Apple Snubs Security Firm That Spotted Mac Botnet

← Back to Stories (view on slashdot.org)

Apple Snubs Security Firm That Spotted Mac Botnet

Posted by Soulskill on Tuesday April 10, 2012 @05:48AM from the doesn't-play-well-with-others dept.

Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"

95 of 409 comments (clear)

Min score:

Reason:

Sort:

Mac's don't get malware by crazyjj · 2012-04-10 05:48 · Score: 5, Funny

Why would they communicate with a supposed security researcher who doesn't even know that?

--
What political party do you join when you don't like Bible-thumpers *or* hippies?
1. Re:Mac's don't get malware by jesseck · 2012-04-10 06:07 · Score: 5, Informative
  
  Can you please provide any links to folks that have claimed that Macs dont' get malware?
  Here you go:
  Mac Commercial (produced by Apple) and Apple's own webpage
  And yes, "viruses" are not the only kind of malware out there- most people on /. know that. But no one else in my family does, and neither do the vast majority of people those two examples target for marketing. Apple's claim that Mac's don't get "viruses", in my mom's mind, equate to "Apple's don't have malware".
2. Re:Mac's don't get malware by Dunbal · 2012-04-10 06:07 · Score: 2
  
  Can you please provide any links to folks that have claimed that Macs dont' get malware?
  PC's get viruses..., the implication that Macs don't. There are plenty more examples although I am sure Apple has never been foolish enough to state outright that Mac's don't get malware the implication is clear often enough. And do your own fucking homework.
  
  --
  Seven puppies were harmed during the making of this post.
3. Re:Mac's don't get malware by Anonymous Coward · 2012-04-10 06:11 · Score: 4, Informative
  
  http://www.apple.com/why-mac/better-os/#viruses
  
  Safeguard your data. By doing nothing. With virtually no effort on your part, OS X defends against viruses and other malicious applications, or malware. For example, it thwarts hackers through a technique called “sandboxing” — restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch. With FileVault 2, your data is safe and secure — even if it falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AESW 128 encryption. Initial encryption is fast and unobtrusive. It can also encrypt any removable drive, helping you secure Time Machine backups or other external drives with ease. Other automatic security features include Library Randomization, which prevents malicious commands from finding their targets, and Execute Disable, which protects the memory in your Mac from attacks. Download with peace of mind. Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise. That’s why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, OS X alerts you, then warns you the first time you open one.
4. Re:Mac's don't get malware by CharmElCheikh · 2012-04-10 06:29 · Score: 5, Insightful
  
  Well in all "honesty" apple's own webpage says "it doesn't get PC viruses". Technically, it doesn't; it gets Mac malware. But I know, it isn't honest, hence my first quotes, and to most people that does mean that "it doesn't get anything bad, unlike that stupid windows thingy".
  
  --
  My /. user ID is probably higher than yours
5. Re:Mac's don't get malware by SJHillman · 2012-04-10 06:30 · Score: 5, Insightful
  
  From Mac's website: "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in OS X Lion that keep you safe, without any work on your part."
  1) No shit a Mac isn't susceptible to PC viruses. PC's aren't susceptible to Mac-only malware either
  2) In this case, my car isn't susceptible to Windows-based viruses thanks to built-in defenses of it's windshield. Viruses weren't written for my windshield, so that counts as a built-in defense, right?
6. Re:Mac's don't get malware by s.petry · 2012-04-10 06:38 · Score: 4, Insightful
  
  The AV software for Apple is the same as it was for Unix and Linux. It was not that PC viruses could infect *nix. Microsoft, Norton, and McCaffee, were using propaganda marketing telling people that *nix file servers could not clean up viruses like a NT file server could and were dangerous since they could house viruses causing Windows to become infected. Since most VPs are dumb enough not to understand the unimportance of that marketing ploy, a lot of AV products sprung up for *nix and iOS.
  Many of the vendors still produce AV software for OSes that don't really need it for that reason. I'll bet you can still find iOS AV software for a fee, the PT Barnum theory works as well today as it did when he was alive.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
7. Re:Mac's don't get malware by bhcompy · 2012-04-10 07:06 · Score: 4, Informative
  
  Macs are PCs. Don't tell me they're mainframes.
8. Re:Mac's don't get malware by fustakrakich · 2012-04-10 07:07 · Score: 5, Funny
  
  Yes, but debugging your windshield is still necessary every once in a while
  
  --
  “He’s not deformed, he’s just drunk!”
9. Re:Mac's don't get malware by forkfail · 2012-04-10 07:11 · Score: 4, Insightful
  
  Unless you happen to be one of the 600,000 who clicked on a bogus/rigged link on a spoofed site and got this Flashback Trojan installed.
  
  --
  Check your premises.
10. Re:Mac's don't get malware by Tyr07 · 2012-04-10 07:12 · Score: 3, Interesting
  
  My calculator doesn't get viruses either.
  It's similar to a mac in many ways.
  My calculator is also fkng useless for most day to day IT needs.
  Who cares if it can't get a virus.
11. Re:Mac's don't get malware by pulski · 2012-04-10 07:13 · Score: 4, Informative
  
  You're right how dare they, "get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit."?
  "According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com."
  Source: http://news.drweb.com/?i=2341&c=5&lng=en&p=0
  Gotta be careful downloading all of that "kracked shit" from manufacturer's own websites.
12. Re:Mac's don't get malware by forkfail · 2012-04-10 07:20 · Score: 5, Informative
  
  Also:
  
  As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
  From here:
  http://www.pcmag.com/article2/0,2817,2402641,00.asp
  So - yes, it required a trojan-esque password entry to fully activate, but it installed and was active even without it. Which means that it was probably ready and waiting for the next legitimate use of a password entry.
  Your walled garden has been breached, and instead of putting your head in the sand, perhaps you'd better wake up to the fact that yes, security really is, at the end of the day, the user/owner's responsibility.
  
  --
  Check your premises.
13. Re:Mac's don't get malware by Cro+Magnon · 2012-04-10 07:48 · Score: 5, Funny
  
  I guess you don't use Windows Calculator?
  
  --
  Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
14. Re:Mac's don't get malware by Bobfrankly1 · 2012-04-10 07:58 · Score: 5, Interesting
  
  Macs are PCs. Don't tell me they're mainframes.
  Ever seen the ads that begin with: "I'm a Mac" "I'm a PC"
  Apple seems to think that Macs are not PCs
  Yes, but the Reality Distortion Field has been decreasing in strength as of late. Apple's own moderation of Java updates allowed this one to flourish, the Apple devout can't pass the buck onto another vendor this time. It's foolish to presume that a large installed base of users unconcerned with security would go ignored forever.
15. Re:Mac's don't get malware by fuzzyfuzzyfungus · 2012-04-10 08:03 · Score: 5, Informative
  
  Pre OSX MacOS, while it may have gotten raves for friendliness, and was somewhat less bug riddled, was architecturally more or less a toy OS compared to almost anything contemporary. The ecosystem wasn't as large, and the distribution vectors markedly less efficient; but the Mac malware was out there.
16. Re:Mac's don't get malware by 517714 · 2012-04-10 08:05 · Score: 2, Interesting
  
  Unless you happen to be one of the million or more who clicked on a bogus/rigged link on a spoofed site and got this Flashback Trojan installed.
  FTFY
  The majority of Macs have one of the cheap/free pieces of software that prevented this trojan from installing - Little Snitch, Xcode, VirusBarrier X6, iAntiVirus, avast!, ClamXav, HTTPScoop, Packet Peeper. I said have rather than run as it is sufficient that the path to the application existed, and the application did not need to be running.
  
  --
  The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
17. Re:Mac's don't get malware by Bill,+Shooter+of+Bul · 2012-04-10 08:08 · Score: 2
  
  But Macs are PCs.
  Jobs said so..
  http://technologizer.com/2010/12/16/apples-mac-store-is-a-go-and-the-mac-is-a-pc/
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
18. Re:Mac's don't get malware by Bill,+Shooter+of+Bul · 2012-04-10 08:09 · Score: 3, Informative
  
  Apple does believe macs are PCs.
  http://technologizer.com/2010/12/16/apples-mac-store-is-a-go-and-the-mac-is-a-pc/
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
19. Re:Mac's don't get malware by Anonymous Coward · 2012-04-10 08:13 · Score: 2, Interesting
  
  A mac is a PC. personal Computer. Jesus H Christ.
20. Re:Mac's don't get malware by mcgrew · 2012-04-10 08:52 · Score: 2
  WAY too many people saying what you're saying for this to still be a nerd site.
  
  Macs ARE PCs; PC stands for "personal computer".
  Macs don't get viruses. They do, however, get trojans like any other OS.
  Virus == malware, but malware !=virus. I don't expect muggles to understand this, but it saddens me that anybody posting at slashdot would be ignorant about it.
  --
  Free Martian Whores!
21. Re:Mac's don't get malware by durrr · 2012-04-10 08:54 · Score: 4, Insightful
  
  The reason they don't know about Apples antivirus group is that it's the same one as their legal department. Operating on the basis that if people can't see or hear or know about viruses and botnets, then they don't exist.
22. Re:Mac's don't get malware by spongman · 2012-04-10 09:06 · Score: 5, Funny
  
  mac's aren't PCs. they're crystallized mana from heaven.
23. Re:Mac's don't get malware by Anonymous Coward · 2012-04-10 09:07 · Score: 5, Insightful
  
  Well in all "honesty" apple's own webpage says "it doesn't get PC viruses". Technically, it doesn't.
  Technically, it does. PC stands for Personal Computer, not Windows machine. Macs, just like Linux and Windows boxes are PCs. Since Apple are trying to use pedantry to obfuscate, holding them to definition of a PC is only fair, which puts them squarely back in the realm of lying.
24. Re:Mac's don't get malware by VGPowerlord · 2012-04-10 09:13 · Score: 4, Interesting
  
  I guess you don't use Windows Calculator?
  No, because I prefer that the (square root of 4) minus 2 to equal 0, not -8.1648465955514287168521180122928e-39
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
25. Re:Mac's don't get malware by Ihmhi · 2012-04-10 09:14 · Score: 5, Funny
  
  Honestly, the best way to debug a windshield is a full wipe.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
26. Re:Mac's don't get malware by AmiMoJo · 2012-04-10 09:47 · Score: 3
  
  If you want to be picky then Bootcamp is an official Apple product that allows you to run Windows, and by extension Windows viruses. It can also run Linux, and by extension the tiny number of mostly proof-of-concept Linux viruses.
  Actually you can run various vulnerable software directly on MacOS, such as older versions of Safari or Apache.
  Apple claimed there were no viruses. There are viruses. You are dancing on the head of a pin.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
27. Re:Mac's don't get malware by Angostura · 2012-04-10 10:03 · Score: 3, Informative
  
  Cast your mind back to the early 1980s, the era of the Commodore PET, the ZX81, the TRS 80. They were all personal computers, known as PCs. Then in 1981 IBM launched the IBM PC and swiftly manufacturers sprung up selling IBM PC compatibles. Within a year the letters PC had developed dual connotations - personal computer and PC compatible - compatible with the IBM PC. This duality of meaning has survived to today, so while you can (correctly) fulminate that the Mac is a PC, others will (correctly) fulminate that it isn't. You'll have to get used to that, I'm afraid.
28. Re:Mac's don't get malware by marcosdumay · 2012-04-10 10:16 · Score: 3, Interesting
  
  So, it acts like a scientific calculator and doesn't do rounding. What do you expect it to do, your computer returns that same value if you code that in C.
  
  --
  Rethinking email
29. Re:Mac's don't get malware by StikyPad · 2012-04-10 10:29 · Score: 2
  
  Well in all "honesty" apple's own webpage says "it doesn't get PC viruses". Technically, it doesn't; it gets Mac malware.
  Technically Macs are Personal Computers, so yes, they get PC viruses (or malware). They may not be subject to *Windows* viruses (if they're not running Windows in a dual-boot or VM configuration), but Windows isn't a PC anyway, it's an OS.
  
  --
  https://www.eff.org/https-everywhere
30. Re:Mac's don't get malware by exomondo · 2012-04-10 11:14 · Score: 2
  
  Their claims were explicit in that they differentiated PCs from Macs ("I'm a Mac.", "And I'm a PC.") and referred to PC viruses.
  But Macs are PCs according to Apple:
  The App Store revolutionized mobile apps,” said Steve Jobs, Apple’s CEO. “We hope to do the same for PC apps with the Mac App Store by making finding and buying PC apps easy and fun.
  Apple’s Mac App Store to Open on January 6
31. Re:Mac's don't get malware by Catbeller · 2012-04-10 11:46 · Score: 2
  
  No, Macs do not get viruses. This type of malware is not a virus; it does not infect, does not travel from mac to mac, and does not install without permission. The malware is installed precisely because someone gives it permission. You can't stop people from installing malware - it's just human nature. If this is a virus, than so is Facebook.
32. Re:Mac's don't get malware by BasilBrush · 2012-04-10 14:33 · Score: 2
  
  OSX's calculator gets it right even in scientific calculator mode. There's no excuses for getting it wrong as Windows does.
  How does Linux fare?
33. Re:Mac's don't get malware by BasilBrush · 2012-04-10 14:36 · Score: 3, Insightful
  
  What rounding? The square root of 4 is 2. There's no fractional part. Subtract to and the answer is 0. Again, no fractional part.
  I haven't tried it in C, but if a particular implementation also returns something other than zero, then it is also defective.
34. Re:Mac's don't get malware by Fjandr · 2012-04-10 15:00 · Score: 5, Informative
  
  Just for kicks:
  "The App Store revolutionized mobile apps. We hope to do the same for PC apps with the Mac App Store by making finding and buying PC apps easy and fun. We can’t wait to get started on January 6."
  --Steve Jobs
35. Re:Mac's don't get malware by BasilBrush · 2012-04-10 15:42 · Score: 2
  
  More so. All OSs that accept third party applications are vulnerable to malware. Most calculators don't make mistakes in simple calculations.
36. Re:Mac's don't get malware by Tyr07 · 2012-04-11 07:02 · Score: 2
  
  You've pointed out that I need to clarify my meanings in a few places here.
  Flopped is a relative term. When I say desktops flopped, I mean they were not sufficient enough to keep the company from going under.
  Some people love them and still do.
  Mac growth I believe is primarily on device integration and the social prestige that came with owning an iphone or ipod. That stigma of other mp3 players being inferior stuck after ipods did so well. So when they came out with iphone, you didn't want to be left out. Social prestige is a huge motivator in human society, although many won't admit it and I'm sure they'd sack me for revealing the secret if they could.
  So now that they have their iphone, their ipod, well, they need itunes, and all this "intergrates" so well with Mac. So now they're like, well, I should have a mac! It's more prestige!
  Hence growth of market.
  I do not believe that if you removed all the external devices that apples has developed, that people would continue to see such increases in mac desktop sales.
  Their mac only mac everything phillisophy is working.
  Great, apples uses their own hardware/software. That's like the developers of os/2 still using os/2.
  Yeah, when you design it, and can have programmers make whatever propieitary software you need for your business, I'm sure
  any OS will do.
  I'm quite certain that majority of the software that apple uses on macs within apple are not available to the public. I'm sure things like Mac mail, are not in use.
  Just as Microsoft doesn't use all of their publicly available software, either.
  I'll agree that jobs returning saved apple - but without the bailout, there would be nothing to save. I feel stating that jobs saved apple from tanking /again/ would be an accurate statement.
  P.S How many people are running a mac web server with mac office producitivity suites and mac exchange servers with mac everything else in their office space besides apple or anything who deals with graphic/video design etc?
  Yea...
Safeguard your data. By doing nothing. by rfioren · 2012-04-10 05:52 · Score: 5, Funny

http://www.apple.com/why-mac/better-os/#viruses
1. Re:Safeguard your data. By doing nothing. by Anonymous Coward · 2012-04-10 06:31 · Score: 4, Funny
  
  "It doesn’t get PC viruses."
  In other news, my electric car doesn't suffer from problems caused by low quality gasoline.
2. Re:Safeguard your data. By doing nothing. by dstyle5 · 2012-04-10 07:05 · Score: 3, Funny
  
  Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise.
  
  Slashdotter who is Apple customer Testimonial: "I thought it was just an innocent file containing photos of goats..."
3. Re:Safeguard your data. By doing nothing. by HapSlappy_2222 · 2012-04-10 08:23 · Score: 2
  
  Wow. I don't know what's worse; Apple spreading this garbage or consumers believing it. Had the link not been provided, I'd not have believed they said it.
  
  Fun game, substitute "data" with various other nouns, like "kids" and enjoy measuring how true the statement still is.
4. Re:Safeguard your data. By doing nothing. by cant_get_a_good_nick · 2012-04-10 09:19 · Score: 2
  
  Though people will pile on Apple (rightfully, see more below) you do need to remember that this hubris is somewhat justified. There was a time when Windows had tens of thousands of viruses to Mac OS's maybe, 8. Macs were just more secure. This was early web days, and there was some department of the government that recommended Mac OSX webservers. Partly because of design, partly because of the PowerPC chip which was hard to write exploit code for. Windows machines were defective by design. Outlook viruses were prevalent because of horrible design practices - trust an environment where you can lie about who you are, and trust files that you can 'lie' about what type of file you are (hide extensions, which determines file 'type' in Windows).
  Apple is still working at it, I like their sandboxing idea. And not trying to hide things from users helps security more than you think.
  That said, this botnet is due to bad Apple design. They made it hard to update Java, and a bad JVM is how this is being spread. I'm hoping that this will push them to better security.
there is no Apple AV group by alen · 2012-04-10 05:53 · Score: 4, Funny

Mac's don't get viruses. it used to be magic pixie dust protected all the Mac's but my MacBook Pro and others bought since the death of St. Steve are protected by His Spirit
1. Re:there is no Apple AV group by HarrySquatter · 2012-04-10 05:55 · Score: 3, Informative
  
  Flashback isn't a virus...
2. Re:there is no Apple AV group by ColdWetDog · 2012-04-10 05:56 · Score: 5, Funny
  
  Ah, but you're right. This isn't a virus. It's a trojan. And we all know that Trojan's protect dicks.
  (sorry Apple fans, that one hung out there just a wee too much).
  
  --
  Faster! Faster! Faster would be better!
3. Re:there is no Apple AV group by revelation60 · 2012-04-10 06:01 · Score: 5, Funny
  
  It's a feature.
4. Re:there is no Apple AV group by tacarat · 2012-04-10 06:06 · Score: 5, Informative
  
  The current version downloads and installs itself. No human interaction required besides viewing an infected webpage. Don't confuse the "viruses are impossible to get on a Mac" crowd more by trying to make them learn the subcategories of malicious software. The fact it was originally a trojan that required the admin password to install versus the drive by installer requiring none is something more for the academics quibble about, not the end users.
  
  Granted, this is /., so it's academics and fanboys anyhow >.>
  
  --
  "Common sense will be the death of us all"
5. Re:there is no Apple AV group by tacarat · 2012-04-10 06:23 · Score: 5, Informative
  
  http://en.wikipedia.org/wiki/Malware#Trojan_horses
  
  Apparently I still go by the traditional definition. What do you think I'm missing?
  
  --
  "Common sense will be the death of us all"
6. Re:there is no Apple AV group by narcc · 2012-04-10 06:34 · Score: 4, Funny
  
  that one hung out there just a wee too much
  That's what she said!
  
  --
  Required reading for internet skeptics
7. Re:there is no Apple AV group by amicusNYCL · 2012-04-10 06:37 · Score: 5, Insightful
  
  If this is a trojan, then exactly what piece of legitimate software is it piggybacking on in order to get installed? It sounds to me like it's exploiting a Java vulnerability using an applet that does not disguise itself as something useful, it is specifically to install the payload. That sounds like a traditional virus. Previous versions that were actual trojans were embedded in warez downloads.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
8. Re:there is no Apple AV group by Anonymous Coward · 2012-04-10 06:40 · Score: 3, Interesting
  
  When was the last time ANY computer got a "virus"? A self replicating piece of code that spread from that PC via contact with storage media, etc.?
  "Viruses" are long dead. They are now worms, trojans, spyware, etc. etc. They do not spread the way a real virus spreads. Its an antiquated term than people just use to mean "malware" these days.
  So apple can certainly claim they do not get "viruses". Neither do PC's.
9. Re:there is no Apple AV group by Yaztromo · 2012-04-10 07:07 · Score: 4, Informative
  
  It sounds to me like it's exploiting a Java vulnerability using an applet that does not disguise itself as something useful, it is specifically to install the payload. That sounds like a traditional virus.
  A virus is self-propagating. AFAIK, while this does propagate over networks, it isn't self-propagating (i.e.: infected nodes don't go around infecting other nodes). Hence, not a virus.
  That's not to diminish its threat; simply that correct taxonomy aids in discourse towards finding a solution, and preventing similar malware in the future.
  Yaz
10. Re:there is no Apple AV group by Anonymous Coward · 2012-04-10 07:22 · Score: 3, Informative
  
  A virus is self-propagating. AFAIK, while this does propagate over networks, it isn't self-propagating (i.e.: infected nodes don't go around infecting other nodes). Hence, not a virus.
  No, a "virus" propagates when you boot your computer from a floppy disk that you got from your friend. A "worm" is the one that goes out on its own over the network.
11. Re:there is no Apple AV group by Anonymous Coward · 2012-04-10 08:20 · Score: 5, Informative
  
  Woo pedantic! Here are the given definitions, as I understand them:
  Virus = self-propagating, but does not run on its own. Requires some legitimate program which it exploits and modifies saved data to maintain itself. For example: a virus would enter a system as an infected word document, which would add macros into your copy of word infecting all of the word documents you edit after becoming infected. In general, the virus itself is not very useful, but frequently they're used as a piggy-back which downloads a...
  Trojan-horse = program which gives a malicious user control over a system remotely. This is frequently done via IRC, but newer programs have become far more sophisticated using P2P protocols of their own design or hiding it as fake HTTP requests making traffic analysis more difficult. The trojan horse itself is NOT self-propagating, but it will put a ton of hooks around the system to re-download/re-deploy itself if it gets shut off. In general its only goal is to just keep running and allowing the malicious user to abuse the machine. Now frequently the malicious user will use the trojan horse to send out fake emails or other things which leads to propagation, but the program itself doesn't necessarily do it.
  Worm = program which attempts to spread itself. It gets on a host machine and does something (normally immediately, sometimes with an incubation period, frequently involving email, sometimes 0-day exploits to networked computers) to try and get to more machines. After it has attempted to spread itself around, it will frequently follow-up by downloading a trojan horse, or sometimes it will contain the trojan horse functionality itself.
  Straight up worms have kind of fallen out of style these days though. They're a bit too obvious and their repeated, predictable behaviour leads to them being spotted and blocked after not very much time out in the wild. And without some sort of trojan horse functionality there's not much point. Trojan horse functionality allows a central command to update the code and makes the worm a more useful product, eventually getting it on more computers and keeping security researchers guessing longer.
  Anyway, hope this actually gets modded up by someone and people use these and or tell me I'm an idiot.
'We don't know the antivirus group inside Apple.' by Anonymous Coward · 2012-04-10 05:59 · Score: 2, Informative

Because there isn't one?
*rimshot*
Of course not. by JustAnotherIdiot · 2012-04-10 06:00 · Score: 4, Insightful

We don't know the antivirus group inside Apple.
Apple is to arrogant to admit they have any flaws, so odds are there isn't one.
Just like with the iPhone 4 antenna, they'd rather take bad PR and have their users suffer than admit there's an issue.

--
What do I know, I'm just an idiot, right?
1. Re:Of course not. by Mojo66 · 2012-04-10 06:16 · Score: 4, Insightful
  
  As much as I love Apple products, I hate their arrogance towards anything related to security. Could break their neck.
2. Re:Of course not. by idontgno · 2012-04-10 06:18 · Score: 4, Funny
  
  Good point. I bet Apple's response to this trojan is "You're holding it wrong."
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
3. Re:Of course not. by CAIMLAS · 2012-04-10 09:58 · Score: 4, Interesting
  
  Judging by the actual support and bugfixes most Apple software seems to get (ie, none - they're worse than Microsoft in this regard, by a long shot),
  Apple's MO is as follows:
  * ignore the claims
  * deny the claims
  * blame the users when popular appeal brings large media attention (it rarely gets this far)
  * offer a weak consolation, still blaming the user.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Blaming the messenger by cpu6502 · 2012-04-10 06:00 · Score: 4, Informative

"I found a security hole in your OS....."
"It's your fault scumbag. Keep quiet!" - Apple. Other companies have tried the same tactic, trying to silence/punish security people from publishing known holes. Like Microsoft. Sony. Nintendo. The Bluray Cartel.

--
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
1. Re:Blaming the messenger by ray_nicov · 2012-04-10 06:12 · Score: 5, Informative
  
  Dr. Web is one of the leading security companies (at least in Russia) and they've been around since 1992. They are by no means 'nagware' or 'junk scanner' - they tools are legitimate, powerful and useful
2. Re:Blaming the messenger by SmurfButcher+Bob · 2012-04-10 06:37 · Score: 4, Insightful
  
  Eh? Not to make a "no true Scotsman" plea, but the security world is not that big. If Apple hasn't heard of them before, it means that Apple has no presence in this field. Not surprising when you consider that can't seem to keep their top-secret iphone prototypes in their pants.
  Next, you'll excuse Utah for not knowing that Oracle is a giant security suck-hole. And in other news, RSA didn't realize that PDFs can carry exploits. Uh...
  
  --
  
  help me i've cloned myself and can't remember which one I am
'We don't know the antivirus group inside Apple.'" by Anonymous Coward · 2012-04-10 06:00 · Score: 5, Informative

Because there aren't any, I worked for them and customers that called in were routinely told there is nothing to worry about when it comes to malware.
On their corporate side you would be amazed at who states exactly the same thing when they should know better.
Just a taste:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=OS+X&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=
No overwhelmingly surprising by gubers33 · 2012-04-10 06:08 · Score: 4, Informative

Apple has had the benefit of so many years of being such a small market share that it did not make sense for people to create Trojans that targeted them. However, Microsoft has had to respond to threats over the years and had the time to develop processes to assess threats and work with security researchers. Apple has ended up behind the curve in this spectrum because of how long they had a small market share. If Apple is able to suck up their pride and work with the researchers they could end up being able to deal with such threats appropriately, but right now their pride is getting the best of them.

--
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
1. Re:No overwhelmingly surprising by sohmc · 2012-04-10 06:16 · Score: 4, Insightful
  
  But in Apple's defense, the permissions structure of Macs are inherently different than on a Windows machine.
  Most mac users run at normal user level, a la Linux/Unix. When the computer needs to do something at the priveleged level, it asks for a password.
  Most Windows users usually run as administrator by default. Anytime some virus/trojan wants to do something, it just prompts the user with a "Hey, Windows Explorer wants to do something. Continue?"
  There is something different about having to type in a password than just clicking ok. Then again, Windows has so many random dialogue boxes that most users don't read them anymore.
  
  --
  We don't live in Shouldland.
2. Re:No overwhelmingly surprising by interval1066 · 2012-04-10 06:29 · Score: 2
  
  But in Apple's defense, the permissions structure of Macs are inherently different than on a Windows machine.
  So? You still write a virius for it, you just have to find the weak spot. There have been virii for Unix-ish machines too,
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
3. Re:No overwhelmingly surprising by w_dragon · 2012-04-10 06:29 · Score: 5, Insightful
  
  You don't need to be admin to be a botnet member, a user process will work just fine.
4. Re:No overwhelmingly surprising by Sir_Eptishous · 2012-04-10 06:46 · Score: 2
  
  I would say that Windows users, especially with Windows 7, are running less and less under an account with Administrative permissions.
  
  --
  We play the game with the bravery of being out of range
5. Re:No overwhelmingly surprising by IamTheRealMike · 2012-04-10 07:06 · Score: 3, Interesting
  
  Bingo. Getting root is useful but not required for viruses, and Windows has had very similar setups for a long time already. It's perfectly possible to make a program that hides itself, resists deletion, spams, steals passwords, logs keys etc all without having root and there are quite a few such viruses out there. MacOS isn't any better defended than Windows against malware, in fact it's significantly worse because so many users don't even have AV software installed (my Mac does, btw).
Re:"We don't know the antivirus group inside Apple by jesseck · 2012-04-10 06:11 · Score: 2

I'm sure that email address is to report the location of a lost and/or stolen prototype, and is emailed directly to the Commissioner.
Why do we support liers? by VernorVinge · 2012-04-10 06:11 · Score: 3, Interesting

Apple products are overpriced, insecure, not upgradable, developed by a CEO who believed integrity is optional, and makes it's outsized profits on breaking labor laws in developing countries. Why do the supposed 'creative' class continue to support this pile of dung?

--
Stay skeptical, my friends.
1. Re:Why do we support liers? by amicusNYCL · 2012-04-10 06:43 · Score: 3, Funny
  
  It's not their fault if they think different.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:Not a virus, numbnuts by lightknight · 2012-04-10 06:15 · Score: 2

Meh, close enough.
Trojan virus vs. trojan malware. Yes, it's technically not a virus, but it is a piece of malware that the Mac-heads have been convinced they are immune to. And it is, no doubt, the first of many; in time, if someone actually cares, perhaps a real virus (CIH style) will be created for the Mac. You know, something with a timebomb, that goes undetected, then fries the disk firmware?

--
I am John Hurt.
Re:"We don't know the antivirus group inside Apple by neonv · 2012-04-10 06:16 · Score: 4, Informative

'We don't know the antivirus group inside Apple.' means they haven't been to able to talk to them and get to know them. I saw the website, and I feel safe saying I don't know the Apple AV group. I'm sure Sharov found the website. As they said in the article, they just get no response from Apple.
Re:"We don't know the antivirus group inside Apple by Chris+Mattern · 2012-04-10 06:18 · Score: 4, Insightful

They did that. They sent email there. They got ignored. What they have for Microsoft, what they *don't* have for Apple, is direct phone numbers/email addresses for the right personnel.
Re:"We don't know the antivirus group inside Apple by DerekLyons · 2012-04-10 06:20 · Score: 4, Insightful

Seriously? It's that difficult to understand the difference between a generic address that goes $DIETY knows where (and mail rent to it is probably vetted by an intern) and the actual address of the responsible individual(s)/team(s)?
Re:And? by Baloroth · 2012-04-10 06:23 · Score: 4, Insightful

Yes, they don't have much communication and cooperation with the 'security industry' since it is mostly full of leeches and parasites who make money spreading fear. Now, this doesn't excuse them from failing to acknowledge issues, since that's just as bad, but the less this 'industry' leeches itself to OS X the better.
Yeah, just let the trojan spread unacknowledged. Ignore it and it will eventually go away, right?
"Leeches" or not, someone needs to work on stopping malware. MS didn't step up the plate in the past, and I have little reason to think Apple will now (after all, their website still claims "Macs don't get viruses".)

--
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Re:"We don't know the antivirus group inside Apple by Andy+Dodd · 2012-04-10 06:24 · Score: 3

That page does not have a single direct contact.
Attempts to contact Applie via info provided on that page apparently, according to Dr. Web, go nowhere.

--
retrorocket.o not found, launch anyway?
Re:"We don't know the antivirus group inside Apple by ifrag · 2012-04-10 06:34 · Score: 3, Funny

OS X has what, TWO viruses now?
Soon my armies shall pour forth from the shattered sandbox, ravaging this OS and all hope of resistance. My minions will find the vulnerability, wherever you choose to hide it. Then, at long last, BSD shall reign as the prime OS.

--
Fear is the mind killer.
Re:"We don't know the antivirus group inside Apple by amicusNYCL · 2012-04-10 06:41 · Score: 4, Insightful

OS X has what, TWO viruses now?
Wow, they sure are creeping up to the millions on Windows platforms.
Enjoy it while you can, arguments like that have their days numbered.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:"We don't know the antivirus group inside Apple by moronoxyd · 2012-04-10 06:42 · Score: 4, Insightful

Do you know the difference between communication channels for customers and those for partners and specialists?
I work in an IT support position, and sure, if I need to contact a special group (say the Exchange administrators) I could use the phone numbers used by the customers... and would waste valuable time by making the call center agent on the other end understand that I need to speak with the admins directly.
To avoid this, we have phone numbers and email addresses of those other divisions. You know: A direct line.
The security companies have direct lines to the security teams from Microsoft, and certainly Oracle, Red Had etc.
This is to everybody's advantage, as it reduces friction and increases response times.
Only Apple doesn't understand that they are part of an ecosystem where everybody relies to some extend on everybody else...
Re:And? by sir-gold · 2012-04-10 06:47 · Score: 5, Insightful

A leech that swims by and says "hey, did you know you are bleeding?" isn't much of a leech. Other than a bit more fame, what does dr web gain from this, it's not like they are extorting apple.
I'm curious were you picked up the idea that security researchers and fake-av sellers were somehow related?
Do you also assume that anyone yelling "fire" in a crowded building is just trying to make everyone scared? if so, I hope you are in a building fire some day so you can ignore the warning, safe in your fire-proof pants
Re:"We don't know the antivirus group inside Apple by sir-gold · 2012-04-10 06:50 · Score: 4, Insightful

You only need one bubonic plague...
It doesn't matter how many mac viruses there are as long as apple continues to plug it's ears when it comes to mac viruses.
Corroboration? by CyberLife · 2012-04-10 06:53 · Score: 4, Interesting

As with any other claimed discovery, I'd like to see independent corroboration. I'm not saying it doesn't exist, just that I personally haven't seen it. Everything I've read credits Dr.Web as the source. Has nobody else confirmed their findings?
misleading summary by noh8rz3 · 2012-04-10 07:07 · Score: 2, Funny

Now that it's being increasingly targeted by botnet herders,

newsbreak- mac botnets increase from 0 to 1. increasingly targeted! infinity percent increase!
In my experience... by blueg3 · 2012-04-10 07:11 · Score: 5, Interesting

Not surprisingly, the summary is not as accurate as the article.
Sharov may describe this as "a symptom of a company that has never before had to work closely with the security industry", but the article correctly points out that it's more a symptom of having "little experience working with the community of security researchers who aim to dissect and shut down botnets." The botnet security community is different from the general security community. As far as I know, Apple has a decent working relationship with the latter. It's no real surprise they have limited experience working with the anti-botnet community, since until now they haven't really had botnet problems.
The article also notes that Dr. Web is relatively unknown and that in the opinion of Kaspersky (which is at least more well-known), Apple is taking the usual appropriate steps.
As far as them not getting a contact back, that disagrees with my experience in reporting a security vulnerability to Apple. You send a message to their easily-found, catch-all "security" address. In relatively short order, a security engineer gets in touch with you, and you communicate with that person from that point on. It seemed to work just fine, unless, I suppose, you're egotistical enough to think that you should be able to pick up the phone and talk to someone at Apple immediately -- which is a common-enough problem in security.
Re:"We don't know the antivirus group inside Apple by blueg3 · 2012-04-10 07:15 · Score: 5, Interesting

I e-mailed that address and got a response from a security engineer. Perhaps Dr. Web is holding it wrong.
Re:Not a virus, numbnuts by forkfail · 2012-04-10 07:16 · Score: 2

Except that this was well enough done to nail 600,000 Apple users:
http://www.forbes.com/sites/andygreenberg/2012/04/06/researchers-confirm-flashback-trojan-infects-600000-macs-being-used-for-clickfraud/

--
Check your premises.
Re:"We don't know the antivirus group inside Apple by blueg3 · 2012-04-10 07:16 · Score: 2

The Apple Security address isn't for customers, it's for security researchers.
Re:And the users are blaming Java, not Apple by Anonymous Coward · 2012-04-10 07:21 · Score: 2, Informative

Have already seen numerous comments from fanboi's that it's "Java's fault" and "Apple is stuck fixing someone else's problem". So Apple is going to get a pass on this one at least from their users.
Actually, when it comes to java, it IS Apple's fault.
Apple made a deal with Sun/Oracle that Sun/Oracle would no longer release java for the mac. Sun/Oracle passes along the code to Apple, then Apple distributes it after modification.
As a result, when serious flaws are discovered/announced in java, it takes many months for patched versions of java to be available for the mac. Until then, macs have a well-documented security flaw that is easy to exploit with a simple web page.
Re:Not a virus, numbnuts by lgw · 2012-04-10 07:22 · Score: 2

You do realize that flashback evolved to where it needed neither, right? Unles you have Windows-style habits of relentlessly patching every thrid-party toolkit on your box, flashback is perfectly capable of installing itself without your assistance (beyond browsing the web in a normal way).

--
Socialism: a lie told by totalitarians and believed by fools.
Re:Russian altruism? Suuuuure... by yodleboy · 2012-04-10 07:35 · Score: 2

Apple, its employees and its users are legendarily arrogant. I find it much more believable that a security researcher got rebuffed than that there is global conspiracy to make Apple look bad and drive American customers to purchase security products from a Russian company...An American company would likely have gotten the same response from Apple anyway.

The Apple slogan "Think Different" could just as easily be "It's Not Me, It's You". Oh they'll own up to things eventually, but not before playing some passive aggressive blame game and trying to convince their users that it's somehow their fault. In the meantime, anyone who gets hurt is just collateral damage and will probably buy the next shiny bauble Apple dangles in front of them anyway. I know some very smart people that are hopelessly addicted to Apple no matter what they do. You read about people in cults and say "how can that person be in a cult, they are so smart!". Well Apple has it figured out. We should probably be grateful Steve Jobs wasn't another Jim Jones.
Re:Not a virus, numbnuts by lgw · 2012-04-10 07:41 · Score: 2

It seems that hundreds of thousands of normal people would. And with all the CA problems in the past few years, they would be signed if that was actually needed for them to spread.

--
Socialism: a lie told by totalitarians and believed by fools.
Re:Russian altruism? Suuuuure... by Pope · 2012-04-10 07:44 · Score: 2

Apple, its employees and its users are legendarily arrogant.
Unlike, say, Linux...

--
It doesn't mean much now, it's built for the future.
Re:"We don't know the antivirus group inside Apple by gstrickler · 2012-04-10 08:47 · Score: 5, Interesting

As someone who has found and reported a (now) patched security vulnerability to that email address, I can say that I agree with Boris Sharov's complaint. You do get an automated response with a case #, that includes the text

We do not automatically provide status updates on issues as we work on them, but please feel free to request one if needed by replying to this message.
However, I received no replies to when I did request status updates (and supplied additional information about the affected systems with explicit instructions about what needed to be done to fix existing systems). Even when I contacted other sources (Secunia, who confirmed the problem, and US-CERT), I received nothing from Apple. Nor was the problem addressed in two releases of QuickTime in the year following my report.
How I finally got a reply from Apple was sending an email to sjobs@apple.com on Sept 4, 2010 with a copy of the now year old security report, and my statement that I was taking it to the full-disclosure list if I didn't hear back from Apple by Sept 15th. Fewer than 6 hours later (on a Saturday), I had a status update from Apple. Here's the meat of that reply:

Just wanted to let you know that a fix for this issue has been identified, and we are targeting an upcoming release of QuickTime to address it.
We provide status updates upon request.
Subsequent emails always got a reply, but before I sent my email to sjobs, it was like talking to a wall. Also, despite assurances that they understood the extent of the problem and my explicit instructions about needed remediation for affected systems, when they finally released the fix 3 months later, it only corrected the problem and did not provide remediation for the permissions on already affected systems, nor did it even mention that there were permissions to be fixed.
When it became clear that no remediation fix, nor an acknowledgement of the problem was coming from Apple, and ample time had passed for users to have installed the updated version of QT, I submitted my own fix to the Full Disclosure mailing list.
In total, it was 15 months for Apple to release a fix, a fix that in all likelihood involved altering or removing two lines of code that were granting excessive privileges to specific directories. Even then, they did not correct the permissions on machines that were already affected.
So, in my opinion, Apple has a long way to go in developing and maintaining communications with those who report security vulnerabilities. And in acting upon those reports in a timely and responsible way.

--
make imaginary.friends COUNT=100 VISIBLE=false