back to article Mac security site littered with malware

A Mac security site has a forum full of links to actual malware which targets Apple computers. Discussion forum posts on Macvirus.org seek to trick users into downloading the RSPlug-Gen Trojan, a type of malware capable of infecting Apple Macs. For good measure, the site also harbours posts designed to dupe prospective marks …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    So...

    Where do you go for some good Mac anti-malware/virus software? Preferably the free kind...

  2. Anonymous Coward
    Jobs Horns

    Cue the Cult Of Apple

    Just waiting for the

    'But it only affects you if you click ok and put your password in and only an idiot will do that, it's so much better than windows'

    While ignoring the fact that the majority of malware for Windows requires EXACTLY the same thing. Many users will see this and just think 'it's a codec to play the video, so I need to install it' and happily do just that - probably more so with the Mac crowd as an awful lot of them are so smug they think that OSX is invulnerable and malware will never affect their beloved OS. Windows users on the whole are a lot more sceptical these days and many (although not all) will do a quick search on google to see if something asking to be installed is legit or malware.

  3. Anonymous Coward
    Paris Hilton

    RE: So...

    I knew that question would be asked one day! Running AV on a Mac suddenly isn't so stupid after all, is it?! (before somebody says "M$ fanB0y", I hate to disappoint, been a Mac user myself for years).

    Paris, because she likes downloading random crap off the Internet.

  4. Joey

    Re: Preferably the free kind

    Why should it be free? Do you really expect someone with talent to spend their time supplying you with free software or food, drink and place to crash for that matter. Why should they? Why should you expect them to?

    Free, means "of little value" and that is generally what you get. All viruses are free. When did somebody last pay for one?

  5. Graham Cluley

    The nom de plume

    Just so you know, the "x"'s in the name "GxxxxBxxxxxx" are our way of hiding the real pseudonym he used.

  6. Andy

    Nah...

    Running AV on a Mac is still a waste of time and money. Not being an idiot is your best protection - software can't stop malware harming your computer if you give it your permission. The whole security circuit is just a scam, they make money by spreading fear.

  7. Anonymous Coward
    Anonymous Coward

    @Joey

    I am most certainly not a freetard, what I meant was that I'd like something like AVG, that I use on my Windows boxes, free for a basic version, far more functionallity if you pay. I'm not talking about ripping off someones software.

    Now if you want to talk about free and profiting from other's work, just take a look at the OS-X kernel...

  8. Steve Ives

    Can AV software prevent malware?

    and I mean malicious software programs - not virii or trojans etc.

    I could provide a set of instruction (for the uninitiated) that would turn Disk Utility into malware.

    Steve

  9. Anonymous Coward
    Thumb Up

    AV for MAC

    Try this, http://www.clamxav.com

    or I think Avast do a AV product for the MAC but is chargable

  10. Shakje

    Re: Andy

    You're right of course, but on the other hand you have Mac users who are being told by the company that makes their hardware not to worry about virii, so why should they worry about common sense? They've never had to worry about downloading files from a site, especially a security site before, so why now?

    Is the name GreetBritany?

  11. Giles Jones Gold badge

    Erm?

    "While ignoring the fact that the majority of malware for Windows requires EXACTLY the same thing."

    XP doesn't require your password, Vista does, but the access controls are so annoying people turn them off.

    Not to mention that if your installer was released and compiled with the Windows API prior to Vista then Vista determines what to do based on the filename!!! so if it's called Setup.exe it asks for a password, otherwise it doesn't!!!

    Mac viruses are much less common for a few reasons, firstly who is going to buy a premium computer and then write software to destroy it? secondly it is a more secure OS without question. Security controls and permissions where there from day one of OSX. Windows has had to retrofit it and the behaviour of older applications doesn't fit with the new security model of Vista, so Microsoft has left gaping holes for backward compatibility purposes.

  12. Anonymous Coward
    Happy

    ...Let's get this straight...

    ok so:

    1- Mac users, who have nothing to fear but fear itself, go to a site called Macvirus.org to keep an eye on Mac Virii - a concept about as solid as phlogiston.

    I would imagine the site gets about five hits a year?

    2- Same Mac users are pleasantly surprised to find distraction from their - utterly pointless - security concerns by a supposed erotic video thingy by a troubled chanteuse who has had her escapades plastered all over the net forever - it's not as if one has to try very hard to find this sort of material.

    3- Happy to find such extraordinary and rare material up for grabs - on a security forum no less! - these people go to download and authorize an obviouly bogus codec for a video they were not even looking for.

    4- These very same people who obviously must have /some interest in computer security in order to even consider visiting a forum with an obviously tediously topic as macvirus - these folks have not seen the news in the past ten years extolling the virtues of social engineering, the "I Love You" virus and countless "Anna K. in compromising positions" hoaxes and whatnot, and are happy to ignore the fact that they are their own biggest enemy whenever they decide to download dubious smut requiring one to authorise the installation of players/codecs/dialers/adware.

    5- We are actually expected to care that there are some perverts on a roll to secure their system, who get it compromised through their own greasy fingered stupidity.

    cue PhanBoj flame :P

    A smiley because I can't stop smiling. This is just too funny.

  13. Anonymous Coward
    Anonymous Coward

    @Giles Jones

    Vista doesn't only use the filename for privilege escallation. It will alos ask you when it NEEDS to. The Setup.exe thing is a feature to save you going partway through an install before doing it.

    "Vista does, but the access controls are so annoying people turn them off"

    It's is more annoying on my Mac since it asks me for a password everytime, whereas on Vista it is just a boolean.

    Macs are good, but don't be so blinkered to their flaws.

  14. Anonymous Coward
    Anonymous Coward

    virii?

    I'm pretty sure the plural of virus is viruses, and that virii is a made-up word. Possibly used in some previous comments in an attempt to sound more intelligent.

  15. Anonymous Coward
    Anonymous Coward

    My own reasons for prefering Mac

    Fortunately I like the Mac for many other reasons besides the less frequent occurances of a virus and malware. One, it is easier to fix software components that go bad and not lose or have to reload alot of personal data. Two, it is much more user friendly for the computer stupid people while still being powerful for the opposite people. Three, I can now, if I actually CHOOSE to, dual boot my Mac to run Windows.

    That being said, I have been using windows since version 3.1. I have not been impressed with Windows since W2K although I have been supporting XP since it came out. I also haven't supported Vista yet but after all the facts I read about it and Microsoft's blantantly obvious, laughable attempts to boost Vista's credibility, I'm not so eager to want to. Like the BOFH, I'm more inclined to run a Vista emulator by turning on all the flashy crap in XP, dumbing down my processor, removing half my memory and breaking Windows Media Player.

  16. Shakje

    Re: My own reasons for prefering Mac

    You shouldn't touch Vista with a barge pole, your two grand Mac won't run it then you'll complain about Vista being too slow.

  17. Steven Hunter
    IT Angle

    Why is this news?

    Some idiot has a poorly managed forum that has been invaded by SPAM bots... That happens all the f@#king time, so why is this news?

  18. Peter Gathercole Silver badge
    Boffin

    For goodness sake...

    How many times to we have to have this same argument Windows vs. Mac vs. Linux.

    There is no perfect solution to the problem as long as you have mechanisms to make the use of a system easier. Easier on the surface == complex under the covers. It does not matter if it is the sudo model that is in OSX or Linux, the Role based securtiy model of Vista or the "lets just do it" model of XP running as administrator. The basic problem still exists in that you need to do something out-of-the-ordinary, and you either trust it, or ask some form of question.

    In every case, unless the user is really on the ball, there is always the chance that something nasty could get through. The Unix model (different from popular Linux distro's) of putting the code in your own non-privileged space is about the only robust model there is, as you are very unlikely in a properly run system to import anything that will affect anyone other than yourself. That's not to say that a 'bot or a trojan will not get through, but other users of the system are unlikely to be compromised. I am deliberately ignoring the lack of binary compatibillity, which is not what I am arguing.

    Of course, this means that everyone who wants to use a particular browser extension or version of Java will have to install it themselves, and it is possible for things to be run when you are not logged in (just put it in cron), but this is quite easy to spot.

    So, lets just agree that it is a knotty problem, accept that different OSs do it differently, and leave it at that.

  19. Anonymous Coward
    Jobs Horns

    RE My own reasons for prefering Mac

    By your own admission you haven't touched Vista, yet feel qualified to bad-mouth it. If that isn't a bad case of 'I'm so anti-ms I can't be objective anymore' I don't know what is. In case you hadn't realised it, more and more people are coming forward with very positive experiences of Vista as demonstrated by the recent comments to the El Reg article 'Why I downgraded Vista to XP'

    http://www.theregister.co.uk/2008/03/12/freeformdynamics_vista_downgrade/

    Once you get used to the fact that it works differently than XP, it's really quite good. Most of the negative things about it are coming from people like yourself, or those who tried it for 5 minutes and because it was different ran away crying

  20. Franklin

    Not just this Mac site...

    I've noticed this same attack against a very, very large number of forums--primarily those running phpBB and PHP-Nuke in the last four or five weeks. Planting bogus spamvertisements that redirect to malware sites into forums and guestbooks is nothing new, of course, but in the last few weeks, using security holes in badly-secured forum software to plant redirectors to Mac and Windows Trojan downloaders really seems to have skyrocketed.

    Most likely, the attacks are automated; many of the redirectors placed in the forums have the same copy. In several cases, they redirect to the same fake codec downloader sites talked about in the Register article at

    http://www.theregister.co.uk/2008/03/06/googe_iframe_piggybacking/

    The attacks are becoming both increasingly frequent and increasingly sophisticated. In some cases, the redirectors look at a user's referrer and only forward to the virus-dropping sites if the user comes from certain domains (most commonly Google). In other cases, the payload site serves up a fake porn page and then redirects the user to either a Mac or a Windows Trojan download script based on the browser's user agent. Sometimes, the sites won't redirect to the payload dropper script if they're accessed repeatedly from the same IP address, presumably to throw off security researchers and/or ISP abuse teams.

    I've seen payload sites that host these Trojans all over the place, but so far every one I've seen without exception is hosted on a domain registered by the same domain registrar--estdomains.com.

    The Mac version of the Trojan is still quite rare, but I've seen a few systems that are infected. The Mac version is easy to remove without antivirus software. Mac users who wish to protect themselves with antivirus software can use the free ClamX AV, which has a fairly low footprint (for antivirus software) and does the job nicely. ClamWin on the PC is a free AV program that works as well.

    I recommend that Mac users stay away from Norton Antivirus. I've had a large number of clients who've had very serious problems with it, including kernel panics, data-corruption issues, network file copy issues, and problems with poorly-constructed antivirus .dat updates which can falsely flag harmless files as "viruses."

  21. Graham Bartlett

    @Andy

    See the AC post a little earlier: "But it only affects you if you click ok and put your password in and only an idiot will do that, it's so much better than windows". Congrats for being the first, dude. ;-)

  22. Anonymous Coward
    Dead Vulture

    Is Webster off sick today?

    That's two wide open goals for him that I've read on El Reg today and nary a peep from everyone's favourite spittle-flecked 12 year old...

  23. Mike Flugennock
    Happy

    I've got just two words for you guys:

    Little. Snitch.

    Something like twenty-five bucks -- I bought a copy as soon as I got a G4 and moved up to OSX -- and a bargain at twice the price.

    One of my first invocations of what would become one of my favorite phrases in the English language -- "Deny Forever" -- was against Adobe.com, when my Acrobat editor and reader attempted to connect to Adobe and auto-update themselves when I was installing them, and every time I started them after that. P'whah. Shortly after that followed Macromedia, TroubleClick, et. al. Mwoooaaa ha ha ha haah.

    Generally, one rule of thumb I've found useful in _most_ cases was the out-of-hand Denial Forever of "dotted quad" numeric IP addresses.

  24. J
    Joke

    @Joey

    "Free, means "of little value" and that is generally what you get. All viruses are free.

    When did somebody last pay for one?"

    Well, I've heard there ARE people who buy Vista and other Microsoft offerings, so someone must be paying...

  25. Anonymous Coward
    Anonymous Coward

    @Paul

    Thanks, will check it out...

  26. Tobias Liebhart
    IT Angle

    News for news sake

    If there are no News to feed upon (well, mostly silly Apple Headlines), we create them to have our forums full of fanbois (be them MS or Apple) again. Same Discussions over and over again - grow up, people!

    Windows -> use it, hate it for work, love it for games

    Osx -> use it, love it for work, hate it for games (except old classic - OS6-9 games)

    Linux -> doesn't use it and doesn't like / hate it therefore

    BEOS -> even though dead (except HAIKU) i love it

    Vista -> no comment

    bash me!

  27. Anonymous Coward
    Coat

    Re: Preferably the free kind

    "Free, means "of little value" and that is generally what you get."

    Maybe you'd like to go and tout this definition to a few FOSS advocates.

    I am a happy user and contributor to several free open source software projects and I find it rather more valuable (i.e. better) than the highly priced crap sold by numerous companies.

This topic is closed for new posts.