Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Mac malware scam grows legs – MacGuard needs no password
Silicon Republic ^ | 27 May 2011 | John Kennedy

Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton

The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. It’s a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.

The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.

Since then a number of variants – MacGuard, MacSecurity and MacProtector - have arrived.

According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.

New variant requires no passwords

Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.

The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.

If Safari's "Open ‘safe’ files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.

If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.

“Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed,” Intego said in a warning note.

“This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.”

The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6’s Anti-Spyware feature detects this operation:

“Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.”


TOPICS: Crime/Corruption; Miscellaneous; News/Current Events; Technical
KEYWORDS: apple; garbage; osx; virus
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-130 last
To: for-q-clinton; Swordmaker
>> You know, like the thousands of real self-replicating viruses that have plagued Windows over the past decade.

> Really? Ok, let's see that list that has plagued the latest version of windows. After all we are only talking about OSX here and not the previous disaster of an OS OS9. But I'll even concede and let you show the THOUSANDS of self-replicating viruses going back to Vista the previous OS for Windows. Heck if you will show Thousands than I'll even say XP is fair game. Or was that just another Macbot insult that macbots NEVER do and will say it never happened when called out on it later?

Don't call me a "macbot", since I'm not one.

I said "decade" and I meant "decade". Of course XP is fair game, as it was the major OS of that decade.

OS-X is 10 years old. In 2001, in the Windows side, WinXP was brand new, Win2K was current, Win98 was still in use. On the Mac side, OS-X was brand new, and OS9 was in fairly wide use. There were a good number of OS9 and Win98 viruses at that time.

Within a year or two, Win98 and OS9 were gone, Win2K was old hat, and WinXP and OS-X were current. OS-X has been through half a dozen major releases. Vista fell over and died, and Win7 is current. However, WinXP remained the major Windows version in use until quite recently.

Between 2001 and the present, there have indeed been thousands of Windows viruses in the wild. Most attacked WinXP because it was the most popular and widespread OS in the history of the world, and it had plenty of vulnerabilities to exploit. Luckily for those of us who work with Windows all day every day, Win7 has closed most of those vulnerabilities, and is a very solid and secure OS. Windows has come a long way in the past decade. Those of us who have been computing for many decades (myself, four) consider that Windows is finally growing up in this most recent one.

Meanwhile, I'm tired of you displaying your apparent ignorance of history and the industry. I daresay you would be a much more interesting correspondent and commenter if you knew more about the topics you so like to rant about, so I encourage you to read up on them. Good night.

121 posted on 06/01/2011 12:57:24 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 118 | View Replies]

To: for-q-clinton
Or was that just another Macbot insult that macbots NEVER do and will say it never happened when called out on it later?

In what way was a comment about the sheer number of malware afflicting Windows of ANY variety an insult? Or are you now an avatar or personification of Microsoft Windows in all of its incarnations, for-q-Clinton?

122 posted on 06/01/2011 1:37:09 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 118 | View Replies]

To: JohnnyP
I visited Drudge this weekend and the thing tried to get me.

Same thing on my Wife's computer. I thought it was Drudge. Force quit and no problem.
123 posted on 06/01/2011 1:44:16 AM PDT by PA Engineer (SP/AW12: Time to beat the swords of government tyranny into the plowshares of freedom.)
[ Post Reply | Private Reply | To 115 | View Replies]

To: for-q-clinton
Glad you caught it before it caught you. But man I can so see most mac users clicking OK to that.

Why?
124 posted on 06/01/2011 1:45:08 AM PDT by PA Engineer (SP/AW12: Time to beat the swords of government tyranny into the plowshares of freedom.)
[ Post Reply | Private Reply | To 116 | View Replies]

To: for-q-clinton
After all we are only talking about OSX here and not the previous disaster of an OS OS9.

Never had a problem with OS9. What problems did you have?
125 posted on 06/01/2011 1:46:29 AM PDT by PA Engineer (SP/AW12: Time to beat the swords of government tyranny into the plowshares of freedom.)
[ Post Reply | Private Reply | To 118 | View Replies]

To: PA Engineer

If I hadn’t read about it on another thread I may not have known what to do. But, I remembered someone else said it happened when they went to Drudge, and they used force quit.

Kind of scary that it can take over your computer to that extent.


126 posted on 06/01/2011 5:36:04 AM PDT by JohnnyP
[ Post Reply | Private Reply | To 125 | View Replies]

To: PA Engineer

Pretty much all the issues Jobs acknowledged and more. The biggest issue was the constant crashing.


127 posted on 06/01/2011 6:32:04 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 125 | View Replies]

To: Swordmaker

The old bait and switch. Put the most current version of OSX up against a 10 year old operating system.

Kind of like comparing Windows 7 to OS9 then declaring Mac OS sucks because Win7 is so much better than OS9.


128 posted on 06/01/2011 6:33:31 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 122 | View Replies]

To: dayglored

So OSX hasn’t had any minor or major revisions in the past 10 years?

Also where are the list of thousands of viruses? Not malware, but self replicating viruses (be sure to include all the most restrictive qualifiers in that definition of virus as the Macbots do).

I’ll be waiting for that list of thousands. As a bare minimum that means you need at least a list of 2,000 to support your claim.


129 posted on 06/01/2011 6:35:37 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 121 | View Replies]

To: for-q-clinton; Swordmaker
> So OSX hasn’t had any minor or major revisions in the past 10 years?

Of course it has. Why do you ask such a dumb question? Please get back to me when you've re-read the comments above, and understand the topic, which is "the last decade of Windows and Mac operating systems".

> Also where are the list of thousands of viruses? Not malware, but self replicating viruses (be sure to include all the most restrictive qualifiers in that definition of virus as the Macbots do). I’ll be waiting for that list of thousands. As a bare minimum that means you need at least a list of 2,000 to support your claim.

There have been dozens of articles posted in the tech press for years, mostly by the Windows antivirus researchers, of course, which differ in the details, but basically say there have been upwards of 10,000 Windows malware releases, with minor variants taking the total to around 100,000. Of those 10,000 basic ones, some percentage are true viruses according to the definition we use here. Depending on which researcher wrote a given article, the figure varies between 20% and 30% for the ones I recall reading. 20-30% of 10,000 qualifies as "thousands".

Not surprisingly, the true viruses have becomes far less numerous with the advent of Win7, and now most of the attacks are social engineering attacks on the user, like the one for the Mac that started this thread.

No, I'm not going to list thousands of virus names here, any more than I would list all the names of the residents of New York City -- it should be sufficient to say "around 8 million people" because that's the generally accepted figure. If you don't want to take the word of the AV researchers, fine, but then I'll ask that you take your trolling to them rather than clutter this thread any further.

Have a good day.

130 posted on 06/01/2011 7:15:26 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 129 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-130 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson