Slashdot Mirror
New OS X Trojan Adware Injects Ads Into Chrome, Firefox, Safari
An anonymous reader writes "A new trojan specifically for Macs has been discovered that installs an adware plugin. The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple's desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them. The threat, detected as "Trojan.Yontoo.1" by Russian security firm Doctor Web, is part of a wider scheme of adware for OS X that has "been increasing in number since the beginning of 2013," according to the company."
Can someone explain to me why advertisers would want to pay for bogus clicks? How does this money get laundered to hide the trojan creator and also defraud the advertiser?
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
As everyone on Slashdot knows, Apple users exist only to spend money. They have no other useful information (who cares about email contacts these days). Just get them to click on the ads and you're golden.
Profit!
Faster! Faster! Faster would be better!
>hopes that users will generate money for its creators by viewing (and maybe even clicking) them
Nothing makes me want to support a company more than when in injects advertising onto my computer.
This has to be a lie, because everybody knows there is no such thing as viruses, worms or ad-ware on OS-X operating systems. They're so advanced, that these things are impossible.
Basically, this requires you to download and execute an installer, then click through it (including entering the administrator password). At that point, you could have installed something far worse then adware.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Yontoo has been around already, and not just @ Macs. I recently removed it from a Windows 7 PC. The uninstaller does not uninstall (shock!) ... one needs to remove registry keys to prevent this thing from sticking itself into Chrome, IE, etc. Spybot will find it well before Norton and others.
In this corner, wearing the green trunks, the Apple FanBoys. In the opposing corner, wearing the blue trunks, the Windows FanBoys. Standing outside the ring, holding the steel folding chair and molotov cocktail, the Linux FanBoys. LET THE GAMES BEGIN!
sudo make me a sandwich
Hmmm, so the only useful thing from this /. post: I like the adorable, red robot with the shiny key!
The G
THIS!
The user is a flaw every OS has.
Yontoo Layers is a "legitimate" advertising program that just barely complies with US laws. I find it on at least 1 in 3 customer computers at my shop. It has a legit uninstaller and asks for permission to install by piggybacking on freeware and installer framers like download.com's new atrocity. So to call it a trojan is just asking for another Symantec style lawsuit for defamation, etc. You have to call it "possibly unpopular software" now. And if this is coincidentally another Yontoo unrelated to the actual company, that's a whole new depth of deep shit they're in for naming it that. That'd be right up there with naming it Pepsi.
At that point, you could have installed something far worse then adware
Like RealPlayer
Seems to be done in a simpler way without depending on Java. But the report at Dr webs does not say much?
Prof(Miss) A Mani CU, ASL, AMS, ISRS, CLC, CMS, IEEE HomePage: http://www.logicamani.in Blog: http://logicamani.blogs
Only now, it's "Blame the user" instead of the way it used to be - "Blame that Buggy OS" ..
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
Exactly. It doesn't really target OS X, it targets complete morons.
You and the summary left out the best part: the installer's name is "Free Twit Tube." Almost as bad as a girl on a dating site agreeing to go out with someone with the username "DonkeyPunchLover."
Not at all.
Blame the buggy OS is when you get a nice drive by install or virus. Adware that requires a user to install is always the users fault.
Can Someone explain to me why Yontoo is detected on the Mac Platform but on Windows it's totally ok.
While we're at it, why are any of these still not detected by any malware scanner. Even as a Potentially Unwanted Program? I'm sure just about anything listed here does a lot more malicious stuff than anything spyware like Gator ever did.
Anything from Conduitt
Anything from Mindspark Interactive
myfuncards
arcadecandy
arcadeweb
funweb
freeze.com
pricegong
getsavin
coupon wonderland
fantistigames
big fish games
quiklinkx
defaulttab
mywebsearch
we care ASCPA Reminder (my personal favorite. When you uninstall it, it basically accuses you of wanting to kill puppies.)
shop to win
inbox toolbar
anything from Crawler
24x7 help
blekko
dealply
ETC
Most of the above either popup ads, install, or trick users into installing more junk like registry scanners, fake flash players and the like. Yet almost no scanner I've found short of JRT or ADWcleaner gets rid of these things.
It's about time these AV companies wake the heck up and realize that Spyware is back disguising itself as adware and is more prevalent than ever,
In Soviet Russia, Trojan exploits YOU!
Scrolling Trolling is about as much fun as Strolling Bowling. I can't believe the Slashdot devs can't fix this.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
By offering to pay you. Was it AllAdvantage? AdAdvantage? I can't recall. I got like one check from them.
Was nice.
Exactly, and everyone knows Apple product users are known for their savvy!
When you have a website and get Google's advertising, they'll pay you when someone clicks on the ads being shown on your site - when I did it, they wouldn't send you a check until your Google ad acount hit $100; which is A LOT of clicks - tens of thousands. That's right, if you never hit $100, Google keeps the money - they kept about $20+ from me.
So, if you have something or someone that can click the ads, you could rake it in at the advertisers' expense. It's against their policy and if they found out, they'd just shut your account down, but it happens and I don't think that they can check.
Exactly. And given past trends, it's entirely likely that there will be a malware definition update pushed out to all Macs running the last few iterations of OS X within the next 24-48 hours, rendering this threat moot.
Moreover, even in the case of idiotic users, the default behavior on all new Macs is to not allow installs from unregistered developers. I.e. This malware will only work against folks who ignore all warnings and are using something other than the latest release, which had an extremely fast adoption rate, or for users who have explicitly chosen to override the default behavior, in which case they'll still need to ignore all of the warnings.
Steve Jobs told me the Mac was secure by design, and immune to attacks. I'm going to stick my fingers in my ears and sing "LA LA LA." This is obviously propaganda spread by Windows users.
Utterly pointless.
This guy isn't even pissing anybody off for entertainment value.
Doesn't compute.
Inb4 cries of "but apple always said they were virus free!" NB this is a Trojan which the user installs himself. These have always been an issue with macs, although not very prevalent. Now OSx has built in blacklisting which is pushed out to all computers every update. I'm sure this will be blocked in the near future if not blocked already. Not too shabby, eh?
Unlike in Windows, where you simply have to view an advert in Internet Explorer and your system is infected...
But Windows is protected. I smell a conspiracy.
shred -fuz /*
An enigma, wrapped in a riddle, shrouded in bacon and cheese
No it's not always the user's fault. Try doing this on an un-jailbroken iOS device.
tl;dr
Then you tell the user to do a jailbreak. Sure it might not always work, but conning users is conning users.
I would rather take the risk, than have my ability to own my computers stolen from me.
You mean just like that other thing that happened to mac users last year?
He's trying to do a parody of Time Cube. www.timecube.com It's a relatively good impression in places, but it'd be better in a more appropriate article.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
At that point, you could have installed something far worse then adware
Like RealPlayer
Or QuickTime. Wait.... OH GOD IT'S A MAC IT ALREADY HAS QUICKTIME.
And then, after downloading, and authenticating the install, OS-X also reminds you that it is from the Internet and you might want to pause and consider before actually launching the program.
It really does target people who *want* to run it.
Then it wouldn't be called a trojan but a worm...
Macos, like windoze, is a juicy target because it has a lot of users and many of those are completely clueless.
QuickTime on Mac is pretty useful. It's shit on WIndows. On the Mac, QuickTime can be used for screen recording and is generally pretty fast. Never knew how useful a screen recorder was until my friend needed to record a training session. Windows version is like me trying to run a marathon in a business suit, isn't very functional and pretty slow.
Yeah well, rm -rf is so 01d 5k001. You can do much better on bleeding edge Linux distros with: cat /dev/zero /tmp/crashme
Excuse me, but please get off my Pennisetum Clandestinum, eh!
shred -fuz /*
If you're not logged in as root (and many linuxes strongly discourage it), you'd need a sudo in front of that. Anyway, /*
sudo srm -rz
would work better, as it will wipe many jounaled file systems. Both would leave fragments around on NFS volumes, however.
While you're at it, don't forget to leave the shred or srm command until last, after you've cleaned "empty" space and the swap file. To clean empty space, first fill it with: /dev/swap_partition /dev/swap_partition
sudo scrub -X -s 1G /
Some versions of scrub will also remove the files securely after making them, but others don't. So it's best to securely delete them in a separate step. The swap partition should be wiped with:
sudo swapoff -a
sudo umount -f
sudo sswap -z
Then you can issue the shred or srm command, leaving you a nice clean unbootable system.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Unlike in Windows, where you simply have to view an advert in Internet Explorer and your system is infected...
IE itself is exploited no more than 10% of the time to infect a Windows computer. Windows gets drive-by infections these days from exploits in Java, Acrobat, and Flash, which are not unique to Windows. There's no reason for attackers to focus on a single browser any more when they can instead target a plugin like Java that works across all browsers.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
...they get CANCER.
Lies.. All Lies.. Mac's can't be infected.
Only the approach is different. There's nothing preventing you from convincing users to install a web browser that provides some customization features and displays extra ads in exchange. And if you can convince them to install it and use it, you now have adware that isn't really substantially different from adware that installs itself as a Safari browser extension on the desktop.
So yes, adware that requires a user to explicitly install it is always the user's fault. You can certainly try to make it harder for the user to make changes that they can't undo, as iOS does (and, to some degree, OS X does), but ultimately if a user is so naïve that he or she is incapable of recognizing scams, that user will eventually get conned, and there's really not much you can do about it besides finding and arresting the people who do the conning and punishing them harshly so that they will serve as an example to others.
Check out my sci-fi/humor trilogy at PatriotsBooks.
That's brilliant, naming a virus after a brand to keep people from talking negatively about it.
There's no reason for attackers to focus on a single browser any more when they can instead target a plugin like Java that works across all browsers.
Java... Write once, Infect everywhere!
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Wasn't it a while back where it was a feature of said platform that simply opening a PDF would jb said devices?
It just works!
... aaaaand this is why I continue to visit Slashdot! Great post, man. Just spiffy. /nosarc
An enigma, wrapped in a riddle, shrouded in bacon and cheese
they create the virus and then "discover it". fuck russia and fuck russians.
Well not quite. This is where the curated app store of iOS comes in. The user can only install apps from a store that requires the apps to be prevetted. And the store will remove any malware that manages to sneak past the vetting process, as soon as it becomes known.
This is removing user stupidity as a vector for trojans.
Then you tell the user to do a jailbreak.
Get real.
There's nothing preventing you from convincing users to install a web browser that provides some customization features and displays extra ads in exchange.
Unless the app is up front about this in it's description, then the app will be rejected. If it *is* upfront, and the user chooses to install it anyway, then it's not a problem. The user decided the tradeoff was worth it for the features they are getting.
Jeez, you just reminded me of one of the things that pushed me to switch to OSX. The Realplayer menace - shudder.
Yeah but you look so damn sharp.
Yes.
This isn't "malware;" it's "stupidware."
hawk
I'd say typically Windows users who don't use IE are savvy enough to have things like adblock, no script, have disabled java in their browser etc. It is the users who "stick with the defaults" who are more likely to be infected. Chances are they won't even have any malware protection installed either. This could maybe be your "mom and pop" crew, or the people who simply believe IE is secure thanks to Microsoft's adverts and removing browser choice (http://www.bbc.co.uk/news/technology-21684329). Not saying others don't get infected, just they are typically more knowledgeable. Thankfully, it seems most people are realising using a Windows OS means making a lot of changes to browsing habits, as Chrome now seems to have a large portion of the browser market share (http://en.wikipedia.org/wiki/Usage_share_of_web_browsers).
Maybe they are complaining that MacOS runs any software you like, unlike iOS where everything is curated by Apple. This "criticism" (I view it as a complement) is often levelled at Android, for example.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
i was gonna ask why the adware doesn't inject advertisments into internet explorer, then i remembered most everyone doesn't use IE 5.2.3 on Mac OS X Snow Leopard 10.6. lol. But on a serious note; i didn't know that Apple operating systems encounter adware and malware. i only thought Windows computer catch adware. learned something new today.
You also forgot - bypass gatekeeper or click through the "are you sure, this is unsigned code?" warning.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Try doing this with gatekeeper enabled. If it works at all, it will be for a limited time only until apple revoke the cert, and go after the developer who the cert was issued to.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Most of the network engineers, storage engineers I know run Mac Laptops. Linus himself owns apple machines. Try again.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You mean like the huge number of users still running Firefox 3.5, despite there being many security updates it doesn't have?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Anyone else think that sounds like Ron Paul?
How can you use sudo without the account password? Also, what if sudo is not installed?
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
ibid.
Linus himself owns apple machines.
...and he runs Linux on them, your point is?
Obvious answer is a good configure script :)
Things like this have happened and users have done it.
They get an email telling them about free applications if they visit this website with their iphone. This was back when a webpage could do a jailbreak.
This is removing the ability to use your own devices as you see fit.
They don't only remove malware, they also remove useful tools. This is why iOS has no good wifi scanning tools for example.
Well that's the other side of the trade off. And one that lots of people are happy to make. Being safe from malware being more important to them than wardriving tools, and the other things that aren't on the store.
But for sure iOS, and the games consoles, and every other platform that don't allow the user to download from random sites are exceptions that prove "The user is a flaw every OS has" to be wrong.
This was back when a webpage could do a jailbreak.
Oh, sure. Back then it was possible. It's certainly possible to trick a proportion of people to click on a link, and if that does a jailbreak then it's done.
Mind you, to actually be worth the criminal's effort, they'd then have to get the user to also install the app. And it's going to be hard when the last link you gave them took them through a worrisome jailbreak procedure.
However, even that faint possibility is in the past. Drive-by jailbreaking has been dead since July 2011.
What you call war driving tools I call site survey tools I use for my job.
Append on a computer the user is allowed to own and the statement is true again.
Until another such flaw is found.
Nothing is perfect, this sort of DRM being the least likely to be perfect. You are trying to secure a device against its owner.
Until another such flaw is found.
Maybe, but that would be a flaw in the OS. Again, the system removes the user as being the flaw that allows trojans to be installed.
You are trying to secure a device against its owner.
No, we are talking about security against malware here. Contrary to your claim, the user is not a flaw in this regard with iOS and the games consoles.
You might want to think so, but it is a flaw with both of those devices.
If the user wants to install malware that is no different than any other application. The user having control is more important that protecting the system from him.
The user having control is more important that protecting the system from him.
(Using your definition of control)
It might be to you. For plenty of people, having no worries about software that's downloaded, and having a one stop shop to get apps are both advantages. For them there aren't any downsides.
There will be when they find out something they wanted is not in the app store. Let someone else pick what you can do and you will soon find they don't like the same things you do.
There will be when they find out something they wanted is not in the app store.
If.
As I pointed out before, this isn't something unique to Apple, console manufacturers have had the same power of selection for decades. And funnily enough, people don't have a problem, because they don't come across types of games that they want, but aren't allowed. But they do get the advantage that selection keeps most of the shit out.
Pretty much the only people that are complaining about Apple's curated store are Android users who don't even have an iOS device. And they face the uncomfortable truth that there is mountains of shit in the various Android stores.
When not if. A recent case was some games were removed, before that is was tethering applications, and before that other bullshit.
In consoles what happens is a person buys all the consoles to get the games that are exclusive to each.
I will not respond to you last statement since it is a lie. Those stores are just as curated.
I will not respond to you last statement since it is a lie. Those stores are just as curated.
If they're just as curated, how come there's so much Android malware?
Find me some in the google play store. I will wait.
Actual Malware is generally found in pirated apps.
Also there is not much of it, I have never seen it live.
Stop trolling, and educate yourself. Either way user control is more important than safety.
Find me some in the google play store.
It doesn't seem hard to find.
http://arstechnica.com/security/2012/07/more-malware-found-hosted-in-google-android-market/
http://wmpoweruser.com/trend-micro-one-in-ten-google-play-store-apps-is-malware/
http://thenextweb.com/insider/2013/02/03/android-malware-emerges-on-google-play-which-installs-a-trojan-on-your-pc-uses-your-microphone-to-record-you/
Oh, and of course not all app types are available from Google Play Store are they? Where are the ad-blockers for example?
Stop trolling, and educate yourself.
It's you that headed down this path. I merely pointed out that your comment about the user always being the flaw which would always let malware in did not apply to iOS or consoles. Rather than just accept that iOS has that advantage, you wandered off into ever more unrealistic scenarios of how iOS could get malware. And then, when Android's malware problem is pointed out you flip the opposite way, and try to minimise that.
Accept that both platforms have pros and cons. And that people quite rationally make different decisions. Your opinion is just opinion, it's not generic wisdom.
Removing the user flaw, has costs that are not acceptable.
No, this is a truth. I say that because one day you will find it out yourself. Once you trade freedom for security you will have and get neither.
Sorry, but I won't be drinking the OSS Koolaid. It looks every bit as stupid as the Moonies or the Scientologists to me.
Choosing to buy a product of any description is not trading freedom for anything. It's exercising freedom. That's where your religion goes wrong.
Practicality is not a religion.
Nor do I have any interest in OSS. Free software, yes.
This is not about that though, this is about having a useful device.