Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Malware Evolves - No Install Password Required

Posted by samzenpus on Thursday May 26, 2011 @03:00AM from the under-the-wire dept.

An anonymous reader writes "The latest versions of the Mac Defender malware attacks no longer require users to enter their admin credentials (username and password) upon install. A threat called 'Mac Guard' installs itself into areas of the Mac OS X system that only require standard user privilege. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases."

2 of 374 comments (clear)

Min score:

Reason:

Sort:

PEBKAC by Hatta · 2011-05-26 03:04 · Score: 4, Informative

This still requires the user to deliberately install the malware. Since it's not compromising the system, but the user, it doesn't need privileges to do this.

--
Give me Classic Slashdot or give me death!
Re:No surprises here by thoromyr · 2011-05-26 03:51 · Score: 4, Informative

not just that, but the sophos article glosses over the fact that you still get
1. an operating system warning about executing a file downloaded from the internet (complete with reference to where it was downloaded from). They mention it in the text, but omit it in their "slideshow" showing the steps to getting infected.
2. an osx installer gui which means it can be canceled
What this is *not* is a hidden and silent install like what is going on with Windows.