Apple Support Forums Suggest Malware Explosion

dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on discussions.apple.com is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"

Re:OSX

[zonky]

I realise you're trolling but there are two common malware paths these days: (1) Drive by Downloads - where exploits in things like PDFs, or Flash cause Remote Code Execution on the affected users box, by exploiting flaws in installed software. Hopefully privileged elevation requiriring sudo or UAC will prevent these programs running as admin/root, but often it's just enough that these apps run as a user class. (2) Stupid Users- people who have been trained to download anything from anywhere and just run it. OSX, like Windows, is vulnerable to both, because the software distribution model is totally broken. The app store may help, but i'll still put my trust, for now, in the linux repo model.

Re:Finally!

Finally! I am so sick of smug Mac users talking about how Macs can't get viruses because they're so secure.

Well, this still is no virus... Manually installing malware and typing in the administrator password to do it is bad. But no virus.

Re:Finally!

[0racle]

It's not a virus, it's a trojan. You can't technically fix stupid; users that install everything they see will always be the weakest point in system security.

Re:Macs have never been malware/virus proof

[migla]

>Likewise, if Linux ever became a big contender on the desktop, you would see a surge in Linux rootkits.

Yes. But I think it would be easier to get Linux users to just stay with the repositories of open source code, than to download all kinds of crap from everywhere. Not all users, but a lot of them.
That should disarm the threat somewhat.

Not A Virus

[GFLPraxis]

The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware. It can't propagate itself nor install itself automatically from a web site. People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac. Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.

Re:Not A Virus

[recoiledsnake]

The thing to keep in mind is that this malware going around is a trojan. The user has to enter a username and password to install the malware.

It can't propagate itself nor install itself automatically from a web site.

People are just blindly typing their password to anything asking. Interestingly, it claims to be an antivirus suite and uses SEO to show up on searches for Mac antiviruses per Arstechnica (http://arstechnica.com/apple/news/2011/05/fake-mac-defender-antivirus-app-scams-users-for-money-cc-numbers.ars), so ironically, the people getting infected are people who think they need virus protection on a Mac.

Expect to hear people continuing to proclaim this as the beginning of Mac viruses, however.

I believe that the vast majority of malware targetting Windows also uses social engineering and not exploits. Things like ASLR, sandboxing etc. have made it hard for real exploits so instead the blackhats have gone for things like fake codecs, fake smiley packs and fake antivirus applications. Even granting your point, usually Safari is one of the first to fall in contests like pwn2own which use drive-by exploits and not social engineering.

Tempest in a teapot

[doggo]

Pffft! Whatever.

At work I worry about our Dells running Windows. But not our Red Hat server.

But hey, we use AV on our machines.

At home I don't worry about my Mac.

Much ado about one malware kit. Overblown.

And the air positively reeks in here of anti-Mac schadenfreude. Sour grapes, I say. Xenophobia, I say. Dumbassedness, I say.

What is ZERO to TEN?

[Vitriol+Angst]

When they "explosion", do they mean more than a dozen?

Because if there weren't ANY Malware calls last month, and a dozen script kiddies used the new "Home Malware Kit" du jour,... then indeed, numerically we have an "explosion."

I'd also have to say there are an explosion of explosions as well. Because of course -- last month there were NO explosions, and this month there is ONE.

>> The problems for Apple don't end, however, since the iPad market caught up with back-orders, there has been an IMPLOSION of orders. In other words, less people are buying, than last month.

I think I'll implode and explode my lungs ten times, before I act on this urgent matter, however.

Re:Easy...

[MartinSchou]

How does Linux prevent you from installing bad stuff onto your computer?

The installer asks the user to enter their admin password - and they do. That's why they get infected.

But I'm sure you can explain exactly how Linux' security model prevents a user from using sudo to install rogue programs. And if you can't come up with something better than "the user account shouldn't have have wheel rights", then you need explain how the user is ever going to install useful stuff that requires sudo.

You cannot protect a user from himself - at most you can make it difficult for him.

Re:If they keep taking 8 months to fix security bu

[bonch]

Malware has been "about to explode" on the Macs for the last 10 years according to pundits. People, this is Ed Bott's Microsoft blog. Why are you falling for such obvious flamebait?

I love these dramatic phrases like "about to explode" and "malware explosion."