Malware attack specifically targets Mac users

I understand, Thanks.

 

Looks Like Eset User's should be protected from it as per this update: http://www.eset.eu/podpora/aktualizacia-6103?lng=en

 

Crying wolf? Apple support forums confirm malware explosion
http://www.zdnet.com/blog/bott/cryi...alware-explosion/3351?tag=mantle_skin;content

 

An AppleCare support rep talks: Mac malware is "getting worse"
http://www.zdnet.com/blog/bott/an-a...is-getting-worse/3342?tag=mantle_skin;content

 

As a former Mac user its always interesting to me to see how people respond to new Mac security issues.

Its beyond doubt to say that malware is no where near as much of a threat to OSX users as it is to Windows users - statistically less than 1% by any measure.

For some Mac users the suggestion that their Mac might not be totally invincible to malware is the worst thing you could ever suggest. Its not uncommon to overhear assistants in the Apple store dismiss customer queries about Anti Virus software for macs by saying 'Oh, its not like Windows you don't need to worry about that'.

Equally whenever these Trojan attacks appear some Windows users will jump up and down with glee, seemingly convinced that this 'proves' that Macs are just as vulnerable to malware as Windows.

Of course neither position is true - these trojans are attacks target the real weak point - the user.

What surprises me is that these attacks on OSX are not more common. There are a lot of unprotected Macs out there. They are just as likely to enter their admin password as Windows users, yet where the Windows user can rely on his faviourite AV/Sandbox/HIPs solution, the Mac user is pretty much on his own - he downloads the trojan thinking he's getting photoshop for free, enters password, and bang - pwned.

The solution is that no user, Windows, OSX or Linux, should assume invulnerability. Everyone should try to stay safe - keep things upto date, don't click links you are unsure about, avoid 'unsafe' sites, stop and think whenever you are prompted to authorise something, consider blocking ads in your browser and so on.

 

OK...and now somthing "new" (?)
"Apple is actively conducting an internal investigation into the Mac Defender malware attack I wrote about yesterday (here and here). An internal document with a Last Modified date of Monday, May 16, 2011 notes that this is an “Issue/Investigation In Progress.”
The document (shown below) provides specific instructions for support personnel to follow when dealing with a customer who has called AppleCare to request help with this specific attack.(...)

There are two different resolution paths, depending on whether the customer says Mac Defender / Mac Security has or has not been installed.

According to this document, if the caller says he or she has not installed the software, the support rep should “suggest they quit the installer and delete the software immediately.” That is followed by this disclaimer:

AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.

If the software is already installed, support personnel are instructed to make sure all security updates have been installed using Software Update. They are then to direct the customer to the “What is Malware?” Help document using Finder. The final step is clear:

Explain that Apple does not make recommendations for specific software to assist in removing malware. The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options.

Finally, that is followed by these four bullet points.

Important:

Do not confirm or deny that any such software has been installed.
Do not attempt to remove or uninstall any malware software.
Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.

Apple has not responded to a request for comment on the ongoing Mac Defender attack or this policy."
http://www.zdnet.com/blog/bott/appl...ot-attempt-to-remove-malware/3362?tag=nl.e539
Some comment is needed?

 

I just read this

http://www.zdnet.com/blog/bott/crying-wolf-apple-support-forums-confirm-malware-explosion/3351?pg=1

Dissappointing to see John Gruger of Daring firewall accusing people of crying Wolf when they report on this.

The fact is that this IS affecting people - it might not be on the scale of a Windows attack, but simply dismissing the victims as liars or idiots only makes it worse.

It would be helpful if Daring Fireball could update their statement, rather then perperuating the stupid and dangerous lie that macs are totally invulnerable.

 

INTEGO SECURITY MEMO – New Mac Defender Variant, MacGuard, Doesn’t Require Password for Installation

 

MacProtector: Rogue of the Week At the WebRoot threat blog!

 

Apparently it does require a password and the people reporting it aren't properly fact checking.

 

I noticed these comments from Mac users from last week:

MacDefender ups the ante with removing the password need for installation
http://isc.sans.edu/diary.html?storyid=10927

And from an earlier Diary:

 

"New Apple antivirus signatures bypassed within hours by malware authors
Update June 1, 6:00AM PDT: The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released."
http://www.zdnet.com/blog/bott/new-...rs-by-malware-authors-update/3396?tag=nl.e539

"Hello Mac OS X users, welcome to the world of daily malware signature updates."

 

It still can't install without a password (despite what some sites are reporting) so this isn't a big issue for apple.