Linked by HAL2001 on Thu 19th May 2011 12:10 UTC
Privacy, Security, Encryption "A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it. This time, the name of the rogue AV is Mac Protector, and the downloaded Trojan contains two additional packages. As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password."
Thread beginning with comment 473754
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: We told you so
by HackDefendr on Thu 19th May 2011 16:01 UTC in reply to "We told you so"
HackDefendr
Member since:
2010-05-21

Visualize this: I'm playing a tiny violin for you M$ devoted folks.

As mention by others...this virus still relies on the Mac owner to be running Safari with auto-open safe files enabled.

Guess what...in Chrome for Mac, the file just downloads. Which means now I have the source for this wanna be virus. And now, because I have forwarded that downloaded zip file, all of the anti-virus companies and researchers also have it.

So .. until the hackers can figure out how to trick Mac users beyond a simple download and hope that the user will not only open the file, but run it, and give admin privileges - Mac virus impact are still a long way off in comparison. Oh, I am sure there will be at least one, but comparatively, Mac users are more savvy and don't tend to get caught up in dumb phishing or fake av traps.

On a side note...closing what ever browser you are running stops the Fake AV from running and moving to the download phase.

Jeff

Reply Parent Score: 0

RE[2]: We told you so
by pantheraleo on Thu 19th May 2011 18:32 in reply to "RE: We told you so"
pantheraleo Member since:
2007-03-07

As mention by others...this virus still relies on the Mac owner to be running Safari with auto-open safe files enabled.


Until about two years ago, it was possible to use DNS cache poisoning to trick a Mac into downloading malicious software updates from a bogus update server. Apple's update mechanism didn't properly verify the authenticity of the server it contacted for updates. Apple knew about this vulnerability for years, and did nothing to fix it until it was widely publicized and became very easy to do using a plugin for metasploit.

Also, a couple of years ago, there was a critical vulnerability in Java that allowed applets to break out of the sandbox. Apple didn't patch this vulnerability in their JVM until 8 months after Sun had announced it and patched their own JVM.

So there have been at least two cases in the past that I know of just off the top of my head where it has been possible to target Macs without tricking the user into running an application. One vulnerability was left open for years after it should have been closed. The other was left open for 8 months longer than it should have been.

Reply Parent Score: 4

RE[2]: We told you so
by sparkyERTW on Fri 20th May 2011 12:33 in reply to "RE: We told you so"
sparkyERTW Member since:
2010-06-09

Mac users are more savvy and don't tend to get caught up in dumb phishing or fake av traps.


Are they, now? Hmph, I had no idea, must've missed that memo.

Please pass along the study or studies this information was uncovered, as I would greatly enjoy reading them. Hopefully my tiny pea-brain of a non-Mac user will be able to comprehend it. If I'm lucky, they'll have pretty, colorful pie charts of "savviness".

Reply Parent Score: 1

RE[2]: We told you so
by pantheraleo on Fri 20th May 2011 14:06 in reply to "RE: We told you so"
pantheraleo Member since:
2007-03-07

Mac users are more savvy and don't tend to get caught up in dumb phishing or fake av traps.


Actually, according to more than one security research firm, Mac users are MORE likely to fall for phishing traps than Windows users are. The reason is because Windows users are well aware of these threats and that they need to watch out for them. Mac users, on the other hand, have largely bought into the Apple propaganda and such that their systems are immune from vulnerabilities. And the average Mac user lumps phishing traps right in with viruses and malware, believing their Macs to be immune to phishing traps.

So basically, the average Mac user is more likely to fall for a phishing trap because the average Mac user doesn't even know what a phishing trap is. Hardly what I would call more technically savvy than Windows users.

It also doesn't help that Safari and Apple's Mail.app are about the worst on the market when it comes to detecting phishing traps and providing the users with any kind of warning if something looks suspicious. So Mac users just go along fat, dumb, and happy, unaware of the threats to their systems. And because of that, they are more likely to fall for those threats.

Edited 2011-05-20 14:10 UTC

Reply Parent Score: 2