The Mac’s Malware Problem Just Got A Lot Worse
By Ed Oswald | Wednesday, May 25, 2011 at 7:00 pm
Apple may have thought that its statement yesterday would get the Mac Defender mess under control. But the malware is back under a new name–MacGuard–and in a more dangerous form.
ZDNet blogger Ed Bott, who’s known more for his reporting on Microsoft than on anything Apple, has been hot on this story since the get go. He reported Wednesday that as if on cue the Mac Defender creators have released a new version of the malware application that requires no password at all to install.
See, Mac users -including myself–have accurately pointed out that basically all attempted malware for the Mac required the user to enter the administrative password. If you did that, it was your own stupid fault for getting infected. With MacGuard, it’s completely different.
Here’s how these malware purveyors are getting around this: the application is now installing a downloader directly to the Applications folder, which requires no password and only clicking “Continue” to begin the install as long as you’re logged in as an Administrator.
Most Mac users are, since that’s the default OS X account. After that, the downloader automatically retrieves and installs MacGuard, which is almost the same as its earlier cousin Mac Defender.
Now with this taken care of, all that seemingly is left is these folks figuring out a way to fool the operating system into thinking that “Continue” button was pressed automatically, and you’d have malware on your Mac with no human intervention at all. Certainly now the malware problem from Apple has gone from an annoyance to a serious issue. Apple can no longer wait three weeks to address issues like this, like it seemingly did with Mac Defender.
Could Apple be headed for a repeat of the dark days of Windows in the early part of last decade where Microsoft ended up always being a step behind the attackers? Could be. The Mac Defender folks are proving there are ways into Mac OS, no matter what the Apple apologists may say.
I still agree that overall, OS X is a lot safer of an operating system than Windows will ever be, largely due to the fact that Microsoft must deal with a lot more legacy code than Apple does. Creaky old code is often the way in for these attackers.
I’d be interested in hearing from users running into MacGuard in the wild. If you see it, let us know here so we can stay on top of this story.
46 Comments
Read more:
46 Comments For This Post
May 25th, 2011 at 7:50 pm
"OS X is a lot safer of an operating system than Windows".
Did you read that even once before posting this? Or does you brain throw up vomit like this frequently?
Try: "OS-X is a lot safer than Windows".
Or" "OS-X is a much safer operating system than Windows".
Or, more correctly; "OS-X is just Linux with a skin, and doesn't do much of anything, at any time, unless Steve Jobs thinks you should be able to."
May 25th, 2011 at 8:34 pm
OSX isn't linux at all. OSX is built on top of darwin, which is somewhat of a mix of BSD and Mach.
Linux was a minix clone that ended up being extremely popular with people who know their way around computers.
May 26th, 2011 at 12:12 am
The 'Linux with a Skin' remark must be the funniest thing I've heard in ages. What's up with Mac-haters who just oversimplify everything and then need to make a reference to Steve Jobs? Steve Jobs didin't write the operating system, smart people like Bertrand Serlet did a lot of that work. Steve has nothing to really do with it, except he'de be the one saying 'I don't like how this works' and 'Thi is too slow, fix it'. Steve Jobs is Apple's number one proto-consumer, the guy who judges relentlessly as if he was the consumer itself. But he has nothing to do with the operating system, except being CEO of the company.
Everytime I read somebody saying some oversimplified thing and then saying 'Steve Jobs', well, what I read is 'Blablabla I wish Ballmer was Jobs, but since he isn't I hate Jobs'. It just sounds cynical. Like Microsoft has the best and most original OS ever.
Here's another problem in the security market Apple does not have: because OS X is a (for the sake of argument) 'Linux' with a skin, at least Linux is open source. If someone exploits a Linux-error for malicious attacks, millions of open software developers around the world try to find a solution to patch it. But microsoft is completely closed-source, and must find a solution within it's hundreds of employees, wich makes the processmuch harder. Now, Mac OS X isn't Linux, but it's filled with open-source components like Mach, BSD and Unix (don't confuse that with Linux! Unix is much older, much more robust and Linux sort-off builds on the same principle).
May 26th, 2011 at 3:41 am
Always wonderful to see posters with a superiority complex declare something that demonstrates a fundamental misunderstanding of the subject they're bleating about.
OSX is not "just Linux", or even Linux in any shape or form. It's – and I say this as a Windows user, by choice – also not at all locked down in the fashion you suggest. There's nothing to stop you installing programs entirely beyond Apple's reach. Try not to confuse iOS and OSX, it's not too tricky.
May 26th, 2011 at 5:18 am
What was that you were saying about a superiority complex?
May 26th, 2011 at 8:14 am
its a unix shell.. please don't confuse the two.
May 26th, 2011 at 1:58 pm
I'm always amazed at the amount of people who tell me I can't do anything on my Mac. There is exactly nothing that I want to do (email and the Internet (which is 90% of what I do on a computer), storing, editing, managing my photo collection, managing and listening to my music, watching DVDs, etc.) These were all things I did on my old Windows and Ubuntu PCs and can do just as well (better in my opinion) on my new Mac. The only exception is commercial gaming which has pretty lousy selection on the Mac, but I bought an Xbox years ago because I didn't want to bother anymore with the endless cycle of driver updates, DirectX updates, upgrading graphics cards, etc. that it involved.
This is just rabid fanboyism.
June 6th, 2011 at 1:50 pm
WOW, You sir are dumb. I hope you never post anything anywhere ever again. Ever.
Linux with a skin…Wow. Maybe you should stick to posting on topics you know something or anything about.
May 26th, 2011 at 12:06 am
As of today, we have a 'security problem' on mac, yes. But I do have to wonder: if Apple just deletes the option to 'open safe files', then what other attack vectors remain for this virus? I'm pretty sure if Apple turns of the option in the first place in the next software update, all users would be protected.
Also important: this is a phishing scam, wich means it doesn't do anything menacing untill you start feeding it information…
May 26th, 2011 at 6:06 am
The attack vector that remains is the Trojan horse.
May 26th, 2011 at 1:36 am
Hi,
I am someone with extensive knowledge about malware, backdoors and system security,
OSX isnt more secure then windows7, Linux isnt more secure then windows7. Linux with grsec is more secure then either osx or windows7 (where secure means how hard it would be to trick it to execute code).
OSX is not targeted a lot for a good reason, OSX has just reached the user base needed for a malware operation to be viable, but noone wants to be first out. if "Mac defender" was a windows malware it wouldn't have been mentioned nowhere except for virus bullentin updates that noone reads because its very basic and not that advanced, this is bad for malware-authors as they want as little of publicity as possible so no one wants to be first to bring their tools to OSX. once the news is over malware will come to OSX and it will come down hard, noone got any anti-virus here.
OSX has had a public security hole in its java-version, available to exploit via browsers for over 6 months, there should be a fair amount of backdoored macs waiting for malware payload out there.
May 26th, 2011 at 1:41 am
just to clarify, previous versions of windows have had horrible security models, with win7 they actually got it right.
May 26th, 2011 at 1:50 am
Learn proper grammar, idiot, then I'll read the rest of your paragraph.
May 26th, 2011 at 2:07 am
English is not my first, or second, language. sorry that my ignorance offended you.
May 26th, 2011 at 4:47 am
You do not need to apologize to him.
May 26th, 2011 at 6:44 am
Seriously, that guy is a dick.
May 26th, 2011 at 3:06 am
Cock
May 26th, 2011 at 7:22 am
Technically, they got it right with Vista (Windows NT 6.0). Windows 7 (NT 6.1) is just a polish release without any of the major architectural changes Vista brought.
May 26th, 2011 at 6:10 am
Good thing some of the 29a guys of old didn't take an interest…
May 26th, 2011 at 8:50 am
Must have struck a nerve with a Mac fan boi with the 29a comment…
May 26th, 2011 at 2:52 am
With a support initiative from Apple regarding how to avoid or remove MAC Defender malware from Mac OS X which will deliver a software update that will automatically identify and remove the dreaded Mac Defender malware and its known variants. Though, this manual removal instruction is a note worthy move from Apple, it is just a short term solution. As the variants get more complex and new malware surfaces, patching up the infected parts is surely a tough task for Apple engineers. Mac Defender is now termed as a Trojan and thus, with more time and intelligence invested, such malwares intrusions shall be terminated.
May 26th, 2011 at 3:17 am
I got the MacDefender attack six times in the last week. Of course, all I needed to do was simply NOT INSTALL IT and that was the end of that.
I have NEVER used an anti-virus software since switching to OSX from OS9 some ten years ago. And I am a coder who spends 10+ a day downloading open source projects ranging from the most obscure to the most well known. And I am also a guy who, as most guys, like me some porn from time to time.
Now and again I get a little paranoid so I run Clam AV just to check….and I decided to do it again this week just to check.
THE RESULTS:
Mac OS X – Snow Leopard (my primary system):
Windows Trojans Horses: 32. Most from email attachments from Windows documents like Word or Excell.
WIndows Viruses: 17. Most from email attachments from Windows documents like Word or Excell.
Mac Trojan Horses: 0
Mac Viruses: 0
I also run antivirus software in all my virtual boxes (in which I use no anti-virus software) just to check.
THE RESULTS:
UBUNTU (primary linux box): 19 Windows trojans horses and 7 viruses. Most from email attachments from Windows documents like Word or Excell.
No Linux viruses or trojan horses.
CENTOS (primary linux box): 8 Windows trojan horses and 3 viruses. . Most from email attachments from Windows documents like Word or Excell.
No Linux viruses or trojan horses.
MAC Server: No viruses of any kind.
Windows XP: 19 trojan horses and 12 viruses. Most of them from malware and infected downloaded files.
Windows 7: 6 trojan horses. Most of them from malware and infected downloaded files.
To be fair, I only use Windows systems for checking CSS layouts, HTML5 code and sites and some silly things like runing EXE files from DAZ or Poser installer products which I often get from partners when doing 3D medical animations. I have no important information in them, use no emails and are not networked with the main OS so no volumes are accessible, reasons why I do not run any antivirus in them.
Mac OS server I only installed once just to check it out, never really use it.
CONCLUSIONS:
A) The hysteria over this latest malware attack is way, way, way overblown, fueled mostly by PC fanboys and technical writers looking to score hits for their sites.
B) Windows users are still the origin and source of most REAL viruses and trojan horses (not social engineered malware), which apparently they pass around like the common cold.
C) Non-technical users are still the weak link regardless of which OS you are suing.
D) Any NIX-based system is far less likely to get infected with a virus than WIndows.
And now back to bash because I got a code freeze upon me and lots of GIT repos to update.
Laters Haters.
May 27th, 2011 at 10:50 am
…so many viruses…..wonder how u get so many, anyway, I run Win7, got an infection like 3 months ago, to clean the thing I just deleted the culprit file other than that I get no viruses, oh and I use Win7
May 26th, 2011 at 3:29 am
In all honesty if apple truly considered security a priority they would not default their firewall to off out of he box, even in their newest snow leopard.
May 26th, 2011 at 4:28 am
It's weak security to make the admin account the default account for users. Even this variant of the "attack" would be harmless if users were running as a non-privileged "regular" user. This is a practice that the Mac community should encourage.
May 26th, 2011 at 4:35 am
as a hacker, I'd much rather be hacking into a linux/Mac than windows, any day.
May 26th, 2011 at 5:38 am
Why does everyone keep saying this is about marketshare? Before this MacDefender thing, there were zero (that's a '0') threats that macs should be afraid of, even though macs had a marketshare of 5-6% worldwide for years. It's not about marketshare, though I'm not saying it doesn't play into this.
My guess is that it's those machaters who wanted to prove something. You know, now they can come over all cocky and say that macs aren't more secure. Even though every system is vulnerable, I still believe the mac is more secure – but that's by design. There's no legacy code here, there's a lot of open-source AND, and this one is important, there's no anti-virus industry on mac. It's something I believe Apple will not hand off. They have a system to secure any threat (like they will do with the next software update) and I'm sure that Apple will not allow a market of anti-virus appear on the mac.
Microsoft has a problem here – they have a very good anti-virus application for Windows 7 (Windows Security Essentials), but they can't bundle it because it would be anti-competitive, even though the virusses get into Windows because of faults on their part. Microsoft could make Windows more secure by default, but that would trigger anti-trust and monopoly abuse all over again, although I find that in this case Microsoft has all th rights to close the security holes in their products. But some idiots built their market on the assumption that Microsoft makes a buggy system… It's just plain stupid. So Apple will have their own solution and will protect their own users. They will never advise anyone to buy a product from someone else to make them safe. That's why I like the macs security, because I know the system vendor at least can do something about it.
May 26th, 2011 at 6:24 am
Why? Because malware is now about $. Spreading from like OS to like OS is difficult if the OS has a small % of total users, or even targeting in the 1st place. The paradigm shifted to this by '04.
That is why it is about marketshare. Back when Apple was a more prominent player, Hypercard was a large vector. Does this answer your question?
May 26th, 2011 at 3:10 pm
OS X, or Mac OS X, still has a small %. Maybe it's shifting because it's moving to a lucrative market – namely, a market where it's proven people pay for stuff. But that's not market share at all. If it's hard to move from OS to OS, then Mac OS wouldn't have this problem right now. Is this a reply to your question, -72?
May 27th, 2011 at 7:28 am
Nope. You didn't read and understand my 1st reply. You need to actually study the some internet based malware code in order to really grasp the situation I'm afraid.
May 26th, 2011 at 6:26 am
After 20+ years with Mac and Windows, I trust MacOSX more for security due to its BSD UNIX architecture, not "security by obscurity". Logging in as a user (vs. admin), not autorunning downloaded apps (a browser preference) and not installing suspicious apps is 95% of the battle. Running an AntiVirus software (re Sophos) is the other 5%.
Have NEVER had a malware issue in 10 years of MacOS use. Not one.
May 26th, 2011 at 6:27 am
Correct. Almost no one writes for the Apple. Why would they? Not enough to get an ROI.
May 26th, 2011 at 6:39 am
Well, it depends. While Macs don't have the overall numbers (zombie nets, etc.) stats show (PC users, don't take offense here) that Mac users are generally higher on the economic scale. That means their financial data/access is very desirable. Mac users are also less malware savvy (for the time being) so they're ripe targets in that regard.
May 26th, 2011 at 10:39 am
None of those things are Mac-exclusive. Win7x64 is, at this point, a more secure environment than OSX if only for its extensive sandboxing and solid ASLR scheme. There's a reason OSX/Safari have been consistently falling first at the Pwn2Own Events.
May 26th, 2011 at 6:57 am
that the apple ios platform could be rooted with a pdf exploit, and later a safari exploit, should be warning enough of the vulnerabilities of any operating system regardless of the branding. these exploits were intended to get to the system level of the device, but not to do harm. it's only a matter of time that similarly obsessive minds will find holes in osx, but with a malicious intent.
May 26th, 2011 at 3:12 pm
Rooted only when connected to hardware, not rooted when connected to the internet. There's still a big difference between what dangers there are online, and what things you inflict yourselves offline.
May 26th, 2011 at 7:13 am
I don't like Macs for its monopoly approach to their brand/OS/hardware, willing to deal with "creaky code"/viruses rather than that.
May 26th, 2011 at 7:25 am
What monopolies does Apple have or have been legally declared to have? OS? Hardly, they are less than 10 percent. Hardware, they get outsold in almost any device and there is nothing wrong with that so long as there is ample competition which there is. As far as brands are concerned, they are supposed to have a monopoly on that.
May 26th, 2011 at 3:13 pm
Their Brand/OS/Hardware are interdepent, wich means they are all related. It's the reason for the macs succes – hardware works with software. It's different on the other side, where you kind-of have to hope Microsoft supports it, or else you're stuck with your hardware vendors crap. On Mac, you buy a mac, it supports all the hardware. So easy.
June 5th, 2011 at 9:58 am
I just LOVE hearing a Windows user complaining that Apple is a monopolist! Anything said from that point on is easy to put in its right perspective.
May 26th, 2011 at 7:50 am
It has so much less to do with the OS than is has to do with the users. Once Apple's market share increases so will the ID 10 t s.
May 26th, 2011 at 9:00 pm
Emperor Jobs will dispatch his forces and crush this rebellion. Don't F$%# with Apple or you might get blasted loc!
May 27th, 2011 at 7:35 am
wohhhh… this is the fifth website I've been into today that talked about the worsening Mac malware problem. What's with Mac (and Apple in general) that they have been the hackers' favorite target?
In my personal opinion, I think it's ego. We all know that Mac has been invulnerable in the past. And this made many hackers to be challenged.
This is just the beginning as more and more malware and scareware attacks will be happening soon. The hackers were just stretching their legs. The good thing about this incident? This will make Apple design a more secure and reliable OS in the future.
June 5th, 2011 at 10:15 am
I find it laughable – millions of Windows users, millions of Windows viruses, malware, adware, trojans, worms, etc., yet so many of these users commenting on forums such as this that they've (almost) never, ever had a virus. Now perhaps they're right, but the statistics state that if so they are in the absolute minority of Windows users.
Just let me know of the first botnet consisting of millions of Macs and THEN I'll reconsider the threat posed to Macs by viruses and their ilk. Makes me wonder also how many of these virus-free WIndows users have had the ownership of their computers subverted by botnet masters without ever being aware of said fact.
July 26th, 2011 at 10:15 pm
It's not so much that OSX is safer than Windows (which is not a point I'm arguing right now), but that less people use a Mac, so they are less targeted right now. As iPads and the like become more popular, the more malware that targets them will appear. After all, if someone was wanting to get details/damage computers for fun, they'd want to target the largest number of machines at once.
January 1st, 2012 at 8:35 am
Well duh. Of course the effort invested in Mac malware development is directly correlated to the market share of Apple. How could it not be? If malware hackers, like commercial developers desire maximum user coverage, then of course, greater availability of their product is required. Therefore the platform with the greatest number of users would generate the greatest amount of interest in malicious hackers. Hence more malware development efforts for that platform, with eventual successes. Coversely, a platform with far fewer users would mean fewer malware developers. But as the popularity of less-favored platform grows, so would the interest of hackers, resulting in increasing hacker efforts, and eventual vulnerability discoveries with their related expoits. Of course, usually, as platforms mature, upgrades and updates take place, potentially intoducing new vulnerabilities, while closing others. In other words, increased popularity of a given platform brings increased hacking interest and efforts, with more need for security concerns. Unless Apple developers truly are modern-day gods, but there's always that surefire killer, hubris. – totochto…