector they've started bundling a 3-year hardware warranty with the machines regardless of AppleCare coverage).

    2. ratfox
      Thumb Down

      O RLY?

      I severely doubt that Apple claims that their computers are "impervious"... Especially to malware installed by the user.

      And don't point me to marketing, because it is just plain ridiculous to claim it has any legal value. It would be like claiming that Ford must take my car back because they claimed in advertisements that I would be able to drive in perfect safety, and I still managed to crash in a wall...

  4. Anonymous Coward
    Alert

    All your Mactard

    are belong to us

  5. This post has been deleted by its author

  6. Victor Ludorum
    Coat

    I see the problem

    Joe buys a Mac but can't afford 30 quid for Kaspersky for Mac (or similar)? Some people really do have more money than sense!

    It was only a matter of time before 'effective' scareware/fraudware surfaced. I don't get the 'Macs don't get viruses' thing.

    V.

    Mine's the one with the flameproof lining...

    1. Anonymous Coward
      Anonymous Coward

      would it catch it?

      I was doing some testing the other day and the latest NOD32 did not catch the Windows version of this scam that I downloaded. At some point I will upload the file to Virustotal to see exactly what does catch it.

      Running an AV program to protect against viruses is like wearing a paper mask to stop swine flu. In reality, you're not protected at all, but at least the guy who owns the paper mask company gets incredibly wealthy.

      1. Anonymous Coward
        Boffin

        I'm sure it would.... eventually

        If you haven't noticed by now, an anti-virus program is only as strong as its definitions. These losers who keep pushing all these scareware packages change them constant to avoid detection. I suspect a large majority are made with some pre-made kit made to crank them out.

        It's not gonna detect something it doesn't know about unless it has awesome heuristics. Just because it doesn't catch it today doesn't mean it won't tomorrow (or later that day for companies like Kaspersky who push out updates multiple times a day).

        Your comparison is incorrect. It's more like wearing a condom: they may be 99% effective but they still can possibly fail due to user error or bad luck.

    2. Anonymous Coward
      Happy

      Re: I see the problem

      "I don't get the 'Macs don't get viruses' thing."

      These aren't viruses, they require the user to manually install themselves. A virus would self-install. They're Trojans employing social engineering to trick the user into installing. There is a huge difference.

      Still, not bad eh?... 10 years before any viable malware was released for the OS. That a simple scareware fake AV installer is creating this big a stir amongst the media is testament to how few malware issues there have been for OS X all these years, despite all the 'Macs get viruses too' FUD. Had this been yet another Windows scareware release it wouldn't even have had a mention on El Reg, as common as they became.

      Just a shame that Apple is reacting stupidly to it, rather than proactively educating all those 'switchers' (who are the most likely to get caught out, just as they did under Windows) to ignore these fake AV warnings and not stick their password in for any software they haven't expressly chosen to initiate/install.

      1. Anonymous Coward
        Anonymous Coward

        The real reason?

        Apple won't react in a sensible fashion because one of the main selling points they use to persuade the gullible to switch is the security that they claim.

        Sure, a trojan or virus *might* need the user to elevate it's access before it can be installed but let's get it straight here, all those lovely Mactards are telling new users (possibly because they believe it) that Macs don't get viruses so what harm can it do to tap in a password when something asks for it?

        Treat your users like morons and pretty soon all your users will be morons.

    3. Anonymous Coward
      Stop

      It's the same kind of scareware/ripoff tactic

      with the only difference the money goes to Kaspersky instead of other Russian criminals.

      Mac users are not cheap, they are smart enough to refuse pay for nothing.

      Please read this carefully : no anti-virus in this computing world on (sorry for shouting) ANY platform would prevent an administrator to install software that will ruin the system. And it is supposed to be like that. By design. This is the concept of system administrator be it on Windows, Mac or any flavor of Unix/Linux/BSD.

    4. John I'm only dancing
      FAIL

      30 squids to Kapersky?

      Why, when Mac users can protect themselves for free from Sophos.

      1. Anonymous Coward
        Anonymous Coward

        *ding* *ding* Winner!

        Go John! :-)

        And what's good about it too is that it still catches Windows crapware even if you're on Mac, so you can't spread it (even if it can't execute on your system).

        :-)

  7. Anonymous Coward
    Anonymous Coward

    Chu Chu All aboard the misinformation train

    First off I don't know any of these Mac users who claim their computers can't have trojans, if they do they're stupid, but stupid runs in all platforms.

    Apple themselves have included a trojan blocker since the first betas of Snow Leopard came out. It uses signatures and has already been used to block at least two other trojans like these in the past.

    There was even an article here about it: http://www.theregister.co.uk/2011/03/22/apple_mac_malware_update/

    Now, instead of reheating reports from a clear Microsoft biased Ed Bott re AppleCare, why haven't any journos asked Apple why haven't they updated the trojan signatures yet for this one?

    That's the only strange thing in this story.

    1. x4zYYvb3
      FAIL

      Snow Leopard runs on a PPC mac?

      If Apple really took such threats seriously then they should have included a trojan blocker when MacOSX first was released. Whilst a trojan blocker in Snow Leopard is a step in the right direction, it still leaves plenty of Leopard users (including PPC mac owners for who there is no post-Leopard upgrade path) entirely unprotected.

      Not to mention those using even older versions of MacOSX. It looks like none of the current MacOSX AV software supports Panther, which means Panther users are even less well protected than XP users.

      Even now, after the appearance of the 'proof of concept' MACdefender, Apple do not appear to be taking the threat of trojans and malware seriously. Apple should, at the very, least be educating its customers about security rather than insisting its Apple store "geniuses" spread FUD about the issue.

      1. Anonymous Coward
        IT Angle

        Trojan Blocker for MacOSX

        @x4zYYvb3: Apple .. should have included a trojan blocker when MacOSX first was released

        There is no protection against some idiot who downloads and runs software from unknown sources

        1. Anonymous Coward
          FAIL

          re: There is no protection

          Of course there is - real-time monitoring of downloads, or all file access, can block malware that's present in its signature database regardless of what that malware is or how it propagates. Network connections can be monitored to block access to payment portals associated with malware. I'd have thought Apple would enjoy having this sort of control over the content their users can access, and would have filtering enabled by default, but I suppose that would constitute an admission that their product is vulnerable.

  8. Anonymous Coward
    Pint

    In Soviet Russia

    Mac malware writes YOU!!

  9. Anonymous Coward
    Flame

    I just made some

    HURR DURR SERIOUS MALWARE that works on most Linux systems. The file contains

    #!/bin/sh

    sudo dd if=/dev/zero of=/dev/sda

    and all you have to do is run that file you saved, and put in your password!

    1. Tim Bates
      FAIL

      Problem...

      hedwig:~# sudo dd if=/dev/zero of=/dev/sda

      -bash: sudo: command not found

      hedwig:~#

      I guess your malware only works on systems with sudo configured by default...

      Also, I'm not 100% sure how it will go in getting permission to dd onto the drive while it's mounted. Never been silly enough to try that.

  10. rahul
    Jobs Halo

    Err, in that last-but-one paragraph...

    "Standing orders, leaked this week, mean that Apple consumer rights people are told to neither confirm nor deny Mac infections."

    Apple consumer rights people? Don't you mean "Apple consumer SUPPORT people"?

    I don't think Apple consumers have rights anyway; they're all with Apple.

    And ElReg has to be a lot more careful with errors like this; or your Appstore proggy can be pulled for "containing errors".

  11. spegru
    Thumb Down

    Why the heck does anyone need antivirus?

    It can only be because a) the OS is flawed, b) the Apps are flawed or c) you have been tricked into entering the admin password and thus installing some dodgy SW.

    Antivirus is one of the biggest ripoffs of our time. MSFT have actively supported it for many years now & much of the population have been brought up to expect it, whether needed or not.

    The proper answer is just to keep your system updated (and pref don't use windows - esp the older ones)

    1. twunt

      spegru - people make mistakes

      Obviously not you though - but some people DO click on the things they shouldn't - particularly things that LOOK like genuine alerts.

      AV / Anti Malware software provides another layer of protection.

      The real idiots are those who think they are above making errors

    2. Tim Bates
      FAIL

      Unprotected idiots

      The proper answer may be to keep your system updated, but that relies on the software vendor pushing updates out quickly. I trust some Linux distros for this, but exactly 0 proprietary closed source OS vendors.

      And even if you do your best to keep up to date, updates can fail for many reasons. If you're not manually going and installing updates EVERY day, you're possibly open for attack.

      One computer at my last job, which was left with it's government supplied image, was supposed to get updates from a government supplied server... However it never did, which lead to it being open to Conficker and other such fun.

      And lets not forget that some malware goes out of it's way to prevent updates installing, but remain hidden from the user, who may think they're perfectly safe.

    3. twunt

      Now that it no longer requires any interaction...

      http://www.macworld.co.uk/macsoftware/news/index.cfm?newsid=3282239&olo=rss

      So now all you need to do is click on an infected link, it auto downloads and installs.

      I hope all those self righteous pricks who think they are above making mistakes get hit with this.

  12. Anonymous Coward
    Gates Horns

    real-time monitoring using signature database?

    > Of course there is - real-time monitoring of downloads, or all file access, can block malware that's present in its signature database regardless of what that malware is or how it propagates

    How does this monitoring identify unknown risks, and why not design the underling platform to not run any ole software.

This topic is closed for new posts.

Other stories you might like