Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Mac malware scam grows legs – MacGuard needs no password
Silicon Republic ^ | 27 May 2011 | John Kennedy

Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton

The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. It’s a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.

The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.

Since then a number of variants – MacGuard, MacSecurity and MacProtector - have arrived.

According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.

New variant requires no passwords

Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.

The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.

If Safari's "Open ‘safe’ files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.

If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.

“Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed,” Intego said in a warning note.

“This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.”

The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6’s Anti-Spyware feature detects this operation:

“Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.”


TOPICS: Crime/Corruption; Miscellaneous; News/Current Events; Technical
KEYWORDS: apple; garbage; osx; virus
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-130 next last
To: dayglored
That's plenty high enough level for me.

Many times the 'higher level' languages are harder to write in, harder to use, and more prone to errors.

I have used a higher level language that was the opposite of all that, but I found it to be one of the few exceptions to the rule.

101 posted on 05/28/2011 6:37:23 PM PDT by UCANSEE2 (Lame and ill-informed post)
[ Post Reply | Private Reply | To 96 | View Replies]

To: HereInTheHeartland
Real men love the sting of battle. Real men love the smell of the napalm of anti virus warfare. Real men know how to use AVG, AdAware, Spybot, and other manly pieces of home computer defense.
Sissies take the easy road and buy a MAC.

Windows 7 is very secure and locked down if you download and use Microsoft Security Essentials. Download the Windows updates too and you are covered. You don't need a brain to do those two things

  1. turn on automatic updates
  2. use Microsoft Security Essentials

and your home computer is covered. Corporate systems want more security but they employ IT guys to do this
Apple is not more secure than Windows 7 it is more expensive

102 posted on 05/28/2011 6:41:36 PM PDT by dennisw (NZT - "works better if you're already smart")
[ Post Reply | Private Reply | To 36 | View Replies]

To: Swordmaker

Windows threads? There are rarely Windows threads these days.


103 posted on 05/28/2011 6:43:26 PM PDT by dennisw (NZT - "works better if you're already smart")
[ Post Reply | Private Reply | To 86 | View Replies]

To: UCANSEE2
> Did you ever get the chance to use a DEC or a VAX ?

My first small computer (~1974) was a DEC PDP-8L (mag core, 4096 12-words of memory, an ASR-33 TTY and punched paper tape for I/O. I programmed it in PDP-8 assembler. Toggled in the paper tape boot loader at the front panel on switches. Those were the days!

In 1981 I ran RT-11 on an LSI-11/23, and later RSX-11/M. I was mainly doing engineering -- among other things, I designed an infrared earth sensor for use on geosynchronous communications satellites for IntelSAT in 1983 on the LSI-11/23.

In 1985 I was did a bunch of work on one of Cornell's VAX-11/780 machines, learned VAX DCL and EDT, and assisted with the engineering work on their computer-aided design facility. I later consulted there as a system admin and had an Ultrix DECstation 3100 as my personal desktop. That was the fastest Unix workstation around (MIPS RISC-based) and kicked some serious butt for those days.

So,.... yes. I've retained a fondness for DEC gear. It's a shame they didn't survive.

104 posted on 05/29/2011 1:32:02 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 99 | View Replies]

To: napscoordinator

A million times nothing is still nothing.


105 posted on 05/29/2011 1:45:19 AM PDT by Fresh Wind ('People have got to know whether or not their President is a crook.' Richard M. Nixon)
[ Post Reply | Private Reply | To 10 | View Replies]

To: UCANSEE2
The reason I mentioned it is because some freakin GENIUS already tried to SLAM ME for saying MAC instead of APPLE.

No, you probably got slammed for saying "MAC." The proper usage is "Mac"... not all upper case. It isn't an acronym. "MAC" is used by trolls. "MAC" is a cosmetic or a Media Access Control in computer terminology. "Mac" is the short nickname for the Macintosh computers line manufactured by Apple Inc. Trolls insist on using MAC, despite being told the proper usage to irritate Mac users... and they will do so repeatedly after being told the difference. That is why you probably got slammed.

106 posted on 05/29/2011 2:46:00 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 98 | View Replies]

To: r9etb; antiRepublicrat; dayglored; Mind-numbed Robot
All those words, all that shouting. Is it really that stressful to be a Mac user? Are you really that emotionally involved?

I intended to stress those words to get through to you... you don't seem to be getting the message. I thought maybe shouting would do it. You've been harassing Mac users for ten years, according to your own words... and now you are back. Being smug about your unwelcome advice that was USELESS during those ten years. Why should we listen to you now and pat you on the back for useless advice. Our decision to ignore you was validated for ten years. I think ignoring you now is an equally valid option. Your "Nyah, Nyah, Hyah, I told you so!" attitude about a single, easily avoided trojan is just as worthless as your ten years of previous worthless advice.

107 posted on 05/29/2011 2:52:10 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 97 | View Replies]

To: Swordmaker
Wow. You'd think I called your kid ugly or something.

I dunno.... is your kid ugly?

108 posted on 05/29/2011 7:08:27 AM PDT by r9etb
[ Post Reply | Private Reply | To 107 | View Replies]

To: r9etb; antiRepublicrat; dayglored; Mind-numbed Robot
I dunno.... is your kid ugly?

Nope, you have just been merely rude for ten years... and are repeating what you have told us is a pattern of behavior, and are being called on the carpet for that behavior.

109 posted on 05/29/2011 12:55:30 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 108 | View Replies]

To: Swordmaker

(rolls eyes)


110 posted on 05/29/2011 2:43:17 PM PDT by r9etb
[ Post Reply | Private Reply | To 109 | View Replies]

Comment #111 Removed by Moderator

To: dayglored
I've retained a fondness for DEC gear. It's a shame they didn't survive.

Me too. EDT could run circles around any editing package on an IBM type machine, or even word processing software on Modern PC's.

What I found most interesting was what the DEC CE told me. When I would call in for service, I would give the problem to the person at DEC SERVICE. He told me that I wasn't talking to a person, I was talking to a VAX.

The voice software that is around today (available commercially) still pales in comparison.

112 posted on 05/30/2011 12:00:57 PM PDT by UCANSEE2 (Lame and ill-informed post)
[ Post Reply | Private Reply | To 104 | View Replies]

To: UCANSEE2
> EDT could run circles around any editing package ...

While working on the 11/870 and using EDT, I also had an AT&T 3B2/300 desktop mini at home (SysV Unix), and no decent screen editor (unless you count vi). So I took the sources for MicroEMACS which were fairly new then, and rewrote the keyboard definitions and macro handling so that it aped EDT... called it "edtmacs". Got it running on SysV, ported it to BSD, MS-DOS, MacOS (yikes!), and even back to the VAX, just because. And used it on a proprietary embedded industrial process control computer I designed in the late 80's.

All because I couldn't give up EDT's power. There was a company whose name I don't recall who produced a slick EDT for the IBM-PC, so I must not have been alone in my loyalty. :)

> I was talking to a VAX.

Now, THAT must have been way cool!

113 posted on 05/30/2011 12:14:46 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 112 | View Replies]

To: dayglored
Now, THAT must have been way cool!

More like scary. I've have listened to plenty of Synthesized voices on the phone, and I can always tell.

Until that C.E. told me, however, I did not know that the voice on the Service Line was from a computer.

I also had a MAC SE (way back then), and it had voice software which would read any TEXT material to me. I could change from male to female voices, change the speed, and alter the inflection slightly. It was pretty good, but one could still tell it was synthesized.

Later on, I had Voice software on a PC. It sucked.

114 posted on 05/30/2011 8:38:46 PM PDT by UCANSEE2 (Lame and ill-informed post)
[ Post Reply | Private Reply | To 113 | View Replies]

To: for-q-clinton

I visited Drudge this weekend and the thing tried to get me.

I posted a screen shot of it here:
http://tinypic.com/view.php?pic=30cc083&s=7

I had to force quit Safari to make it go away.


115 posted on 05/31/2011 4:59:05 AM PDT by JohnnyP
[ Post Reply | Private Reply | To 1 | View Replies]

To: JohnnyP

Glad you caught it before it caught you. But man I can so see most mac users clicking OK to that.


116 posted on 05/31/2011 6:53:06 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 115 | View Replies]

To: Swordmaker
but the fact remains there are still ZERO zero self-replicating, self-transmitting, and self-installing viruses, worms, or other malware in the wild that do not require some user assistance to invade a Mac!

LMFAO! How many more qualifiers do you need? I think at the 3rd qualifier...it's pretty much over. You know one could do the same for windows as well. Or Linux.

117 posted on 05/31/2011 6:56:02 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 92 | View Replies]

To: dayglored
You know, like the thousands of real self-replicating viruses that have plagued Windows over the past decade.

Really? Ok, let's see that list that has plagued the latest version of windows. After all we are only talking about OSX here and not the previous disaster of an OS OS9.

But I'll even concede and let you show the THOUSANDS of self-replicating viruses going back to Vista the previous OS for Windows. Heck if you will show Thousands than I'll even say XP is fair game.

Or was that just another Macbot insult that macbots NEVER do and will say it never happened when called out on it later?

118 posted on 05/31/2011 7:01:55 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 95 | View Replies]

BTTT


119 posted on 05/31/2011 7:04:23 AM PDT by DollyCali (Don't tell God how big your storm is... tell your storm how BIG your God is!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2; Swordmaker

I find it funny that they take calling a Mac MAC as an insult. I honestly did it because I didn’t know the difference way back when and still do it because for some reason it sets off their OCD and they can’t talk or see straight until it’s fixed. Just like when referring to a “virus” in the general terms of a virus as most computer users understand it to be. They start twitching and shaking and don’t understand anything when you call it a MAC and use virus in the generic sense.

Do that and they avoid the whole issue that the MAC had a real world virus that they said would be impossible because the user would have to enter his password to catch that virus.

Let me translate that for the macbots: “Mac had a real-world malware infect their machine which they were assured it would be impossible to get infected without using their admin password.”


120 posted on 05/31/2011 7:06:08 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 98 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-130 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson