Sign in / up

back to article Apple strikes back with update blocking new scareware

Apple has updated Mac OS X to detect a piece of scareware that managed to bypass its malware-blocking measures. As previously reported, a variant of a rogue antivirus package known as MacDefender was introduced on Tuesday that evaded the malware protection feature built into the latest version of the Mac operating system. In a …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    And another thing...

    Also, "Safe downloads list"? Should surely be called "Unsafe downloads list", shouldn't it? Don't suppose it's really a white-list....

    And therein lies the problem. How long will it be before someone starts appending random garbage to the ends of the installer files so that every single download has a different signature?

    2 0
  2. Anonymous Coward
    Anonymous Coward

    Good article

    Apparently Facebook has already managed to block the attacks:

    http://www.f-secure.com/weblog/archives/00002173.html

    F-Secure also has some interesting discussion about what will happen when Google Images finally successfully blocks the malware links showing up there, effectively bursting this bubble.

    http://www.f-secure.com/weblog/archives/00002175.html

    Finally Sophos adds:

    "It also appears that this malware is using the tried-and-true affiliate distribution method. The writers recruit other people to perform black-hat SEO, infect web pages and post blog spam and assign each one a unique affiliate ID to use in the URL for their traffic.

    This allows the criminals to track which affiliate referred the victim and pay them a commission upon purchase of the fake software, enabling the criminals to cast a much wider net by sharing a portion of the profits with their "affiliates.""

    http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/

    Affiliate malware, who would have thought...

    But surely if the affiliate ID parameter in URLs has been identified, Google can use it to block the links, both in Images and via their Safe Browsing service that is used by Chrome, Safari and Firefox.

    http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html

    0 0
  3. Boris the Cockroach Silver badge
    Linux

    How long

    until they start targeting us linux users

    Although the best defence I've seen is to set your window frame colours to a non-standard setting

    'Hmmmm I have a nice green frame, yet this popup window scanning my HDD is in light blue....."

    4 0
    1. ThomH
      Reply Icon

      You're probably quite safe

      Demographic differences are the most relevant thing I think - amongst the Mac demographic is a significant group of people with no technical grounding. A desktop Linux user is unlikely to believe that there's some magical piece of antivirus software installed that they didn't know about, and weirdly never saw before becoming 'infected', or alternatively that you can virus scan from within a browser, and is very unlikely to act without secondary confirmation (by manual inspection of the filing, possibly) and without first checking the web for suitable open source tools.

      0 0
      1. Sean Baggaley 1
        Reply Icon
        WTF?

        Oh?

        You might want to take a good, hard, look at Android. Which is built on Linux (albeit an increasingly divergent fork of it).

        Also, I seem to recall a bunch of netbooks originally appearing with various flavours of Linux on board. Are you seriously claiming every single one of them has only been sold to knowledgeable IT people? I'd love to see your evidence if so.

        Every human being on Earth suffers from some degree of ignorance. It's not limited to platform, career, or intelligence: it's just not possible to know everything about everything today.

        1 1
      2. Barry Lane 1
        Reply Icon
        IT Angle

        @ ThomH

        "...amongst the Mac demographic is a significant group of people with no technical grounding."

        Like every pee-cee user has a degree in anything vaguely techy. Anyway, research has shown that Mac users are better-looking, smarter, richer and more fun to sleep with. Or was I only dreaming that last part?

        1 0
    2. Tchou
      Reply Icon
      Holmes

      Exactly what

      saved me a couple of times.

      I run Windows 7 with zero graphical features, you can be sure 100% of fake OS interfaces on the web are standard ones.

      Too bad you can't (as far as i know) have a "naked" interface on Mac.

      0 2
      1. Steven Knox
        Reply Icon
        IT Angle

        @Tchou

        "I run Windows 7 with zero graphical features,"

        Really? CMD or PowerShell?

        1 1
  4. VS Dude
    Facepalm

    Futile

    Will Apple re-re-release this "protection" when the malware installer simply changes its name? This is like playing whack-a-mole. A more comprehensive approach (or a more intelligent, behavioral one) is required when dealing with this issue.

    1 1
  5. Tchou
    Holmes

    The real fun will

    begin when an obfuscated malware will find its way through the AppStore.

    In the meanwhile, the folks can just recompile with another compiler or change really small pieces of code to get a different signature that Apple will have to add to its detection tool.

    They'll always be one step ahead.

    And heuristic is no help as the trojan (for what i have read) perform zero suspiscious actions...

    2 2
    1. Framitz
      Reply Icon

      The game of catch up has begun for Apple

      MS is still playing and failing in this game.

      Now Apple is joining too.

      It's a game that does not end, so have fun Apple.

      1 0
  6. Anonymous Coward
    Thumb Down

    Default settings?

    Is that how mac security comes out of the box, with everything except safe downloads auto-update turned off? Not impressed if so. Apple are in danger of ending up repeating every mistake M$ ever made only about a decade later...

    1 0
    1. Chris_Maresca
      Reply Icon

      No

      ... it's enabled by default. Also, no user has root-level privileges, everything runs in userspace.

      Even when installing apps, you do so as 'admin', which is not the same as 'root'. It's a lot harder to fully compromise a Mac since, unlike Windows, no user has root level privileges unless they are explicitly (and difficultly) granted.

      That's not to say you couldn't have serious security problems while running in userspace, but it's not nearly has bad as every user having full control over the machine's core...

      1 0
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        RE:No

        Administator on windows isnt the same as root, the system account would be, system has all permissions on the OS, the default administrator account / group doesnt.

        1 0
  7. Anonymous Coward
    Anonymous Coward

    Best anti malware

    A little appropriate knowledge and a generous helping of weapons grade cynicism.

    7 0
  8. Adrian Esdaile
    Windows

    Begun, this clown war has.

    Fear leads to anger,anger leads to hate,hate leads to suffering,suffering leads to the Dark Side.

    0 0
  9. g e

    install.pkg

    Presumably a lot of pkg files are called that?

    Instant installer DOS attack?

    Hope they're checking filesizes as well. If not then hey, you can have this advice-101 for free, Apple.

    0 1
  10. Anonymous Coward
    Anonymous Coward

    Computer licence

    Boy are people thick!

    Maybe we should insist that people have a computer licence, similar to the driving licence?

    Lets make sure the number of these halfwits is kept to a minimum.

    0 0
    1. Anonymous Coward
      Reply Icon
      FAIL

      re: Maybe we should insist that people have a computer licence

      Because yeah, licensing drivers keeps all the idiots off the roads.

      1 0
This topic is closed for new posts.

Other stories you might like