Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton
The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. It’s a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.
The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.
Since then a number of variants – MacGuard, MacSecurity and MacProtector - have arrived.
According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.
New variant requires no passwords
Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.
The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.
If Safari's "Open ‘safe’ files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.
If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.
“Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed,” Intego said in a warning note.
“This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.”
The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6’s Anti-Spyware feature detects this operation:
“Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.”
Does Intego recommend you download their software to take care of this? Or are they just doing this as a service?
Are you still claiming this is a scam by the AV makers?
Try to do a little research first: http://www.bing.com/search?q=mac+guard+virus&go=&form=QBLH&qs=HS&sk=&pq=mac+g&sp=1&sc=8-5
maybe you’ll listen to Apple:
http://support.apple.com/kb/HT4650
Looks like they will take a couple/few days to fix it. OMG! why so long?
No, it's not a virus, it's another social engineering trojan. A nasty one, yes. But not a virus -- it does not spread on its own. User action is still required.
I -do- wish you would learn something about this topic before so gleefully posting misinformation.
Do you work for an anti-virus software vendor? You use all their bogus scare tactics. Just askin'...
BTW, this is about the tenth thread on this topic, and yours has nothing new (the bit about not requiring a password has been out for days). Do you really think there's even one person out there, living under a rock, that hasn't heard about it yet?
You might also take a moment to point out that Apple is responding to this malware with a free security update, I think within the next few days. There are numerous threads on that already, you can look it up.
You and your cohort can resume your little juvenile "We Hate Apple, Aren't We Cool" party now.
Is this Mac malware or McMaleware?
you mean this article: http://support.apple.com/kb/HT4650
I just posted in the other thread on this. And why does it take apple so long to get a virus patch out?
I guess they are wanting to push 3rd party AV...as the 3rd party OSX AV products already fix it.
Anyway...no password needed and you get a virus. Hey weren’t you one of the people who claimed you could not install a virus/malware/trojan/zipidy doo dah...whatever you want to call it without a password? If so, you were wrong.
>Even with this virus, MACs are million times better than those cheap HPs.<
True.
But stop blowing smoke up my ass that Macs NEVER GET INFECTED and that “Oh, it’s impossible to crack Macs...they’re soooooooo PERFECT”. (Gag)
The truth is always nice.
Do you know ANYTHING about software development and production releases when there's a customer base of tens of millions?
Didn't think so.
Microsoft has the same difficult problem, and they routinely take weeks to produce patches; occasionally they get it down to a couple days in a major emergency. It's the nature of the beast.
I’m talking about the AV scanner and fixing of a machine that was attacked. Not patching the HUGE hole that allows this to happen.
Do you not know in the A/V world virus signature updates need to go out immediately for a new threat? Oh wait, I guess you don’t you use Macs and you thought you didn’t have to worry about such things.
> "You were wrong."
No, I was not wrong -- at that time there were no such things. Now there is one, and I'm not claiming that any more. Do you know how to tell time? You know, like when "A" happens before "B"?
I have work to do, see ya later. Have your fun, I hope it pleases you and your buddies to dance around sounding like fools.
Macs are vulnerable because of growing market share over PC’s. I bought a Mac last December (Christmas gift to myself). Recent figure I heard was that 15 percent of computer users use a Mac. And it’s not just Mac they’re after, these people are gunning for smartphones too.
Yep you were wrong because I have always said once OSX gets a big enough install base they will be attacked and get a virus and be subjected to more types of attacks. Their security model will break...just as it has for the past 4 years in the pwn2own competition...which was a known issue when you made the claims. So the attack did exist you just chose to ignore it and say it hasn’t happened in the wild yet.
A few days is quicker than a few months, which is usually the turnaround time for MS to issue a patch.
Exactly right. I’ve been saying it for years...the bigger the market share they get the more viruses they will get. But the macbots said that’s not true and they were rock solid. Even though 4 years in a row they lost the pwn2own competition where they were the first one hacked.
Real men don't use MAC’s. Only leftist, Che t-shirt wearing, Obama supporting Marxists use MAC’s.
Real men love the sting of battle. Real men love the smell of the napalm of anti virus warfare. Real men know how to use AVG, AdAware, Spybot, and other manly pieces of home computer defense.
Sissies take the easy road and buy a MAC.
Microsoft can say whatever it wants about how secure their product is and how great Windows 7 is. Fact of the matter is Windows 7 is nothing more than Windows Vista Service Pack 4.
Apple users and Apple have talked about the malware attack. I am not doubting that, I reminded my wife/kids to never install anything on the mac - except very intentionally.
And now Apple is gonna come out with a fix to help with a malware attack - that is way cool.
I don’t live under a rock, but I *DO* work for a living, and hadn’t heard about this development.
Fortunately, this was (evidently by your comment) posted more than once, giving folks like myself who do things other than obsess over Macs an opportunity to learn of this new problem.
I don’t hate Macs, but I sure find the snobbery and arrognace inherent in Mac fans quite distasteful and off-putting. I’ll bet Obama (ptui) is a Mac fan: It would suit his self-image.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.