Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
OS X Security IT Apple

Mac Malware Evolves - No Install Password Required 374

Posted by samzenpus from the under-the-wire dept.
An anonymous reader writes "The latest versions of the Mac Defender malware attacks no longer require users to enter their admin credentials (username and password) upon install. A threat called 'Mac Guard' installs itself into areas of the Mac OS X system that only require standard user privilege. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases."
This discussion has been archived. No new comments can be posted.

Mac Malware Evolves - No Install Password Required More

Mac Malware Evolves - No Install Password Required

Comments Filter:

  • More damaging for Apple than most think... (Score:1, Interesting)

    by imyy4u3 ( 1290108 ) on Thursday May 26, 2011 @11:18AM (#36251124)
    One of the key selling points that entices a lot of novice users to buy an Apple over a PC is lack of malware/virii. The other key selling points being ease of use/reliability/stability. This latest outbreak, while not particularly damaging, and while not really a threat as the user still must "install it," is getting a ton of media attention and is thus removing the "cloak of invulnerability" that Macs have been advertised to have against malware and virii. So now when a novice user, who doesn't know any better, has to choose between the more expense Mac vs a cheaper PC, will the remaining key selling points be enough to entice them to pay the higher premium? Many people switch solely on the reason of not dealing with virii/malware, but now that they will have to deal with that (whether or not it's true is irrelevant as in many novices minds Macs are now vulnerable) they might just stick with their PC. Bottom line - this is going to really hurt Apple a lot more than most people realize, as they will no longer have the novice users switching just to avoid virii and malware. Apple's "cloak of invulnerability" has been removed...and whether the remaining key selling points will sustain them remains to be seen.

  • Re:PEBKAC (Score:4, Interesting)

    by BitZtream ( 692029 ) on Thursday May 26, 2011 @11:24AM (#36251198)

    Just putting itself in the Applications directory doesn't do anything special, users still have to run it. The Applications directory isn't setuid or anything like that, it doesn't make the app run as root, it doesn't have anything to do with startup or anything else, you're just allowed to create files in the Applications directory.

    As I pointed out elsewhere, the intelligent thing to do would be to install to the users home directory as most non-techie Mac users will NEVER look in their home directory and notice it, thats just someplace they don't generally have to go, thats what the Documents, Pictures, Music and other folders are for. Unlike the Applications directory where users are bound to be looking at least once in a while.

    The end result would be the same, all its going to do is effect a single user.

    Now if it was intelligent, it'd modify the plist of an existing app to take itself on as the app launcher, then start the real app itself, which would possibly be used by other users on the system. You wouldn't be able to do it to the Apple builtin apps as permissions still require you to be root to modify it, but some other app the user installed will be owned by them and modifiable.

    Back when they were asking for a password, they should have been installing a kernel extension to cloak themselves and make removal without booting from a clean drive impossible.

    This 'malware' is like most Mac users, its a joke, its not even a little bit impressive, it just happens to be the first one noticed.

    Just wait until the Windows malware writers start putting some effort into OSX, THEN it'll get nasty.

  • Re:No surprises here (Score:5, Interesting)

    by Low Ranked Craig ( 1327799 ) on Thursday May 26, 2011 @11:30AM (#36251300)
    Follow up. I find it interesting that they gloss over the fact that to completely avoid this all you need to do is turn off download safe files in safari, and/or not be stupid. Their solution is to purchase their anti-malware package for Mac. Question for samzenpus, how much did these guys pay you to post this?

  • Good News for the App Store (Score:5, Interesting)

    by vwjeff ( 709903 ) on Thursday May 26, 2011 @11:30AM (#36251310)
    This just gives Apple one more reason to force all application installs via the app store in future versions of the OS. The other reason of course is money.

  • Re:No surprises here (Score:1, Interesting)

    by Anonymous Coward on Thursday May 26, 2011 @12:05PM (#36251774)

    Follow up. I find it interesting that they gloss over the fact that to completely avoid this all you need to do is turn off download safe files in safari, and/or not be stupid. Their solution is to purchase their anti-malware package for Mac. Question for samzenpus, how much did these guys pay you to post this?

    Spoken like a true apple fanboi. The same "not be stupid" can be said for all OSes, even windows. Apple has a big enough market share, and rich enough non-tech savvy users to make the platform a target for criminals. Get used to it, it won't go away now. Brought to you from the company that allows closed devices to be rooted by merely visiting a website!

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close