Mac FUD, again Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 09/25/2009 8:31:58 PM PDT by Swordmaker
Russian cyber crime gangs after Apple's Macs, too, says researcher
Computerworld - A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.
In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."
But Samosseiko also said he had uncovered affiliates, which he dubbed "codec-partnerka," that aim for Macs. "Mac users are not immune to the scareware threat," said Samosseiko in the research paper he released at the conference to accompany his presentation. "In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software."
One example, which has since gone offline, was Mac-codec.com, said Samosseiko. "Just a few months ago it was offering [43 cents] for each install and offered various promo materials in the form of Mac OS 'video players,'" he said.
(Excerpt) Read more at computerworld.com ...
Mac threats may be rare, but they do pop up from time to time. In June 2008, for example, Mac security vendor Intego warned of an active Trojan horse that exploited a vulnerability in Apple's Mac OS X.
FUD! There was no "active Trojan Horse" in the wild. In fact, the ArdAgent vulnerability was announced by Apple when they patched it. What Gregg Keizer and Computerworld were reporting was not an active, in-the-wild Trojan but a DISCUSSION on a hacker board about what kind of things COULD be done with a Mac IF they could get such an Ardagent Trojan installed, and IF the Root user was activated on that computer. While the ArdAgent buffer overflow DID exist, and patched in both Tiger and Leopard, the Trojan DID NOT and DOES NOT EXIST! This was merely a theoretical discussion by people who did not know how to actually accomplish what they were theorizing about.
"Computerworld (June 21, 2008) - Security researchers reported last week that they have spotted a Mac Trojan horse in the wild that could compromise machines running Apple Inc.'s Mac OS X 10.4 or 10.5.
Last Thursday, SecureMac, a Mac-specific vendor of antivirus tools, posted an alert saying that its researchers had found a Trojan horse, dubbed "AppleScript.THT," being distributed from a hacker-operated site where discussions of spreading the malware via iChat, Apple's instant messaging and video chat software, were also taking place.
The company classified the threat posed by the Trojan as "critical."
The malware exploits a recently publicized vulnerability in the Apple Remote Desktop Agent (ARDAgent), part of Tiger's and Leopard's Remote Management component. Composed as a compiled AppleScript, or in another variant, script bundled into an application, the Trojan leverages the ARDAgent bug to gain full control of the victimized Mac."
Since ROOT is not activated on Mac OSX by default, the proposed malware could not have "gain(ed) full control of the victimized Mac."
The article in Computerworld that announced this "active Mac Trojan" garnered all of eight comments. . . hardly what would be expected of major critical Trojan in the wild.
Last January, a different Trojan was found piggybacking on pirated copies of Apple's iWork '09 application suite circulating on file-sharing sites.
Last January, a different Trojan was found piggybacking on pirated copies of Apple's iWork '09 application suite circulating on file-sharing sites.
This is true. Someone put up a modified copy of Apple's iWork'09 Free Trial Version (which could have been downloaded for free from Apple's website) with a trojan attached to two bitTorrent sites.
However the bogus, adulterated files were quickly discovered and taken down. The bitTorrent sites reported that the total downloads while the files had been available were in the "dozens." The Trojan, on analysis, did not do what it was designed to do, which was to send a copy of itself to every address in the infected Mac's addressbook. It didn't work.
If you want on or off the Mac Ping List, Freepmail me.
“as Microsoft prepares to release Windows”
No prepares. Its out already. I’m running 7 Ultimate now. Its faster than any other OS I’ve run, including Snow Leopard (which is on my MacBook).
No, it isn't officially available for sale. Microsoft will officially release it, officially, on it's official release official date of official October, official 22nd, official 2009.
;^)>
I don’t care if Win7 is is faster than warp 9.
Love my Macbook with Snow Leopard on it:)
bookmark
It's pretty slick, ain't it? Wonder if it will install on a MacMini? Heck, even in a fully virtualized environment on SUSE it's pretty fast.
I have just reviewed the actual report on "THE PARTNERKA – WHAT IS IT, AND WHY SHOULD YOU CARE?" (PDF reader required for non-Mac users.) It's really a quite interesting look into the seamy underbelly of Internet Commerce.
With it's breathless, scare tactic FUD headline, Computerworld gives the impression this researcher was researching Macs and their vulnerabilities. However, the thrust of the article is not about Apple, Macs, or even "hijacked computers." In the entire six pages of the report, the string "Mac" is found only five times referring to Mac computers, four of them in the following paragraph,
"Mac users are not immune to the scareware threat. In fact, there are ‘codec-partnerka’ dedicated to the sale and promotion of fake Mac software. One of the recent examples is Mac-codec.com. At the time of writing this article, the site is no longer available, but just a few months ago it was offering $0.43 for each install and offered various promo materials in the form of MacOS ‘video players’."
The Mac paragraph, which is included in the article out-of-the-blue, is dropped almost jarringly into the middle of a section discussing the lucrative profits "partner" websites can garner from participation in these unethical and criminal practices. The placement of the Mac paragraph appears to be a non-sequitur in relation to the overall topic of the section. I get the impression that the author was told to mention Macs being vulnerable into his article. It appears to be an afterthought.
The other instance of "Mac" is in the heading for a graphic of the mentioned Mac-codec.com site. That there were Mac Trojan Codec download sites is not news. The first of the two known Codec Trojans appeared almost three years ago. Macs are not mentioned again, anywhere in the article.
As I said, the comments about Macs are not at all the thrust of the research or the subject of the article, but Computerworld leads their article with "Hackers pay 43 cents per hijacked Mac" even though the dollar value of the infected Windows machines is apparently much higher because of the opportunity for each to infect other PCs. What they are talking about in that one paragraph, is that Mac users can be susceptible to the social engineering used by malware purveyors to peddle their wares, or to induce a mark to download their Trojan. It really has nothing to do with the OS. Just like all other computer users, Mac users are human.
The report DOES NOT even relate to "hijacked computers" except secondarily. What it does investigate and discuss is the Russian connection to the sale of Canadian Pharmaceuticals through spammed email, Trojan video codexes, and useless, Scareware anti-malware applications and the web-sites that host the scareware. The first, Canadian Pharms, is almost legit except for the spam used to market it, compared to the other two.
The Scareware has to do with ad pop-ups that announce to the user that the XYZ Anti-Virus company has scanned their computer and found it infected with a virus and offers to remove it. Clicking on the Pop-up ad takes the user to a site to buy the "cure" for the found viruses. Buyers of the anti-virus receive nothing of value. Websites who agree to use this underhanded scareware approach to sales, receive a commission of up to $30 per sale from the publisher. While there have been a few reports of platform selective pop-up warning, very few Mac users would believe the warning or accept the offer because they "know" their computers don't get viruses, however, apparently lots of Windows users, expecting viruses, will.
Alternately, the video codec scams involves another version of the pop-up, usually found on bogus Porn sites, which would announce that a specific Codec is needed to view the content on the bogus site. Clicking on it would start a download of the required "Codec", but which is actually a Trojan Horse for either Mac (only two varieties with about a dozen variants) or Windows (thousands of possible malware). On a Mac, the user will be presented with a warning that the downloaded file contains an executable applications and gives the user a chance to cancel the download. The Mac OS will again warn the user when he first runs the bogus applications, giving the user a chance to stop the run. On Windows machines, the download installs automatically. In either case, the website operator is compensated for the download.
Because of all the warnings on the Mac, the odds of any user actually installing the fake Codec are slim. In addition, because of the lack of other viable re-transmission vectors for OSX, infecting a Mac is highly unlikely to result in any more infected Macs, thus not resulting in the huge botnets that are so lucrative to such malware purveyors. Perhaps this is the reason that a Mac Trojan Codec download was worth only 43¢. The website, Mac-Codec.com is now defunct, probably because so few Macs were being infected with the Codec.
You've heard of "The Long Goodbye" by Raymond Chandler?
This is "The Long Hello" by Steven Ballmer...
The release candidate versions have been out all year. I’ve been running the 32 bit on my laptop, and the 64 bit on my desktop gamer since...May? I forget exactly.
I get the impression that the author was told to mention Macs being vulnerable into his article.No surprise there. Thanks Swordmaker.
With it's breathless, scare tactic FUD headline, Computerworld gives the impression this researcher was researching Macs and their vulnerabilities. However, the thrust of the article is not about Apple, Macs, or even "hijacked computers." In the entire six pages of the report, the string "Mac" is found only five times referring to Mac computers, four of them in [a single] paragraph
My late mentor, Nobel Prize-winning economist George Stigler, used to say that it could be very instructive to spend a few hours in a library checking up on studies that had been cited. When I began doing that, I found it not only instructive but disillusioning.A footnote in a textbook on labor economics cited six studies to back up a conclusion it reached. But, after I went to the library and looked at those six studies, it turned out that they each cited some other study -- the same other study in all six cases.
Now that the six studies had shrunk to one, I got that one study -- and found that it was a study of a very different situation from the one discussed in the labor economics textbook.
. . . Nobody can afford the time to check out every claim of what "studies prove." Even with the help of outstanding research assistants, I can only check out some.
However, the big television and print media have ample financial resources to check out claims before they present them to the public as "news." But when "60 Minutes" didn't bother before basing a story about President Bush's national guard service on a forged document, do not look for a lot of zeal for facts when that could kill a juicy story or the political spin accompanying it. Let's face it. There is not much pay-off to checking original sources.
Once a minister was explaining to me the structure of his funeral orations. He said, "At this point, you are expected to say something good about the deceased. Now, Tom, if I were preaching your funeral, what would I say good about you at that point?" He thought and thought -- for an embarrassingly long time. Finally, he said gravely: "In his research, he always used original sources."
I'll take that.
"Studies Prove": Part II (Thomas Sowell)
Townhall.com ^ | August 10, 2006 | Thomas Sowell
Thanks for doing the research, Zwordmaker.
Our Mac G5 died yesterday. The internal power source fried. Our local small-town Mac tech couldn’t help. Had to drive it to San Antonio yesterday (75 miles one-way). They called this morning and it’s ready. $301. plus tax. *ouch*
Ouch.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.