Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Scareware For the Mac

Posted by kdawson on from the rogue-cleaning-tool dept.

I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."

31 of 301 comments (clear)

  1. gamespot gave it 11 out of 10 by User+956 · · Score: 5, Funny

    With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years.

    I didn't realize Kane & Lynch had been announced for the Mac platform

    --
    The theory of relativity doesn't work right in Arkansas.
  2. Not the smartest journo by MLCT · · Score: 5, Insightful

    The journalist should have visited using a linux livecd. If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware.

    1. Re:Not the smartest journo by Chyeld · · Score: 5, Funny

      Real security experts telnet to port 80 and hand craft their HTTP requests. It's the only way to be sure!

    2. Re:Not the smartest journo by MrKevvy · · Score: 5, Funny

      re: "If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware."

      If the site was detecting the user agent or using some other method of determining platform and delivering targeted malware based on it, I doubt they would have also been delivering a fake Mac scan to a Windows browser as they did in the article.

      --
      -- Insert witty one-liner here. --
    3. Re:Not the smartest journo by Gideon+Fubar · · Score: 4, Funny

      you can't get 56000 through an acoustic coupler..

      --
      http://www.xkcd.com/354/
    4. Re:Not the smartest journo by Phroggy · · Score: 4, Funny

      Get off my lawn!

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    5. Re:Not the smartest journo by halcyon1234 · · Score: 4, Funny

      you can't get 56000 through an acoustic coupler..

      Who needs that newfangled junk. I can whistle at 56k, and do the binary in my head

      --
      UTF-8: There and Back Again
  3. Isn't any "cleaning tool" rogue on a mac? by Anonymous Coward · · Score: 5, Interesting

    The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane. Both the notion that one can reliably detect malware that has already had time to romp with your system and the idea that infection is so routine that there should be tools to be run every few days for it are pretty gross.

    And now we have an example of this fine species showing up on a platform that doesn't really have malware. How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?

  4. Re:Cross platform spyware! by Shados · · Score: 4, Funny

    Write Once, Piss People Off Everywhere?

  5. fixed that for you by joeyspqr · · Score: 5, Funny

    "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Mac so I knew I wouldn't get infected."

    oh wait ...

    --
    +1 fashionably cynical
  6. Yeah and moon is made from.. by Fri13 · · Score: 5, Insightful


    What, you need to download something to your mac and then INSTALL it?

    This kind software has be there long time ago and there is nothing new to see here.
    Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.

    Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.

    1. Re:Yeah and moon is made from.. by willyhill · · Score: 5, Informative
      Come back again when you understand how Windows machines are largely compromised. Crapware vendors don't need to wait for the next IE vulnerability to target people, all they need is social engineering and lack of common sense. The last few major botnet herding attacks have been perpetrated like that. The fastest-spreading worms have been perpetrated like that. Coming a close second is exploiting vulnerabilities that people can't be bothered to patch. Yet all of this has somehow become Microsoft's fault, but in this case I guess it's the user's fault, right?

      Idiocy can and will spread happily across platform boundaries. It really does not matter what OS you are using. And this article proves it. It's just that until now Windows was losing by the weight of sheer numbers. It has more vulnerabilities, sure. But those are irrelevant to the people who make big $$$ compromising machines. They simply don't need them.

      --
      The twitter monologues. Click on my homepage and be amazed.
    2. Re:Yeah and moon is made from.. by postbigbang · · Score: 4, Insightful

      Your comment is somewhat disingenuous. For argument sake you can cite that there are probably an equal number of stupid people buying Macs and PCs, by percentage.

      Now take a look at the architectures. A dozen years of Windows since Win95 has only progressively made Windows more secure, and while better than before, still full of a superfluity of exploits (for differing reasons, again, not counting user "stupidity"). You have to do a lot of work to iteratively get past the gatekeepers in both operating systems; it's not as trivial an exercise as it once was; all the really wide-open machines are 0w3d by someone by now.... as part of a botnet.

      Given a 5-10% of the market for Apple, depending on whom you believe, you're only now seeing a MacOS ruse. Think about that for a moment. Think about both motive and opportunity. Motive we understand. Opportunity hasn't been very strong until now. The weapon? Two decades in to desktop operating systems (three if you count CP/M, UCSD Pascal and so on) we're only now seeing a MacOS exploit. A common denominator among the exploitable: stupidity. Now let's scratch off stupidity and talk about architecture. It's not Microsoft's fault that they used a root-level database (the 'Registry') that could be twigged by any user-mode app in pre-XP SP2? Hmmmm. Or the mindless ways that people found to explode IE? Or the TCP/IP stack? Or how long it took to get a WEP-128 parser and still longer for a WPA parser? Microsoft's sloppy code created an industry, one to fix the code, and another to exploit it. They didn't take security seriously, then paid it only lipservice. They're paying the price in disrespect for not being respectable!

      --
      ---- Teach Peace. It's Cheaper Than War.
  7. Re:the shit hits the fan! by necro2607 · · Score: 5, Informative

    Yeah the difference is, you can't get spyware installed on a Mac by clicking a banner ad in a browser. The software doesn't even have permission to do software installation, so it would be asking for a password (unless some unknown vulnerability is exploited). Frankly if you're entering your password for your computer when some arbitrary website asks for it, you've already got have way worse problems than spyware on your Mac.

  8. Re:the shit hits the fan! by sqlrob · · Score: 4, Informative

    It doesn't take special permissions to put stuff in ~/Applications. It's not done by default, but some users do do it, and Finder supports it.

    Or heck, just put it on the desktop where the user can click it. No special permissions needed. Most .Apps don't need an installer, nor need to be in /Applications.

  9. Re:Wait, why would you even use this? by NewbieProgrammerMan · · Score: 4, Insightful

    Well, assuming Apple's market share is increasing (which I don't know for sure, just taking it as a given for making my point), some significant fraction of those new Mac owners are former PC owners. Many of these people will assume that all the crapware they "needed" for their Windows machine is just part of owning a computer. It's not that there's a problem with a Mac, it's that a lot of people just don't know any better.

    --
    [b.belong('us') for b in bases if b.owner() == 'you']
  10. Re:the shit hits the fan! by jmauro · · Score: 4, Insightful

    But the Applications folder does not run as root, but as the regular user. The malware can only screw up the current users session, it cannot access or modify anything that needs root permissions without asking for the root password. Without root, malware is annoying, but not difficult to get rid of.

  11. Re:the shit hits the fan! by GaryPatterson · · Score: 4, Insightful

    Yes, but if you ask a user what they care more about - the OS or their data - you'll find few who care that they'll have to reinstall the OS. It's an irritant, but easily replaced from the source media.

    Our data is far more critical, making the ~/Applications folder (or the ~/Desktop folder) a dangerous place for executables.

    Of course, in these enlightened days we all have regular backups now or Time-Machine-enabled external drives. Hmm...

  12. double digits? by BeanThere · · Score: 5, Funny

    There are now 10 or more Mac users?

  13. First Scareware? by Macrat · · Score: 5, Funny

    I thought Symantec released the first Scareware for Macs?

  14. Contact Us page changed already by caseih · · Score: 4, Informative

    Looks like they read slashdot. Their "Contact Us" page is already edited now to remove the text copied from Symantec. Now the page doesn't say much of anything at all. No phone numbers, no addresses. Just a bare e-mail address. Hard to believe how scam artists can operate out in the open these days.

  15. Re:Oh no! by Tsiangkun · · Score: 5, Insightful

    I'd prefer to focus on the ZERO self propagating pieces of malware in the wild.

  16. Re:Oh no! by bigstrat2003 · · Score: 4, Insightful

    Doesn't matter. Stupid users trump all possible security measures (except locking them out of the system for their own good, which isn't really feasible), and there's no shortage of them. Until the programmers can prevent stupid users from infecting their systems, it doesn't matter how damn many malware samples there are in the wild, and you have no right to be smug about the security of your OS.

    --
    "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
  17. Re:Oh no! by webmaster404 · · Score: 4, Interesting

    No, it has a couple of advantages.

    1. Privileges, an ordinary user can't mess up the entire system. Unless the user is *really* stupid, they are not root and therefore do not have Write privileges on system-critical files. So even if you ran "rm -rf /" as a normal user, you would only lose the files you had access to and not break the system.

    2. Most software is installed through a repository. Now, I realize that Mac does not by default (although there are projects to port apt-get and the like to it) but most distros of Linux have a way of installing via the repository.

    3. Most first-party OS-X software is at least partly open-source including the key components of the OS such as the Kernel, Browser rendering engine, and some of the other utilities. This adds a layer of protection to prevent programming errors from not being noticed as anyone can look at the code and submit fixes to it. In addition, this adds security by having parts of Safari being looked at to prevent such flaws as drive-by-downloads which were a major problem of IE and a reason many Windows users got infected by malware.

    While it is true that if someone really wanted to mess up OS-X or were just plain stupid they could. However, the chances of Unix breaking from normal usage are far far smaller then those of Windows.

    --
    There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
  18. Hi i'm MacSweeper Developer, listen to me by MacSweeper · · Score: 5, Interesting

    I would like to explain all the situation, about MacSweeper. We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) . The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.
    Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it :((
    I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application.

    You can ask Questions, and i will try to answer them! Thank You!

    1. Re:Hi i'm MacSweeper Developer, listen to me by Lewrker · · Score: 5, Funny

      Dear Sir,
      thank you for make clear mistake. I find myself have found an inheritance of 50 BILLION DOLLARS (AMERICAN). I rely my confidence on your arm in relate your website macsviper.kom be legitimate business as of identity yours will be made clear as mine is, for this I will need your kindest help with transfer five hundred dollars of administration price, for which of as of now I am not in relation available.
      Sincerely yours,
      Ba Ba Baa, Nigeria

    2. Re:Hi i'm MacSweeper Developer, listen to me by MacSweeper · · Score: 4, Funny

      Expecting you to be, next question.

  19. Re:Oh no! by Garridan · · Score: 5, Insightful

    As a linux user, I am under no delusion that my system is "more secure" than a windows box or a mac.

    For me, the worst thing that can possibly happen, is somebody destroys my home directory. Ok, that's easy, if a virus is logged in as me. If they hose my system, so what? I can always re-install linux, that isn't a problem. There aren't any other users. I allow myself access to the internet and to email, so if a virus starts spamming the world, well, that isn't stopped by security policy either.

    What you're talking about is a linux server. There, it's hard to root the machine and cross-infect, sure. But what spreads viruses the most these days is users downloading shit in email and not knowing that their browser just executed something. Linux is *not* more secure. *I* am a user am less prone to viruses because I maintain a strict policy of which sites I use each browser for, where I take cookies from, and I browse sketchy shit only inside vmware and restore from a clean image frequently. But I'm still vulnerable to all sorts of attacks -- if google pushes an ad with linux-targeted malware, for example.

    If you think linux is somehow inherently virus-proof, you're deluding yourself. Using linux on the desktop is the same as using any other desktop system -- if somebody else knows how to make an executable for your system, it's probably vulnerable.

  20. Re:Oh no! by dryeo · · Score: 5, Insightful

    1. Privileges, an ordinary user can't mess up the entire system. Unless the user is *really* stupid, they are not root and therefore do not have Write privileges on system-critical files. So even if you ran "rm -rf /" as a normal user, you would only lose the files you had access to and not break the system. So you figure it is better to only lose your home directory containing everything you care about, email, pictures, personal documents, all your settings like bookmarks etc. As long as the rest of the system, which is easy as hell to reinstall, is not compromised?
    As a desktop user I severely disagree, I'd rather lose everything but ~ and if I'm stupid enough to run malware that malware will have the necessary permissions to delete everything I care about.
    And about opensource being better because people can look at it and find vulnerabilities. Have you ever looked at the Mozilla code? Lots of people have and yet regularly there are new exploits found, some that have been there since the browser was called Mozilla.
    I monitor a few open source applications mailing lists and often when a security vulnerability is found, it has been there a long time. How many more are lurking in that mess of C++ code?
    --
    https://en.wikipedia.org/wiki/Inverted_totalitarianism
  21. Re:Hi i'm MacSweeper Developer by ncryptd · · Score: 5, Informative
    Well... a quick disasm of your binary doesn't show anything blatantly malicious, which is good... but I also don't see anything really useful. Pretty much everything your program does (and much, much more) can be done with OnyX. For free.

    Oh, and you mis-spelled "purchase" in two methods in MacSweeperDaemon. ;-)

    (void) purchaise
    (void) purchaiseThread
    I also noticed you left a somewhat interesting TODO list in the app bundle.

    The binaries have references to KIVViSoftware throughout them -- you wouldn't happen to be one and the same with these guys, would you?

    Disclaimer: I didn't find anything blatantly malicious -- but I only took a quick look. Given the folders that it tinkers around with, any bugs could do some damage to your Mac, so be careful.
  22. Re:Oh no! by novakyu · · Score: 4, Funny

    Stupid users trump all possible security measures (except locking them out of the system for their own good, which isn't really feasible), and there's no shortage of them. It sounds like we need a friendly user helper agent that will remind users that what they are about to do could be dangerous for their data and prevent them from performing such actions. I am thinking that this agent should be enabled by default, cannot be deactivated except by calling customer support to get the deactivation key, and to inspire user confidence, it should look like something that they see everyday. Like a paper clip.