Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton
The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. Its a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.
The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.
Since then a number of variants MacGuard, MacSecurity and MacProtector - have arrived.
According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.
New variant requires no passwords
Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.
The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.
If Safari's "Open safe files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.
If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.
Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed, Intego said in a warning note.
This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.
The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6s Anti-Spyware feature detects this operation:
Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.
Who is gloating?
Also it appears you had your sarcasm recognition gland removed.
You Apple trolls have been saying the same thing for TEN YEARS... and for TEN YEARS it has not happened... and really has not happened yet. This is a particularly effective TROJAN... nothing more. It STILL requires the user to click through an installation procedure to install it... and they can STILL abort that process. It is NOT self installing.
The only difference is that it no longer requires an administrator password IF THE USER IS RUNNING IN AN ADMINISTRATOR ACCOUNT! If the user is running in a standard account it will STILL require an administrator name and password to install.
You would win, hands down, Yehuda. I did a statistical analysis of 21 Mac threads and 21 Windows threads on Freerepublic several years ago and the difference was startling. The number of Windows users coming on the Mac threads and slinging insults, and the level of the insults was something like 13 to 1 greater than the other way around... and the level of virulence was much higher... with the Mac people mostly saying "Get a Mac" in the Windows threads or denigrating the Windows OS... while the PC people were attacking the Mac people personally and insultingly with "Mac users are lying, Gay cultists," who don't know how to use "real computers," and talking about them "sucking" various anatomical parts of Steve Jobs... or how stupid they were to spend their money of toy computers... frequently directly and personally to freepers who dared to merely say the owned a Mac. Until Jim Rob lowered the boom on them, it wasn't any better. . . and on some threads much worse.
Reminds me of a joke I heard 'way back then'.
In Assembly language you tell the computer what to do.
In FORTRAN, you ask it to do things.
In COBOL, you get on your knees and beg.
Yawn.... you make my point for me.
I’m not in a group. I can’t even play a guitar.
I had a feeling that Apple had some basic protections in their latest software, so I was expecting a response such as yours.
Thank you very much for the information. It’s been a while since I have had an Apple ( I still call them MACS), so I am no ‘current expert’.
I agree. Apple users who surf the net (and therefore Apple, and software vendors) will have to ADAPT or PERISH.
It’s a jungle out there!
So, for 10 years you Chicken Littles have been running around screaming the sky is falling about Mac viruses, while we, on the other hand have safely ignored your prognostications of doom and gloom and NOT WASTED our time, money, and computational resources on running antimalware to protect our Mac for those same 10 years, enjoying computing without worry, and FINALLY someone tosses a SINGLE, easily avoidable rock over the fence and YOU are claiming justification for those TEN years??? Even a busted clock is right twice a day and has a better track record than THAT!
This vulnerability will be closed. The signature of this new family of Trojan will be added to Apple's definition file to join the other five and we will return to being much safer than the other platform with it's millions of malware rather than our now fewer than 25. That WILL grow. . . but the fact remains there are still ZERO zero self-replicating, self-transmitting, and self-installing viruses, worms, or other malware in the wild that do not require some user assistance to invade a Mac!
"Mac" or "Macintosh" is still the correct terminology. "Apple" can include iPods, iPads, iPhones, AppleTV, or even fruit. ;^)>
Ain't that sweet of them.
You and your cohort can resume your little juvenile "We Hate Apple, Aren't We Cool" party now.
Isnobs are fun to poke. Their constant (we are so safe) arguments tend to build stories like this to a super duper double ice cream crescendo. Thanks for playing.
> Ain't that sweet of them.
I was merely responding to another poster's false claim that Apple would charge for the update.
>> You and your cohort can resume your little juvenile "We Hate Apple, Aren't We Cool" party now.
> Isnobs are fun to poke. Their constant (we are so safe) arguments tend to build stories like this to a super duper double ice cream crescendo. Thanks for playing.
FRiend, ALL snobs are fun to poke, whether they are Mac fans, Windows fans, or anything else.
I suggest you not shoot your entire wad now, but save your orgasm of Schadenfreude for when the first real virus appears for the Mac, replicating by itself in the wild. You know, like the thousands of real self-replicating viruses that have plagued Windows over the past decade. That will be historic, and that day may yet come.
Until then, this is just yet-another-Trojan social engineering attack on the USER, not the system. You may hurl criticism at Mac users for their complacency or gullibility -- clearly a lot of them have been taken in by this Trojan. Which is to say, they're pretty much like Windows users, who have been doing this for more than a decade.
There are foolish users all over the place, on every platform. Trust me, I know -- I'm a System Administrator and have been been dealing with computers and users since the early 1970's. Computer technology advances in leaps and bounds, but human gullibility remains at a dangerously high level.
And in PASCAL, you dress up in drag, stand on a streetcorner, lisp "Hey big fella!", and have -him- do it for you. Actually that would apply to most of today's wussified high level languages.
If there's not a long list of these yet, there ought to be... :)
And yeah, I write mostly in straight C. That's plenty high enough level for me.
It's amusing, I'll give you that.
The reason I mentioned it is because some freakin GENIUS already tried to SLAM ME for saying MAC instead of APPLE.
Isn't it amazing how these young adults(using the term loosely) who get a MAC because IT'S COOL, and JOE has one, and because only idiots have PC's, and who have only written a few lines of Javascript know EVERYTHING ?
I bet if I said "HYPERCARD", most of them wouldn't even know what I was talking about.
Did you ever get the chance to use a DEC or a VAX ?
Here’s the bottom line on PC’s.
If what you have does what you want, then keep it. If not, get something else (better/faster/easier/whatever).
The MAIN consideration for any user should be “WHAT AM I GOING TO USE THIS FOR”?
If you can answer that adequately, then you can find the BEST computer for YOU.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.