Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Mac malware scam grows legs MacGuard needs no password
Silicon Republic ^ | 27 May 2011 | John Kennedy

Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton

The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. It’s a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.

The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.

Since then a number of variants – MacGuard, MacSecurity and MacProtector - have arrived.

According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.

New variant requires no passwords

Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.

The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.

If Safari's "Open ‘safe’ files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.

If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.

“Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed,” Intego said in a warning note.

“This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.”

The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6’s Anti-Spyware feature detects this operation:

“Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.”


TOPICS: Crime/Corruption; Miscellaneous; News/Current Events; Technical
KEYWORDS: apple; garbage; osx; virus
Navigation: use the links below to view more comments.
first 1-5051-100101-130 next last
ruh roh shaggy Apple has a virus that will install without an admin password!

But I thought they promised this was only possible on windows, so I bought a mac to be "secure".

And to think people paid a premium for this.

1 posted on 05/27/2011 7:14:13 AM PDT by for-q-clinton
[ Post Reply | Private Reply | View Replies]

To: Swordmaker; ShadowAce

A better article on the latest mac virus.


2 posted on 05/27/2011 7:15:05 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: driftdiver

Another thread on the latest Mac Virus/malware. I wonder how they are going to spin this one?


3 posted on 05/27/2011 7:18:12 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 2 | View Replies]

To: for-q-clinton

I’m the farthest thing from a Mac fanboi, but I think this isn’t indicative of anything other than a shift in the social computing sphere. Apple has an increasing market share, and haxX0rs are going to tailor exploits more for those machines.

Also count on M$ coming out in the coming months to say something along the lines of, “See, Win 7 IS more secure,” when in reality it’s just that more people are wise to schemes on Win machines. Mac users have heretofore thought they were immune or less likely to have problems, but with this new batch of malware, they’re going to have to wise up like the Windoze users have over the last 15 years.

For the record, I’m a Linux fanboi.


4 posted on 05/27/2011 7:18:22 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
and you sense an age of innocence has ended

By that, he means: an age of willful and smug naivete.

5 posted on 05/27/2011 7:18:46 AM PDT by r9etb
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
I'm somebody now.

Image Hosted by ImageShack.us
6 posted on 05/27/2011 7:19:10 AM PDT by cripplecreek (Remember the River Raisin! (look it up))
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
The lack of concern/planning rivals all Windows bitching imo. Cost to product ratio is a waste towards Mac for most users.
7 posted on 05/27/2011 7:20:05 AM PDT by allmost
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

Completely agree. I’ve been saying it for years, but the macbots told me...no never. Besides any virus will need to be installed with the admin password.

Clearly that it no longer the case.


8 posted on 05/27/2011 7:20:20 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: r9etb

I know...this *should* shut up the annoying macbots. But I’m sure the most annoying will spin this away as if it is a non-issue. But all those issues where a windows user ran porn.exe for free porn and got a virus...well those are legit dings against windows.


9 posted on 05/27/2011 7:22:38 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 5 | View Replies]

To: for-q-clinton

Even with this virus, MACs are million times better than those cheap HPs.


10 posted on 05/27/2011 7:23:35 AM PDT by napscoordinator
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

It seems like most of the big tech blogs are ignoring this bit of news.

Apparently Apple hasn’t supplied them with sufficient talking points to pass on to the fan base to try to talk this one under the rug.


11 posted on 05/27/2011 7:23:44 AM PDT by VanDeKoik (1 million in stimulus dollars paid for this tagline!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: allmost

Now that OSX won’t be ablet o claim virus/malware free and users don’t need to worry about it...how will they market their product to security concerned users?

“Switch to OSX soon before it gets too popular and then our security will be no better than windows. The sooner you switch the longer you’ll enjoy limited security by hiding out with the minority.”


12 posted on 05/27/2011 7:24:55 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 7 | View Replies]

To: VanDeKoik

I’ve noticed that. The Apple threads are always silent until their leaders tell them what to think. Happens every time OSX is the first machine cracked at the Pwn2Own contest. A couple days or weeks pass and then they get their marching orders and finally those threads start getting replies. But even then they are pretty dead because most users are left scratching their heads and saying WTF! it was still the first one hacked 3 years in a row!

Last years excuse was the guy that hacked it was a genius NASA dude. The rest of the world isn’t as smart as him, so users have nothing to worry about.


13 posted on 05/27/2011 7:27:28 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 11 | View Replies]

To: napscoordinator

Right, compare a $1800 laptop to a $500 laptop. That’s a good comparison.


14 posted on 05/27/2011 7:28:31 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 10 | View Replies]

To: for-q-clinton

I have to be very amused when viruses and malware on Macs are described as something new.

The fact is that in the old days, there were more viruses on Macs then on PCs. This was before the World Wide Web was invented, and e-mail attachments were virtually unknown. The viruses spread by floppy diskette exchanges, BBSes, and college networks.

There were at least half a dozen useful Mac anti-virus software packages, (Virex, Interferon being two of the biggies). We admins received our Virex upgrades via snail-mail (how’s that for quaint?)

WDEF, Word Macro viruses (an equal opportunity employer), nVir, all had their day.

So, the real long term Mac fanboys (and I still like Macs just fine) know that viruses can hit a Mac.

NOW, I would say that the difference between Windows and Macs/Linux/Unix/Solaris etc. is not so much in file structures or user permissions.

It is ActiveX. Microsoft wants the computers to do a LOT more automatically without a lot user interaction. The same tool that makes this happen in IE greatly increases the ease and variety of attacks that can be made on it.


15 posted on 05/27/2011 7:28:31 AM PDT by Dr. Sivana (There is no salvation in politics.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

1800? it cost more than that. These computers are perfect. You don’t get them for free.


16 posted on 05/27/2011 7:31:01 AM PDT by napscoordinator
[ Post Reply | Private Reply | To 14 | View Replies]

To: for-q-clinton

My favorite excuse was that they hacked the Mac first because you win the machine you break, so they naturally went for the one that they really wanted the most.


17 posted on 05/27/2011 7:31:05 AM PDT by VanDeKoik (1 million in stimulus dollars paid for this tagline!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Dr. Sivana

Yep...prior to OS X macs were a mess. Crashing all the time, virus prone, and just garbage. Macbots think time began with OS X...the earlier OS’s don’t count. But they love to ding Windows XP, 2000, 9x, etc. But that’s like comparing OS 9 to XP, but instead they stack the latest and greatest OS X against XP. They need to compare windows 7 to OS X. And the past 3 years OS X was the first machine hacked in the pwn2Own contest.


18 posted on 05/27/2011 7:31:38 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 15 | View Replies]

To: VanDeKoik

That was some funny stuff. Sad thing is many macbots believed it!


19 posted on 05/27/2011 7:32:38 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 17 | View Replies]

To: for-q-clinton

They will lie. They are Apple. Al Gore sits on their board. They will charge everyone for an ‘upgrade’ when the freeware community they are stealing from fixes this issue.


20 posted on 05/27/2011 7:41:18 AM PDT by allmost
[ Post Reply | Private Reply | To 12 | View Replies]

To: for-q-clinton

Does Intego recommend you download their software to take care of this? Or are they just doing this as a service?


21 posted on 05/27/2011 7:42:16 AM PDT by LearnsFromMistakes (How many failed apocalypse predictions is Harold Camping away from getting his Nobel Prize?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LearnsFromMistakes

Are you still claiming this is a scam by the AV makers?

Try to do a little research first: http://www.bing.com/search?q=mac+guard+virus&go=&form=QBLH&qs=HS&sk=&pq=mac+g&sp=1&sc=8-5


22 posted on 05/27/2011 7:43:12 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 21 | View Replies]

To: LearnsFromMistakes

maybe you’ll listen to Apple:

http://support.apple.com/kb/HT4650

Looks like they will take a couple/few days to fix it. OMG! why so long?


23 posted on 05/27/2011 7:47:11 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 21 | View Replies]

To: for-q-clinton; Swordmaker
> Apple has a virus

No, it's not a virus, it's another social engineering trojan. A nasty one, yes. But not a virus -- it does not spread on its own. User action is still required.

I -do- wish you would learn something about this topic before so gleefully posting misinformation.

Do you work for an anti-virus software vendor? You use all their bogus scare tactics. Just askin'...

BTW, this is about the tenth thread on this topic, and yours has nothing new (the bit about not requiring a password has been out for days). Do you really think there's even one person out there, living under a rock, that hasn't heard about it yet?

You might also take a moment to point out that Apple is responding to this malware with a free security update, I think within the next few days. There are numerous threads on that already, you can look it up.

You and your cohort can resume your little juvenile "We Hate Apple, Aren't We Cool" party now.

24 posted on 05/27/2011 7:47:45 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Is this Mac malware or McMaleware?


25 posted on 05/27/2011 7:48:27 AM PDT by Jack Hydrazine (It's the end of the world as we know it and I feel fine!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

you mean this article: http://support.apple.com/kb/HT4650

I just posted in the other thread on this. And why does it take apple so long to get a virus patch out?

I guess they are wanting to push 3rd party AV...as the 3rd party OSX AV products already fix it.

Anyway...no password needed and you get a virus. Hey weren’t you one of the people who claimed you could not install a virus/malware/trojan/zipidy doo dah...whatever you want to call it without a password? If so, you were wrong.


26 posted on 05/27/2011 7:50:13 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 24 | View Replies]

To: napscoordinator

>Even with this virus, MACs are million times better than those cheap HPs.<

True.

But stop blowing smoke up my ass that Macs NEVER GET INFECTED and that “Oh, it’s impossible to crack Macs...they’re soooooooo PERFECT”. (Gag)


27 posted on 05/27/2011 7:54:04 AM PDT by max americana (.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: max americana

The truth is always nice.


28 posted on 05/27/2011 7:57:35 AM PDT by allmost
[ Post Reply | Private Reply | To 27 | View Replies]

To: for-q-clinton
> Looks like they will take a couple/few days to fix it. OMG! why so long?

Do you know ANYTHING about software development and production releases when there's a customer base of tens of millions?

Didn't think so.

Microsoft has the same difficult problem, and they routinely take weeks to produce patches; occasionally they get it down to a couple days in a major emergency. It's the nature of the beast.

29 posted on 05/27/2011 7:59:18 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: dayglored

I’m talking about the AV scanner and fixing of a machine that was attacked. Not patching the HUGE hole that allows this to happen.

Do you not know in the A/V world virus signature updates need to go out immediately for a new threat? Oh wait, I guess you don’t you use Macs and you thought you didn’t have to worry about such things.


30 posted on 05/27/2011 8:05:55 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 29 | View Replies]

To: for-q-clinton
Yes, the ability of this malware to install without requiring a password is a new thing, and a significant problem.

> "You were wrong."

No, I was not wrong -- at that time there were no such things. Now there is one, and I'm not claiming that any more. Do you know how to tell time? You know, like when "A" happens before "B"?

I have work to do, see ya later. Have your fun, I hope it pleases you and your buddies to dance around sounding like fools.

31 posted on 05/27/2011 8:06:09 AM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: for-q-clinton

Macs are vulnerable because of growing market share over PC’s. I bought a Mac last December (Christmas gift to myself). Recent figure I heard was that 15 percent of computer users use a Mac. And it’s not just Mac they’re after, these people are gunning for smartphones too.


32 posted on 05/27/2011 8:09:15 AM PDT by BigSkyFreeper (You have entered an invalid birthday)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Yep you were wrong because I have always said once OSX gets a big enough install base they will be attacked and get a virus and be subjected to more types of attacks. Their security model will break...just as it has for the past 4 years in the pwn2own competition...which was a known issue when you made the claims. So the attack did exist you just chose to ignore it and say it hasn’t happened in the wild yet.


33 posted on 05/27/2011 8:09:40 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 31 | View Replies]

To: for-q-clinton

A few days is quicker than a few months, which is usually the turnaround time for MS to issue a patch.


34 posted on 05/27/2011 8:11:54 AM PDT by BigSkyFreeper (You have entered an invalid birthday)
[ Post Reply | Private Reply | To 23 | View Replies]

To: BigSkyFreeper

Exactly right. I’ve been saying it for years...the bigger the market share they get the more viruses they will get. But the macbots said that’s not true and they were rock solid. Even though 4 years in a row they lost the pwn2own competition where they were the first one hacked.


35 posted on 05/27/2011 8:12:05 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 32 | View Replies]

To: napscoordinator
“Even with this virus, MACs are million times better than those cheap HPs.”

Real men don't use MAC’s. Only leftist, Che t-shirt wearing, Obama supporting Marxists use MAC’s.

Real men love the sting of battle. Real men love the smell of the napalm of anti virus warfare. Real men know how to use AVG, AdAware, Spybot, and other manly pieces of home computer defense.
Sissies take the easy road and buy a MAC.

36 posted on 05/27/2011 8:12:27 AM PDT by HereInTheHeartland (2008 was about words; 2012 will be about numbers)
[ Post Reply | Private Reply | To 10 | View Replies]

To: rarestia

Microsoft can say whatever it wants about how secure their product is and how great Windows 7 is. Fact of the matter is Windows 7 is nothing more than Windows Vista Service Pack 4.


37 posted on 05/27/2011 8:15:51 AM PDT by BigSkyFreeper (You have entered an invalid birthday)
[ Post Reply | Private Reply | To 4 | View Replies]

To: HereInTheHeartland
Your sarcasm was well executed, Gorelicker.
38 posted on 05/27/2011 8:30:09 AM PDT by allmost
[ Post Reply | Private Reply | To 36 | View Replies]

To: for-q-clinton

Apple users and Apple have talked about the malware attack. I am not doubting that, I reminded my wife/kids to never install anything on the mac - except very intentionally.

And now Apple is gonna come out with a fix to help with a malware attack - that is way cool.


39 posted on 05/27/2011 8:31:43 AM PDT by LearnsFromMistakes (How many failed apocalypse predictions is Harold Camping away from getting his Nobel Prize?)
[ Post Reply | Private Reply | To 23 | View Replies]

To: dayglored; max americana

I don’t live under a rock, but I *DO* work for a living, and hadn’t heard about this development.

Fortunately, this was (evidently by your comment) posted more than once, giving folks like myself who do things other than obsess over Macs an opportunity to learn of this new problem.

I don’t hate Macs, but I sure find the snobbery and arrognace inherent in Mac fans quite distasteful and off-putting. I’ll bet Obama (ptui) is a Mac fan: It would suit his self-image.


40 posted on 05/27/2011 8:32:17 AM PDT by Don W (You can forget what you do for a living when your knees are in the breeze.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Don W

>>>I don’t hate Macs, but I sure find the snobbery and arrognace inherent in Mac fans quite distasteful and off-putting. I’ll bet Obama (ptui) is a Mac fan: It would suit his self-image.

Equally off-poutting is the unbridled arrogance of Windows users who go out of their way to demean people who don’t drink Bill Gates’ kool-aid. And the wazoo apertures who paint Mac users as good time plastic banana dope smoking maggot infested liberals. It’s bigotry. Stereotyping. And it’s wrong. People here should be above that... but they’re not.


41 posted on 05/27/2011 8:40:48 AM PDT by Keith in Iowa (FR Class of 1998 | TV News is an oxymoron. | MSNBC = Moonbats Spouting Nothing But Crap.)
[ Post Reply | Private Reply | To 40 | View Replies]

To: allmost

Gorelicker?


42 posted on 05/27/2011 8:42:10 AM PDT by HereInTheHeartland (2008 was about words; 2012 will be about numbers)
[ Post Reply | Private Reply | To 38 | View Replies]

To: HereInTheHeartland
Nickname for walled-out from reality macheads. Seemed to fit. My praise of your sarcasm was sincere though.
43 posted on 05/27/2011 8:45:04 AM PDT by allmost
[ Post Reply | Private Reply | To 42 | View Replies]

To: Keith in Iowa

Oooo, meow!

You are aware that Rush is a Mac user too, right? I was referring to the members of the “Church of Jobs”, not the average user who just wants a simple intuitive machine. That you took it personally and threw ad hominem in for good measure speaks volumes.

This is as silly as the Ford vs Chevy vs Dodge wars.


44 posted on 05/27/2011 8:48:58 AM PDT by Don W (You can forget what you do for a living when your knees are in the breeze.)
[ Post Reply | Private Reply | To 41 | View Replies]

To: allmost
Gothcha.

I'm not a Machead however! Or a Mac owner.

I do like to consume apples however, the Braeburn type from the grocery store and not the computer type!

45 posted on 05/27/2011 8:49:43 AM PDT by HereInTheHeartland (2008 was about words; 2012 will be about numbers)
[ Post Reply | Private Reply | To 43 | View Replies]

To: HereInTheHeartland

Yous a funny one eh? :)


46 posted on 05/27/2011 8:54:58 AM PDT by allmost
[ Post Reply | Private Reply | To 45 | View Replies]

To: Don W

And I was referring to the members of the Church of Gates... you took offense anyway. And took it personally. And that too speaks volumes.


47 posted on 05/27/2011 8:55:24 AM PDT by Keith in Iowa (FR Class of 1998 | TV News is an oxymoron. | MSNBC = Moonbats Spouting Nothing But Crap.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: HereInTheHeartland

Linux or Windows? ...You act like an Apple...


48 posted on 05/27/2011 8:56:58 AM PDT by allmost
[ Post Reply | Private Reply | To 45 | View Replies]

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx


49 posted on 05/27/2011 8:57:11 AM PDT by Keith in Iowa (FR Class of 1998 | TV News is an oxymoron. | MSNBC = Moonbats Spouting Nothing But Crap.)
[ Post Reply | Private Reply | To 1 | View Replies]

“...Those who have a problem with Apple should just not buy the product and that takes care of that. Don’t come to FR to flame those who like the product. That’s just dumb...”
— Jim Robinson, owner of FreeRepublic.
http://www.freerepublic.com/focus/backroom/2557969/posts?page=143#127


50 posted on 05/27/2011 9:03:00 AM PDT by Keith in Iowa (FR Class of 1998 | TV News is an oxymoron. | MSNBC = Moonbats Spouting Nothing But Crap.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-130 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson