New Version of the MaControl Trojan Spotted In the Wild

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

Gotta Catch 'Em All

A wild MaControl appears!

Obviously bogus

After all, everyone knows that Mac's can't get viruses.

Re:Obviously bogus

[__aaltlg1547]

MacControl isn't a virus. It's a Trojan and Macs are just as vulnerable as Windows PCs or Linux PCs for that matter because users can bypass any OS security.

Re:Obviously bogus

[DJRumpy]

Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.

This is about as nefarious as me sending a batch file to you saying 'run this safe file'.

It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that, as the message itself appears to be gibberish, with an attachment. The least they could have done is put something that even remotely interested the user into opening the attachment, rather than a random string of alpha characters.

Re:Obviously bogus

Yeah it's a Trojan, and it requires a user to click on a link. The big concern it seems to me is that, unlike PC users, the people that use Macs are convinced that they cannot get caught in malware scams.

Re:Obviously bogus

[citation needed]

The big concern it seems to me is that, unlike PC users, the people that use Macs are convinced that they cannot get caught in malware scams.

Re:Obviously bogus

[4phun]

Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.

This is about as nefarious as me sending a batch file to you saying 'run this safe file'.

It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that .

Yes I would assume this Mac attack will prove successful only among those geeks who normally would fall for this seeming legit instruction...
http://failblog.files.wordpress.com/2012/07/epic-fail-photos-fail-nation-seems-legit-fail.jpg

Re:Obviously bogus

[macs4all]

After all, everyone knows that Mac's can't get viruses.

After all, everyone knows that ACs can't use apostrophes correctly.

Re:Obviously bogus

When all else fails attack punctuation as if you couldn't understand the post!

Think Different

[girlintraining]

Ah, the burdens of increasing marketshare: You're now statistically significant enough for the criminal element to take an interest. In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'. Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

It will probably take more evidence to convince the hardcore (like their computer suddenly talking in latin and shooting flames at their face), but the average mac user will likely be more sensible. I hope.

Re:Think Different

[oztiks]

Saying it has never convinced the Mac community though. All those years of MS bashing will eventually come full circle.

Computers store valuable information, linux, windows, bsd, osx, they are all computers they all have something of value to steal. I've always thought just as the computing industry has smartened up to malicious activity so have the criminals, biding their time with Apple I've always thought was a long term investment, wait until there was enough Mac users out there so that when you make a run on people's CC details you make it a good one.

Remember it took 10 years for MS to learn their lesson, talking about what would kill Apple, a 10 year long "I told you so" would do it. I guess that'll never happen because eventually (after they suck up their pride) they can ask MS or even Trend/Norton/McAfee for help, which they will because Apple is completely unprepared for the shit storm that is to follow.

Re:Think Different

Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".

but the average mac user will likely be more sensible. I hope.

the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.

to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.

linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a .jpg does not mean that site can tell if their computer "has a virus".

you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.

Re:Think Different

[macs4all]

Apple is completely unprepared for the shit storm that is to follow.

You're right, of course. Apple is completely unprepared.

And keep in mind that those features are already installed in an OS that has a spotless track record as far as self-replicating malware (worms and true viruses, rather than stupid-ass Trojans).

So yeah, Apple is just sitting there with their proverbial pants down, waiting for insertion...

Clueless moron.

Re:Think Different

[macs4all]

the average mac user paid more money for a mac because they thought windows was too hard.

No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

Re:Think Different

[oztiks]

From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

Apple's germ free environment is why when the malware industry does hit. It will hit them hard.

Re:Think Different

the average mac user paid more money for a mac because they thought windows was too hard.

No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

*citation needed because your name shows your heavily biased*

Re:Think Different

[Rainbowdash]

Might have something to do with Mac OS X being a full-blown UNIX system as well?

Re:Think Different

[Erikderzweite]

Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

Re:Think Different

[macs4all]

From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

...And then you respond with a personal attack.

Moron.

If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

Apple's germ free environment is why when the malware industry does hit. It will hit them hard.

So, let me get this straight: You said that "Apple is completely unprepared for the shitstorm that is to follow.". I countered with unequivocal proof that your statement was false. And now, since your statement has been refuted, you SWITCH your argument to a combination of an ad hominem attack (which was couched in a statement that you weren't going to respond to me calling you a clueless moron (which you are)), but more importantly, you now say that one aspect of Apple's security methodology (signed binaries) is "too restrictive" (because it's too restrictive for Devs. to sign up for a FREE signature (Developer accounts cost $100/yr, and that includes as many certs. as you wish to create; or you can use an industry-standard cert. from any one of a number of authorities).

But what you failed to realize is that GateKeeper's "sterilization-level" is adjustable by the user; so s/he can decide for hirself how much digital E. Coli that they want to subject themselves to.

From the "What is Security" guide I linked to in my original response to your "Completely Unprepared" post: Gatekeeper gives you three security options. Just like today, you can download and install apps from anywhere on the web. Or you can choose the safest option and download and install apps only from the Mac App Store. Or use the default option, which allows you to download apps from the Mac App Store as well as those signed with a Developer ID. If an app is unsigned, Gatekeeper blocks the app from being installed and warns you that it did not come from an identified developer. If you’re sure the app is safe, you can manually override Gatekeeper by Control-clicking the app and choosing to open it.

So, since in ANY setting of GateKeeper, the user is free to 'eat the tainted meat' with just a Click, tell me how GateKeeper is "unsavory to ones computing freedom."???

But the biggest question is: "How does all this mean that APPLE is "completely unprepared"? From where I sit, it looks like OS X is much MORE prepared than Windows or Linux for any possible "shitstorm".

Re:Think Different

I've been a Linux freak since the 0.97 days, but I run OS X because I got sick of maintaining my Linux desktop. Even with Ubuntu, I ended up having deal with package dependency problems (not everything I use is in the main repos), rebuilding the nVidia driver, X11 crashing/hanging making me lose all my work, etc.

With OS X, I get a nice UI on top of a solid kernel, and don't have to deal with all that crap. I just wish the /. community would figure out that most people run OSX because they like it, and are not Steve Jobs cult followers.

Re:Think Different

[macs4all]

the average mac user paid more money for a mac because they thought windows was too hard.

No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

*citation needed because your name shows your heavily biased*

Education needed because your posting shows you don't understand basic grammar. (you/you're).

Oh wow. A comment based on my username. How completely unoriginal...

You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?

And attend ANY Linux developer conference. MacBooks as far as the eye can see. Do you really think THOSE people are using Macs because they "Can't figure out Windows?"

Re:Think Different

[mcgrew]

In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'.

So, you're saying that my kubuntu box is less secure than my Win 7 box? Because Windows frustrates the hell out of me, the kubuntu box just keeps chugging along without problems. Example: Bluetooth. I bought a dongle to move pictures from my phone, and it came with no Linux install disk. After installing the software on my Win 7 box and rebooting twice, it was flaky but worked. Linux? I just plugged the dongle in and it worked. Fifteen minutes of installation and reboots vs one second to plug it in. At least once a month and often more often I have to install Windows patches and reboot, often several times. With Linux the notification pops up and I click it and continue doing whatever it was that I turned the PC on for in the first place.

MS's vaunted useability is a myth propagated by those who grew up with Windows. Those of us whose first computer was tape driven and BASIC/Assembly-based, then DOS, then Windows, had no problem at all using Linux. Ten years ago there were driver issues, but I haven't seen them in a long, long time.

Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

Macs are more resiliant; you won't get a virus on one. But this is a trojan, not a virus. I don't care what OS you're using, if I can convince you to install a piece of software as root, I own your computer.

It doesn't matter if you're running Windows, iOS, or even NSA Linux, if you're downloading warez you're putting yourself at risk. Most Linux users won't touch a piece of software that isn't in the repository. I'm not so sure about Mac users.

Re:Think Different

[mcgrew]

Your analogy has quite a few flaws. You are in effect saying that the cave man (windows) has a better immune system (AV software). Macs and Windows are more like cats and dogs; they don't get the same diseases.

As to your cave man eating raw meat, dying from eating raw meat is far more recent. Fifty years ago you could safely eat raw hamburger, chicken, or eggs with little risk of food poisoning and in fact many people enjoyed chicken and hamburgers cooked rare, but ranching methods have changed drastically. We use to make eggnog -- it's a mixture of raw egg yolk, milk, sugar, and cinnamon. It was traditionally used on Christmas because raw egg yolk contains an emzyme that combats hangovers, but try that today and you'll be far more miserable the next day, because one in three eggs now has salmonella.

If you fed a cave man a raw steak from today's grocery store, he'd get as sick as you would.

Re:Think Different

I remember that slanderous campaign, showed how sad and desperate apple had become. Make up a bunch of BS lies and then hide them under the generic "PC" name so that it wasn't considered the fraud it was. PC became the new brand X, and as long as they didn't say either Windows or that they don't have those problems then it was technically legal. The first step towards the patheticness that is apple, now they patent troll instead using patents of ideas they stole from others (like patenting Neonode's slide to unlock patent, patenting the Sony Vaio, the Android Vega tablet from 2009...)

And I'll bet you think they are all running OSX too.... sorry to burst your bubble, but they aren't. They are using Linux

Re:Think Different

[macs4all]

I remember that slanderous campaign, showed how sad and desperate apple had become. Make up a bunch of BS lies and then hide them under the generic "PC" name so that it wasn't considered the fraud it was. PC became the new brand X, and as long as they didn't say either Windows or that they don't have those problems then it was technically legal. The first step towards the patheticness that is apple, now they patent troll instead using patents of ideas they stole from others (like patenting Neonode's slide to unlock patent, patenting the Sony Vaio, the Android Vega tablet from 2009...)

And I'll bet you think they are all running OSX too.... sorry to burst your bubble, but they aren't. They are using Linux

Funny. You're the first person I have EVER heard that called the ad campaign "slanderous" or "lying".

WTF are you talking about with you babbling about "stolen patents" and "Android Vega tablets" and "Sony Vaio"???

But since you are, we'll discuss these one at a time:

1. Patenting Neonode's "slide to unlock": Well, the patent case in question was against HTC, but it wasn't HTC that was considered by the UK Court to be "Prior Art"; it was ANOTHER phone (the Neonode) that had an "unlock gesture". Although on a touch-screen device, it's kind of hard to avoid SOME kind of unlock GESTURE... So I guess both Apple AND HTC might have infringed... But isn't is curious that NeoNode didn't see it as "infringement", or wouldn't THEY have sued APPLE???

2. Patenting Sony's Vaio: This is just asinine. Are you saying that because the Vaio is thin, and the MacBook Air (and now MBPwRD) are thin, that SOMEhow "Apple Patented the Sony Vaio"??? Yeahrightsure. The Vaio is a milled aluminum "Unibody" construction. Yeahrightsure. The Vaio has a glass, multitouch trackpad with the left-button built-in. Yeahrightsure. The Vaio has MagSafe. Yeahrightsure. The Vaio has Thunderbolt. Shall I go on?

3. Andoid Vega Tablet from 2009. The WHAT? You mean that big IPHONE clone??? Riiiiight. Let's just take a look at the TIMING of who had what first: You're saying that Apple, who already HAD an iOS (f/k/a iPhone OS)-based, ARM-based, capacitive multitouch device ON THE MARKET for TWO YEARS prior to the Vega tablet, SOMEHOW tooled-up the iPad in the TWO MONTHS between the Vega's ANNOUNCEMENT on November 13, 2009, and the iPad's ANNOUNCEMENT on January, 27 2010. If you believe that is even remotely possible for ANY company, even one the size of Apple, you are SADLY mistaken, and of course know NOTHING about R&D and manufacturing processes. Keep in mind that Apple had HUNDREDS of WORKING iPads to show around and even GIVE AWAY at that January, 2010 announcement. In fact, the Vega wasn't even supposed to be on the market until WELL after the April, 2010 "on-shelf-date" of the iPad. So who is copying who here? It's not that the iPad looks like the Vega, it's that the Vega looks like.... AN IPHONE. And, as we all know, by 2009 there were already MILLIONS of iPhones in people's (and apparently Innovative (ha!) Converged Devices' Seattle (Hmm. Redmond?) labs, too, eh?)

And what's all this "bet you think they are all running OS X too. [...] They are using Linux."

What's the antecedent of the word "They" in your blathering? Are you talking about the NeoNode N1, the Vaio, and the Vega? Or are you talking about the iPhone, the MacBook Air and the iPad? Because in EITHER case, you are incorrect. The NeoNode N1 and the Vega Tablet run ANDROID, which is NOT Linux, any more than iOS is OS X. Yes, they are derivatives; but with enough differences to make them classified as their own OSes. And as far as the Vaio goes, I'm pretty sure that MOST (if not all) of them went out of the factory with WINDOWS installed, NOT Linux.

And I really shouldn't have to explain to ANYONE on Slashdot that OS X (nor iOS) ISN'T LINUX. So, you

Re:Think Different

[oztiks]

Does MacOS boast ASLR? Do your research is DEP and get back to me :)

Re:Think Different

http://blog.lumension.com/5365/what-the-security-features-of-apples-mountain-lion-mean-for-the-enterprise/

And ASLR was adopted 12 months ago and updated system patching. Looks like what Micrsoft has done for years Apple has caught up in some ways.

What is noteworthy is Apple cant make their OS secure enough to hold FIPS 140-2 certification.

Re:Think Different

[macs4all]

http://blog.lumension.com/5365/what-the-security-features-of-apples-mountain-lion-mean-for-the-enterprise/

And ASLR was adopted 12 months ago and updated system patching. Looks like what Micrsoft has done for years Apple has caught up in some ways.

What is noteworthy is Apple cant make their OS secure enough to hold FIPS 140-2 certification.

So now, it doesn't matter that Apple HAS certain security features; but rather WHEN they were adopted? Again, changing the parameters of the original statement "completely unprepared".

OS X has had limited ASLR since 10.5 (Leopard), which launched in 2007. Windows introduced limited ASLR in Vista, which launched... in 2007. So where are those "years" you crowed about? BTW, you will note that not only does Windows ASLR have to be disabled for "compatibility reasons", but that it has several known shortcomings. In contrast, OS X 10.8 (Mountain Lion)'s ASLR appears to be not only system-wide, but also a much more robust implementation than in either Windows or Linux.

And as far as FIPS 140-2 is concerned, both OS X and Windows 7 can be brought to FIPS 140-2 Level 1. Neither goes further. But keep in mind that NIST hasn't had a chance to test against OS X Mountain Lion (10.8), which has security features that are stronger than its predecessors. So now what?

Oh, and apparently you are behind on your reading; for here is an Apple Tech Support document on how to set up and maintain a FIPS-compliant system in OS X 10.7 (Lion). The tech support article also has "Additional Information" regarding OS X's FIPS 140-2 compliance.

So, you might do just 10 seconds of research before you open your mouth next time, AC.

Oh, and that article you mentioned is far from unbiased, and is chock-full of inaccuracies and hyperbole, as I have pointed out in this comment. However, a complete analysis of the lies and exaggerations in that article would take about 10 pages, and I don't have time for that right now, especially for an AC.

Re:Think Different

[oztiks]

Now go learn about stack based overflows and heap based overflows. Then see how OS's like Linux has had ASLR since 05. Then go find papers on ALSR's and their various methods of circumventing them.

Unless you go for an OS with dtrace or similar managing direct syscalls and question every single one of them you'll be hard pressed to find a faultless OS. Fact of the matter is Lion is the first OS of Apples to host a fully pledged ASLR and many within the industry are skeptical it will up to the test.

My philosophy is this and what has been proven to me time and time again, regardless of what you put into an OS someone somehow if needed will find a way to get around it. New methods are always discovered and shared in places like packetstorm and securityfocus, many are not and kept secret until they wish to pillage from the online world.

Apple is 4 years behind, get over it!

Re:Think Different

[oztiks]

http://www.ijailbreak.com/jailbreak/ios-5-1-untethered-jailbreak-aslr-pod2g/

Re:Think Different

[causality]

the average mac user paid more money for a mac because they thought windows was too hard.

No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

I felt that way back in the mid 1990s. So I switched to Linux.

I continue to be glad that I did. I started out with Red Hat and have also tried Debian, Slackware, and Suse. I eventually settled on Gentoo some years ago because I like to customize, which especially includes the security options available when you build from source (like SSP). I also enjoy having such a wide variety of software available in the package manager. Not to mention, the Gentoo forums are some of the very best I've seen anywhere. I often refer to them even when helping friends who are not using Gentoo because the information is high-quality and oriented towards understanding the issue rather than "follow these steps".

I'm probably not a part of Apple's target market. Apple makes a fine desktop computer, especially for users who are not technically-minded and don't have any curiosity about how the system works. I have seen several frustrated, non-technical Windows users suddenly have a great experience with Macs. However, I have a philosophical problem with walled gardens and I believe Apple's stance on intellectual property is harmful to the industry. I realize that ultimately, only reform of patent law is going to really fix that situation, but Apple seems particularly zealous on this front. When Jobs was in control he also promoted a suffocating, dehumanizing (well, more than usual) corporate culture that I personally would never want to work in. These things make me disinclined to vote for them with my wallet.

Compared to the above, this is a minor and admittedly somewhat petty concern: it's also undesirable to me that so many Apple customers seem to think that they're showing how cool they are by sporting the logo. It's not that I think I'm cool for not joining them; it's that this idea and the marketing that goes with it is hollow, superficial, and does not provide for me a good reason to invest non-trivial amounts of money in a product.

So, I can't help but to wonder: are you one of these rabid fanboys or can you handle the idea that someone might have reasons for disagreeing with something you seem to be quite satisfied with? Because I definitely understand that Linux is not for everyone, in fact I admire that it doesn't pretend to be. If someone isn't going to like Linux, I would encourage them to use what does work for them. What I would not do is try to force a square peg into a round hole.

Re:Think Different

[causality]

You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?

I believe you chose a poor example there. I mean, advertisements are the most biased source of information imaginable.

Consider that Windows is the greatest OS ever! ... ... if you ask Microsoft.

Note that I agree with the basic premise that for average non-technical users, OSX provides a better experience than Windows. The higher cost for similar hardware, the deliberate incompatibilities of various peripherals, and the Microsoft monopoly are probably the major reasons Apple does not have a larger marketshare. I just think you chose a particularly weak method of making your point.

Re:Think Different

[causality]

Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

In my opinion people take system compromises far too lightly merely because they are common.

The danger is not having to periodically "clean their PC". That's a nuisance to be sure, but it is only a nuisance. No, the danger is that a piece of malware might help some criminal to "clean" their bank accounts. That kind of simple theft is bad enough; have you ever considered the prolonged nightmare that identity theft could cause? These are much, much worse than having to run a virus (etc.) scanner once in a while.

By replacing Windows with something that's not-Windows, you performed a real and worthy favor for them. I sure as hell wouldn't stand there and do nothing while my parents are exposed to these risks. Like you, I also set them up with Linux. They like it better anyway because it "just works" and they can focus on whatever they were trying to do.

Re:Think Different

You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?

I suppose that also means that Linux's floundering desktop marketshare is all due to the points outlined in Microsoft's 'Get the Facts' entire ad campaign targeted at Linux.

And attend ANY Linux developer conference. MacBooks as far as the eye can see. Do you really think THOSE people are using Macs because they "Can't figure out Windows?"

Well they sure as hell aren't using them because they were TIRED of Windows, so no, that's not the reason people buy Macs.

Makes me crazy

The article commits the worst sin of all - the extra apostrophe. The plural of Mac is Macs. Not Mac's. Reading that is like snagging my eye on a nail.

Won't be surprising to see a spike?

[znu]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

Re:Won't be surprising to see a spike?

[oztiks]

It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.

Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

The issue is when you are a business you address what the market demands, the question is when the market demands mitigative services is Apple prepared? I don't believe they are from looking at their track record.

     

Re:Won't be surprising to see a spike?

[Em+Adespoton]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.

Re:Won't be surprising to see a spike?

[jo_ham]

It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.;

I thought Apple were already doing that to our credit cards? Surely there will be nothing left for the malware authors.

Re:Won't be surprising to see a spike?

[interval1066]

Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.

Re:Won't be surprising to see a spike?

Strictly speaking, this still isn't a virus, so the fanboys are still technically correct. Which, as we all know, is the best kind of correct.

Re:Won't be surprising to see a spike?

Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.

So, it's true in the same general sense it's true for Linux, Solaris, AIX, HP-UX, zOS etc...

Have you completely forgotten the epic scale of virus infections on Win2K & WinXP systems? Christ, that's what started all the teasing in the first place, and it WAS warranted

Re:Won't be surprising to see a spike?

[macs4all]

Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

Does THIS look like an afterthought?!?

And keep in mind that these security features are built into an OS with NO known self-replicating malware. So no, I wouldn't say that Security is an "Afterthought" with Apple.

Pro Tip: If you don't know about something, then STFU.

Re:Won't be surprising to see a spike?

[macs4all]

Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.

Show me a true, self-replicating piece of OS X malware. Trojans don't count, and that's ALL there have been in the wild.

Re:Won't be surprising to see a spike?

[macs4all]

So, it's true in the same general sense it's true for Linux, Solaris, AIX, HP-UX, zOS etc...

Actually, Linux has nearly 1,000 pieces of reported malware, including some self-replicating ones.

Re:Won't be surprising to see a spike?

[oztiks]

AHAHAHAHA someone woke up cranky.

As for your references to the malware scanners - good on them. We over in PC land have had the same thing for well over a decade, way to innovate guys.

I guess you should feel special knowing that online criminals actually give a shit about you now....

P.S I so so hate Apple's interface, its been 20 years already why do cropped screenshots of OSX look nearly the same as OS7. I remember looking at the iPhone config panel and thinking, shit I played with this back in 6th grade, didn't like it then, don't like it now.

Re:Won't be surprising to see a spike?

[Rainbowdash]

Playing that card you trump yourself my dear,

The first Macs where the ones infected with virii and malware, and therefore the first counter-applications where on Macs. Also quantity != quality.


P.S You hate Apples interface, however a lot of people are willing to pay a lot of money to use it, the company in question is quite successful, you can't deny that, also you're as bad as the Apple Fanboys just you're fanboying over something else.

Re:Won't be surprising to see a spike?

But let's put it into context. There may be a 1000 pieces of Linux malware out there, but very few of them can self replicate, very few of them do much more damage than stay in your /home directory without root access and even more of them are proof in concept that have been closed with security patches.

Macs are the same. Compared to Windows they don't get viruses. Mathematically speaking, the amount of attacks is so small that Apple could still say "Virus free" and get away with it, they just can't explain the statistics to the layman.

So, Linux and Mac are still Virus Free if you look at it from a purely statistical angle.

Re:Won't be surprising to see a spike?

[sl4shd0rk]

there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

Nicely put. If there were any substance to these reports there would be like, Trojan apps and stuff turning up in iTunes or something.

Re:Won't be surprising to see a spike?

[mwfischer]

Apple has also been going out of business for 35 years.

Re:Won't be surprising to see a spike?

[macs4all]

But let's put it into context. There may be a 1000 pieces of Linux malware out there, but very few of them can self replicate, very few of them do much more damage than stay in your /home directory without root access and even more of them are proof in concept that have been closed with security patches.

Macs are the same. Compared to Windows they don't get viruses. Mathematically speaking, the amount of attacks is so small that Apple could still say "Virus free" and get away with it, they just can't explain the statistics to the layman.

So, Linux and Mac are still Virus Free if you look at it from a purely statistical angle.

Wrong.

ONLY OS X remains VIRUS free. "Nearly zero" is NOT ZERO. In its over ten year history, OS X has NEVER had a SELF-REPLICATING piece of malware. Trojans simply don't count; because no amount of "security" can get around social engineering. But where the rubber meets the road is in malware that can spread PC to PC in a P2P fashion.

And OS X simply doesn't have ANY of that. Period.

Re:Won't be surprising to see a spike?

[oztiks]

Black on white has always been the Apple UI and it's really not that impressive IMHO. People also pay lots of money to listen to Justin Beiber as well but that doesn't make him the best. Computing is such a way now where fashion has sold a brand, same thing when I was a kid and Reboks were in, now its Globe and if I wore my Reboks I'd be considered lame and outdated.

In my job I get my hands on ALL latest tech and at present I have an iPad, Windows Mobile Phone, Ubuntu desktop, Debian and FreeBSD servers. I've had Samsung Tab, didn't like the lag, tossed it, had an iPhone tossed it cause it's retro shit compared to WP7, also had HTC till I dropped it, realistically I've had about 7 different handsets in the past 6 months, I'm sticking with Nokia and very happy about it. Had a Mac desktop and tossed it cause it was full of bugs and started to chug after 3 months. I will be on the pre order list for Google Glasses and Microsoft Surface, I was on the pre order list for Raspberry Pi. The cool thing about my job is I don't have to pay for ANY of it I get to chose if I keep it or bin it.

I don't fanboy but I don't unfanboy, I pretty much use what's in front of me at the time. It's a not question of one particular brand better than the other and when you have this privilege you really get to see how full of shit tech reviewers really are and how cruel and bias they are because they like a particular brand.

For now, Windows Phone 7 rips the shit out of iOS, Ubuntu Gnome Classic (not that unity shit) rips over Windows and MacOS, and server it's CLI all the way for me...

P.S I don't use laptops but was given a Samsung Ultrabook that sits there and collects dust, My opinion, really kicks the shit out of anything in the market with MacBook air a close second / third. Funny story on how I got it, cause I'm not a laptop person, I argued with my boss about the fact Surface was boasting how thin their devices are and how only Apple to date pulled off a device that came close, I was told off literally and was told to stop listening to these idiot reviewers, my punishment was the Ultrabook.

Re:Won't be surprising to see a spike?

And keep in mind that these security features are built into an OS with NO known self-replicating malware.

Seriously mac fanboys (i'm a mac user but not blinded by idiotic marketing or fanboyism) are now resorting to 'at least it doesn't have self-replicating malware'? What's next? "keep in mind that these security features are built into an OS with NO known malware that steals your Bank of America credentials if your account was created between March 2005 and April 2007."

Re:Won't be surprising to see a spike?

[exomondo]

ONLY OS X remains VIRUS free. "Nearly zero" is NOT ZERO. In its over ten year history, OS X has NEVER had a SELF-REPLICATING piece of malware.

OSX/Inqtana-A is a worm and is self-replicating.

Re:Won't be surprising to see a spike?

[Rainbowdash]

You're speaking out of opinion not out of facts. The reason your Mac "clogged up" after 3months prooves you don't know how to handle a computer, period. Doesn't matter WHAT kind of machine you use, not one machine handled properly will "clog up" and "become sluggish and slow so it's unusable" after 3 months of use - if that happens YOU are doing something wrong, intentionally or unintentionally. I've been using Windows and Mac OS X for the past two years, both machines runs smooth - a bit more issues with the Windows machine than the OS X one, but that's only because I'm more used to OS X and know what I want and can expect from the system. The interface works, you have a "Start/Power Menu" "File, Edit, Show, History etc," a desktop, a launchbar/dock whatever you want to call it, integrated OS searching, everything ordered in a way that my mother can understand it - it's making apple tons and tons of money they have no reason to change it, same as Windows, the UI is the same as it was back in 2k, just a couple of more colors~~ So before acting all godlike and superior perhaps you should consider how YOU use a computer, because the way you sound and if the information you provide is correct you're either a biased asshole or need to rethink your profession.

Re:Won't be surprising to see a spike?

[exomondo]

OSX/Inqtana-A

Re:Won't be surprising to see a spike?

[oztiks]

Rigggggghhhht.... See I look at it differently, having to tweak a system to keep to it running smoothly just shows poor architecture and substantiates IT people to keep their jobs. Cleaning registries and removing old programs isn't the world most complex task.

I also don't see it as coincidence that MacOS or Windows both being commercial products clog up after time and is usually proportial to the amount of shit you install on the system yet the free OS (linux) I download off the web which I've been using for the past 5 years with constant updates on the same hardware hasn't got a problem.

The best way to recondition a box, install Linux, or FreeBSD, easy and proven.

Re:Won't be surprising to see a spike?

[Rainbowdash]

And how is the average consumer going to use the machine then?

You're saying that you're using a linux dist without having to tweak your OS at all? And it's running smoothly for the past 5 years? I would like you to proove to me that it works fine for my mother to use Linux for 5 years. Even Ubuntu is a hassle to install bank IDs or similar on if you don't know what you're doing - aka you need to tweak.

Daily tasks that my mother and the majority of the worlds population uses computers for includes(but not limited to):
Facebook
Online Banking (paying bills and shit you know?)
Facebook
Checking your email
Facebook
Looking up phonenumbers
Facebook
Looking at Google Earth
Oh, and Facebook.

I don't clean my registry regulary nor do I run "cleanmyPCORMACORANYOTHERMACHINE!111.EXE/APP" all the time(read: never) and they don't "clog up" after 3 months of usage.

You're using computers wrong, I don't know how you are able to ruin a machine in 3 months, nor do I care because I don't have to clean up after you, but the fact remains you're using it wrong.

Re:Won't be surprising to see a spike?

[oztiks]

What I ascertain from your post is that you struggle to use an OS of any real capability. Only use the net to browse Facebook and check your bank account, please don't install anything else on your shiny Mac incase shits itself.

What I found from MacOS is iTunes, QuickTime, Safari (oh this pain) run like shit. Screensaver was buggy and caused response issues. My 'use' of the system was nothing more than taking it out of the box and using the above programs. Since it's a Mac most of the popular software out there is unsupported so I was pretty hard pressed to find anything of any use to run on it.

Re:say it ain't so

[jo_ham]

I thought the real world was more than your parents' basement. Perhaps I was mistaken!

You're also a little late. Us "Mactards" joined the supposed real world way back in the pre-OS X days. Malware on the Mac is nothing new. You're many years late to the party, presumably because you were born in the mid 90s. ;)

PPC Support? They're nicer than Apple

[Vokkyt]

FTFA:

Kaspersky Lab’s researchers analyzed the Mac OS X backdoor and concluded that the malicious application is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. However, Kaspersky Lab’s system detects the malicious variant as “Backdoor.OSX.MaControl.b.”

Re:say it ain't so

Um.... yes, some people get on their high horse based on bad/falser/only partially true information, but that only represents a certain % of people - welcome to the real world, dipshit.

Re:Why Macs?

[ad454]

Don't forget about GAY PORN. Gigabytes and gigabytes of the gayest, hairiest, sweatiest, large-cocked ass-pounding with spurts of semen flying everywhere. Black men, white men, ladyboys, furries...yes. Porn SO GAY and lots and lots of it. Like a big pride parade with lots and lots of real gay sex. Freddie Mercury and Rock Hudson would be proud, ahh, the progress of society.
Gay, gay, gay.

Wow Anonymous Coward, you describe the GAY PORN experience with such vivid and enthusiastic detail, that you must have extensive first hand experience.

Thank you for being so brave to come out of the closet and share your experience. I just hope that your boyfriend is okay with all of your PORN viewing.

Secret Linux sleeper agent' views on Mac mentality

[Randy_Leatherbelly]

Sweeping generalizations ahead.. The Emperor's New clothes.. Mac users vs security.. I bought a 2009 Macbook pro last year, not because i'm an Apple lover, I'm really not.. I'm a long-time Linux user, well, since 1997 anyway, who got fed up with plastic laptops and all that kind of thing, so i wanted a metal laptop with back-lit keyboard and so the Macbook pro arrived. its a Linux PC. job done. get on with Linux. I thought I'd have a play with OS X seeing as its still on a partition somewhere, & i had questions,.. try as i might, as a secret Linux user on Mac forums, i was staggered, indeed disgusted at some of the smug attitudes and total denial displayed on some of their forums. and don't get me started on Steve worship. Apple stopped being cool when Woz left. I don't exactly welcome the news of any OS exploits, but Fisher Price, sorry, 'average Mac users' really need to wake up and stop 'the big lie', the cognitive dissonance displayed only seems to reinforce their cult-ish views that the non-Mac proletariat really are 'out to get them' - achieving nothing worthwhile. Cast your mind back a short while, when the fake AV thing hit Macs, did they change ? most did not. the same old lie, Macs don't get infected was peddled again in response. How can a shiny toy get virus ! even forget the pwn2own, average Mac user wont know about this, and so will not accept it as proof. they miss Slashdot, dont know what Linux is, never heard the word, and with little or no knowledge are joining in on the Windows Sucks bandwagon, probably because its fashionable to do do, ironically though many windows users are actually (now) aware how susceptible PC's are to attacks, thereby putting, or rather with Mac users putting *themselves* at a distinct disadvantage from the 3 main OS camps, while (often) effecting an assumed knowledge.. such an obvious disconnect is rare, and i now have little empathy for Mac users. - most win users know they are on a vunerable OS, Mac users generally don't, Linux users are generally busy fixing everyone else's computers. Hmmm.. there's more, but i think everyone's already fell asleep if they're reading.. ./Randy

This is impossible!

Mac OS is immune to viruses! Steve Jobs said so! Its design is so advanced that it can't possibly become infected!

Re:This is impossible!

[Rainbowdash]

But Steve Jobs is dead so the protective bubble around dem apple machines is gone!

Re:Why Macs?

that you apparently think you've just zinged the quoted AC says more about your homophobia than it does about the AC's supposed homosexuality

Re:Why Macs?

[kamapuaa]

Ha HA you got him AC is a total fag.

Re:Why Macs?

Do people use Macs to store anything of real importance on? I mean when i think of servers or services that people might want to use malware to gain access to, Macs aren't really on the list.

It's actually a government operation, terrorists are generally known to be mac users. Remember what happened in the "big apple" in 2001? That's why the Apple logo has a big bite out of it, symbolic of their plot to destroy America....... they've been recruiting terrorists for years. It's pretty obvious, you people are blind.

Re:Why Macs?

My boyfriend is ok with it, bet your hand would be happier if you watched some porn from time to time and maybe go out from your parents basement

Re:Secret Linux sleeper agent' views on Mac mental

[Rainbowdash]

I did fall asleep, thanks man for getting me fired! But your point still stands, one of the reasons I still buy portables from Apple is due to the Aluminium and magsafe, considering making a mint macbook air later on~~but $$ is running tight

Re:say it ain't so

I thought the real world was more than your parents' basement. Perhaps I was mistaken!

oh well crafted...what does that even mean? ~95% of computer users aren't mac users, are you implying that no one but mac users venture from their parents' basements?

You're also a little late. Us "Mactards" joined the supposed real world way back in the pre-OS X days. Malware on the Mac is nothing new. You're many years late to the party

Funny that you purport to be knowledgeable yet fail to realize it's only in recent times that Apple has begun toning down and even yanking its erroneous virus/trojan/malware free claims from its website. I suppose you 'joined the real world' but Apple didn't?
Couple that with the contradictory claims of 'Macs can run Windows' but 'Macs can't get PC viruses' and Apple is looking pretty disingenuous and misleading.

Re:say it ain't so

[jo_ham]

How brave of you to log in and stand behind your arguments! Oh wait, the other thing.

You're in no position to be critiquing anyone, kid. Learn to log in first, then we'll talk.