Forgot your password?
typodupeerror
Security Businesses Apple

First Scareware For the Mac 301

Posted by kdawson
from the rogue-cleaning-tool dept.
I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
This discussion has been archived. No new comments can be posted.

First Scareware For the Mac

Comments Filter:
  • by User 956 (568564) on Tuesday January 15, 2008 @07:34PM (#22059428) Homepage
    With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years.

    I didn't realize Kane & Lynch had been announced for the Mac platform
  • by MLCT (1148749) on Tuesday January 15, 2008 @07:34PM (#22059430)
    The journalist should have visited using a linux livecd. If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware.
  • by Anonymous Coward on Tuesday January 15, 2008 @07:38PM (#22059482)
    The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane. Both the notion that one can reliably detect malware that has already had time to romp with your system and the idea that infection is so routine that there should be tools to be run every few days for it are pretty gross.

    And now we have an example of this fine species showing up on a platform that doesn't really have malware. How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?
    • Re: (Score:3, Informative)

      It's been my experience that 90% of the PCs that require cleaning got in that state because the owner's installed something they shouldn't have. In a way, this program is attempting to create an environment where one would be needed.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane.


      Well, the notion that Snake Oil sold by a carnie could cure you of Quinsy and Polio and whatever else people back then suffered from is pretty crazy too, but people bought it in droves. Heck a few years ago I remember being in a health food store and seeing a large jar of shark cartilage pills next
      • Re: (Score:3, Insightful)

        I dunno, I'd say some recent switchers from Windows to Mac ("average" users, not the Slashdot know it all types) might feel a little naked without their antiviruses and all that. It's almost understandable, seeing as they've had years of conditioning that everything they do invites trojans and viruses. Kind of like how a New Yorker who moves to the suburbs is amazed he doesn't have to lock his car doors.

        Which is ironic, because just as you should still lock your car doors in the suburbs, the principle of de

    • #!/bin/sh
      rm -rf /

      The point being that if you do dumb shit on any computer you can break stuff.
    • by robi2106 (464558)
      How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?

      Because good is dumb.
  • I just checked this using a PC with linux and clicking the "free scan' prompted me to download a .dmg program. I somehow doubt the dmg could have been executed on a PC...

    Either they changed their website, either the article lies on some points.
    • by v1 (525388)
      I rather doubt a DMG can be executed on any computer... ;)

    • by DannyO152 (544940)
      Then they are relying on ensnaring a naive user who is running as administrator and has open "safe" downloaded files as preference, which is the (I don't know why) default for Safari.
  • by joeyspqr (629639) on Tuesday January 15, 2008 @07:45PM (#22059564)
    "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Mac so I knew I wouldn't get infected."

    oh wait ...
  • by Fri13 (963421) on Tuesday January 15, 2008 @07:46PM (#22059590)

    What, you need to download something to your mac and then INSTALL it?

    This kind software has be there long time ago and there is nothing new to see here.
    Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.

    Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.
    • Re: (Score:3, Informative)

      It's been my experience that 90% of the hosed computers in this world have had something installed that shouldn't have been. This is just the sort of malware that typically plagues windows computers.
    • Re: (Score:3, Interesting)

      by necro2607 (771790)
      No kidding, I couldn't guess how many times I've written on Slashdot about how people used to upload trojan-horse programs to my server all the time and try to get me to run it. You know, malicious AppleScripts with a different application icon so it looks like something legit like a text doc or whatever. Except these days, Mac OS is designed with way more attention to these kind of possible "hacks", fortunately.
    • by willyhill (965620) <pr8wak&gmail,com> on Tuesday January 15, 2008 @08:23PM (#22060050) Homepage Journal
      Come back again when you understand how Windows machines are largely compromised. Crapware vendors don't need to wait for the next IE vulnerability to target people, all they need is social engineering and lack of common sense. The last few major botnet herding attacks have been perpetrated like that. The fastest-spreading worms have been perpetrated like that. Coming a close second is exploiting vulnerabilities that people can't be bothered to patch. Yet all of this has somehow become Microsoft's fault, but in this case I guess it's the user's fault, right?

      Idiocy can and will spread happily across platform boundaries. It really does not matter what OS you are using. And this article proves it. It's just that until now Windows was losing by the weight of sheer numbers. It has more vulnerabilities, sure. But those are irrelevant to the people who make big $$$ compromising machines. They simply don't need them.

      • by postbigbang (761081) on Tuesday January 15, 2008 @09:01PM (#22060416)
        Your comment is somewhat disingenuous. For argument sake you can cite that there are probably an equal number of stupid people buying Macs and PCs, by percentage.

        Now take a look at the architectures. A dozen years of Windows since Win95 has only progressively made Windows more secure, and while better than before, still full of a superfluity of exploits (for differing reasons, again, not counting user "stupidity"). You have to do a lot of work to iteratively get past the gatekeepers in both operating systems; it's not as trivial an exercise as it once was; all the really wide-open machines are 0w3d by someone by now.... as part of a botnet.

        Given a 5-10% of the market for Apple, depending on whom you believe, you're only now seeing a MacOS ruse. Think about that for a moment. Think about both motive and opportunity. Motive we understand. Opportunity hasn't been very strong until now. The weapon? Two decades in to desktop operating systems (three if you count CP/M, UCSD Pascal and so on) we're only now seeing a MacOS exploit. A common denominator among the exploitable: stupidity. Now let's scratch off stupidity and talk about architecture. It's not Microsoft's fault that they used a root-level database (the 'Registry') that could be twigged by any user-mode app in pre-XP SP2? Hmmmm. Or the mindless ways that people found to explode IE? Or the TCP/IP stack? Or how long it took to get a WEP-128 parser and still longer for a WPA parser? Microsoft's sloppy code created an industry, one to fix the code, and another to exploit it. They didn't take security seriously, then paid it only lipservice. They're paying the price in disrespect for not being respectable!
        • by toadlife (301863)

          It's not Microsoft's fault that they used a root-level database (the 'Registry') that could be twigged by any user-mode app in pre-XP SP2
          Thank you for demonstrating your ignorance of how Windows works.

          We can now safely ignore anything else you say on the subject.

          Next.
    • by v1 (525388)
      Wow I think I invented TFA's idea of malware, I did this YEARS ago. Lets see if I can remember my leet skillz...

      10 INIT A

      wow, I can't believe I remembered that.

      This is about the caliber of the "malware" on this site. Though I wonder if apple will react by pushing out their first clamav update?
  • The screenshots seem to show that all it detects are evidence of viewing porn sites. Yes, you can view smut on the mac. Everyone go hide in fear.
  • by ibbie (647332) on Tuesday January 15, 2008 @07:51PM (#22059658) Journal
    common as Macs continue to grow in popularity. Malicious code tends to gravitate towards the largest user base (more targets), and Apple's market share (or perhaps, more importantly, positive PR) is growing at a decent rate. I'm surprised that it hasn't happened sooner.

    The same could happen to Linux, (Free|Open|Net)BSD, etc. All it takes is an uneducated* user behind the console, and Linux's drive to take on the desktop makes that all the more likely.

    * I mean uneducated in the security sense. You can be highly intelligent, have 3 PhD's, and still not know a thing about what downloads to avoid. We can't know everything about everything, after all.
  • by Anonymous Coward
    Linux and Mac OS will never get the malware trouble Windows does for a good reason - the communities behind them.

    Windows has such a large userbase, there are many shady-looking shareware apps that work just fine and do what they're supposed to. The problem is that Windows has developed a culture of suckiness such that users can't readily tell the difference between a legitimate vendor and illegitimate software. I had a webcam where I had to obtain the driver on a website that looked ripe for hosting malwa
  • by BeanThere (28381) on Tuesday January 15, 2008 @08:26PM (#22060074)
    There are now 10 or more Mac users?
    • by BeanThere (28381)
      Just kidding, seriously though, I presume they meant millions, but I'm pretty sure we're well past 10 million Mac users? Or do they mean new sales *per year*?
    • by mcpkaaos (449561) on Tuesday January 15, 2008 @09:24PM (#22060588)
      Practicing your base 2, I see.
    • That was my favorite part: "With the Mac's market share closing in on double digits"

      Market share refers to the percentage of total install base that are macs [wikipedia.org].

      In all honesty, mac has been closing on double digits for the last... well, how long have they been in business?

      They're definitely doing a good 'little engine that could' impression, though. Most companies that can only maintain a small percentage of the market place fold. I suspect that the reason Mac hasn't is due to the exceedingly large size and gr
      • That is true, however when you consider that Apple has much much more then just Macs with iPods, iTunes and just about anything else you can add a lowercase "i" to. Also, because Apple is into both hardware/software even though their marketshare may not increase much, they still get more profits anytime that a Mac user who has a machine that is too old wants to run the newest version of OS-X and spends about $1K to buy a new one and those that do have a machine new enough spend the ~$100 for the newer versi
      • Re: (Score:3, Insightful)

        by nmb3000 (741169)
        Most companies that can only maintain a small percentage of the market place fold. I suspect that the reason Mac hasn't is due to the exceedingly large size and growth of the consumer PC business.

        If you're making a profit it doesn't matter how many customers you have: you're still in the black. Sure, more customers then means more profit, but usually you hit a wall where you have to cut profits in order to stay competitive. If a company is happy with its single digit market share (what most would call a ni
      • by MBGMorden (803437)
        You have to understand though: Apple is a hardware company. Their OS and other software merely serve as a way of differentiating their hardware from the generic ones out there. When you look at it from that standpoint (competing against the likes of Dell and HP, not against Microsoft), Apple has a huge portion of their market and is doing quite well.
    • It is funny, but Asus expects that the little Linux based Eee PC (typing this on one!) will outsell the Macintosh this year.
  • by Macrat (638047) on Tuesday January 15, 2008 @08:28PM (#22060102)
    I thought Symantec released the first Scareware for Macs?
  • by caseih (160668) on Tuesday January 15, 2008 @08:29PM (#22060108)
    Looks like they read slashdot. Their "Contact Us" page is already edited now to remove the text copied from Symantec. Now the page doesn't say much of anything at all. No phone numbers, no addresses. Just a bare e-mail address. Hard to believe how scam artists can operate out in the open these days.
  • ... any recommendations for the following:

    Real cleaning software for the Mac, that you've actually used and deemed worth continuing to use?
    Best web sites to learn about Mac security?
    • by pikine (771084)
      Real cleaning software for the Mac, that you've actually used and deemed worth continuing to use?

      sudo rm -rf /

      (cue after 10 seconds) Just kidding.

    • by theurge14 (820596)
      I have on freeware app I use periodically. It is imaginatively called Maintenance [titanium.free.fr] and appears basically to be a front end for built in Mac OS X scripts the system already uses, but also allows you to do things like clean caches and such. It isn't really necessary, but I do like that it helped me determine that my HFS++ volume had some header corruption and advised me to reboot from my Mac OS X install DVD and run a disk scan. It did and it repaired the headers and now the disk access is just as fast as t
  • by MacSweeper (1220668) on Tuesday January 15, 2008 @10:42PM (#22061472)
    I would like to explain all the situation, about MacSweeper. We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) . The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.
    Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it :((
    I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application.

    You can ask Questions, and i will try to answer them! Thank You!
    • by Lewrker (749844) <m@NosPaM.rdns.pw> on Tuesday January 15, 2008 @11:11PM (#22061726)
      Dear Sir,
      thank you for make clear mistake. I find myself have found an inheritance of 50 BILLION DOLLARS (AMERICAN). I rely my confidence on your arm in relate your website macsviper.kom be legitimate business as of identity yours will be made clear as mine is, for this I will need your kindest help with transfer five hundred dollars of administration price, for which of as of now I am not in relation available.
      Sincerely yours,
      Ba Ba Baa, Nigeria
    • by ncryptd (1172815) on Wednesday January 16, 2008 @01:48AM (#22063058)
      Well... a quick disasm of your binary doesn't show anything blatantly malicious, which is good... but I also don't see anything really useful. Pretty much everything your program does (and much, much more) can be done with OnyX. For free.

      Oh, and you mis-spelled "purchase" in two methods in MacSweeperDaemon. ;-)

      (void) purchaise
      (void) purchaiseThread
      I also noticed you left a somewhat interesting TODO list [pastebin.com] in the app bundle.

      The binaries have references to KIVViSoftware throughout them -- you wouldn't happen to be one and the same with these guys [kivvisoftware.com], would you?

      Disclaimer: I didn't find anything blatantly malicious -- but I only took a quick look. Given the folders that it tinkers around with, any bugs could do some damage to your Mac, so be careful.
  • SATISFACTION GUARANTEE: Shop safely at MacSweeper.com with the MacSweeper 100% satisfaction guarantee. If for any reason you are not happy with your purchase, simply contact our customer support staff within 30 days, and we will refund 100% of the purchase price with no questions asked. At MacSweeper.com your security and satisfaction come first. If you're unhappy, we're unhappy... then MacSweeper's unhappy. And, that just simply will not do.

    Copyright 2007 MACSWEEPER.com.
  • infection (Score:3, Insightful)

    by Tom (822) on Wednesday January 16, 2008 @03:23AM (#22063574) Homepage Journal

    I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
    Right, because a baddie trying to infect your Mac will absolutely not ever get the idea to put some IE exploit on his page as well, just for good measure, you know?

    Stupid, meet journalist, your brother.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...