Posted on 05/19/2011 5:37:00 AM PDT by johncatl
Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as “crying wolf.” The view from inside an Apple call center says it’s for real:
I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.
I contacted this person and arranged an interview. I’ve edited our conversation to remove any details that might identify this individual or the call center location, but otherwise this is a verbatim transcript.
Update In the Talkback comments, some people express skepticism about these conclusions. Be sure to read my follow-up: Crying wolf? Apple support forums confirm malware explosion. It includes direct quotes from Apple customers caught up by this attack.
(Excerpt) Read more at zdnet.com ...
ZD net is full of Microsoft loving loonies.
ZDnet is full of Microsoft loving loonies.
ZDnet is full of Microsoft loving loonies.
I’m shocked - shocked I tell you!
Boring. Second time this was posted; dangerous only if you are dumb enough to download and install it without checking it out first. Some PC people are so desperate for Mac users to start sharing their misery that they latch on to stories like this as if they were gospel.
AC: Yes.
EB: if they stop before that, nothing bad happens?
AC: Yes, the file will download but for it to install it requres the password. it tries to trick you into giving it by saying its required to remove the infections.
EB: Ah yes, social engineering.
AC: Indeed, looks rather real, if you ignore the fact it pops up in your browser… but for most of us that know computers that’s a giveaway there.
It's the same old "land shark... er candygram" method of attack. Once you give the admin password to install software... it is game over; sort of like inviting a stranger into your house.
Mac doesn't rely on "security through obscurity", and that principle (flawed as it is) doesn't apply in this case.
The malware in question is simply a slick trojan that poses as a piece of legitimate software to those foolish enough to grant admin privileges to a program that downloads from the internet. It's a social engineering attack, and as such, defense is independent of operating system.
Why do you keep referring to MAC (Media Access Control)?
This particular piece of malware is written for OS X (which is probably a more precise term to use than Mac; and note that it's Mac, not MAC), but it does not exploit a weakness in OS X -- rather, it tricks the user into installing it. That's not an operating system attack, and no OS in the world is safe if a user with admin privileges intentionally installs malware, even if that user isn't aware that it is malware.
The same technique would work on Windows, Linux, Solaris, OS/2, NeXT, or any other platform you can name. The security level of the OS is irrelevant if the user allows the malware to bypass the OS security.
Like I said...enjoy the ride...no operating system is without security holes....only fools and Mac (better?) owners would believe otherwise.
Yeah! Attack the messenger and forget about using your brain!
Yeah! Attack the messenger and forget about using your brain!
Triple post from a Mac, I presume?
;-)
And yet this article has nothing to do with OS security holes.
“enjoy the popularity of MACs....the ride is just beginning.”
Well, this part I agree with. Mac sales are far outpacing the general PC market. I certainly do look forward to more native Mac software. :-)
Apple stock has a long upward ride ahead of it as well. Amazing how the Apple market cap has so completely eclipsed that of Microsoft these days...
Anyone capable of making stupid snarky remarks ought to know that, rwe1776.
Trojans aren't viruses. Geez, some people...
Besides, this news was already posted and discussed in detail: http://www.freerepublic.com/focus/f-news/2721644/posts
I didn't see the first post but it looks like there are plenty of "dumb" Mac users just like the "dumb" PC Users. Social Engineering works no matter what the platform.
Ed has posted three stories on this, and between the Forums and the other information, this is real enough for those affected.
Posting this doesn't mean that I am anti-Mac. You do what you want and think what you will.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.