Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Courts IT Technology

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com) 87

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."
This discussion has been archived. No new comments can be posted.

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters

Comments Filter:
  • by DontBeAMoran ( 4843879 ) on Wednesday December 13, 2017 @03:54PM (#55733805)

    It would be nice to know how this crap gets on a system. Since we're talking about macOS, I'm going to guess this is a trojan and simply carry on...

    • Re:Details? (Score:5, Informative)

      by tattood ( 855883 ) on Wednesday December 13, 2017 @03:58PM (#55733829)
      from TFA:

      In this report, the term installer refers to TargetingEdge’s main product - an installer that installs software like a video player or a PDF reader that’s downloaded from a site. These installers will install the downloaded software and the additional malware.

      • Exactly what I thought. Thank you.

        As usual, don't install random crap on your computer, whatever OS you might be using.
        Basic computer security 101.

        • As usual, don't install random crap on your computer, whatever OS you might be using. Basic computer security 101.

          Computer security 102, however, is "only people who click bad links, or download unknown attachments gets a virus" is a myth.

        • The problem with that is of course that we may want the functionality of the software we've found. And atleast Windows haven't before offered a central repository. And for the same of competition we may not want one.

      • by Anonymous Coward

        Is that the same vendor that SourceForge used to provide their extras a few years ago?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      It would be nice to know how this crap gets on a system.

      The Apple App Store.

    • same way crap gets on 99% of systems be it windows, Linux or OS.X, poor user practises and education. malware rarely targets vulnerabilities nowadays as it is much easy to find away in through the Exploit sitting at the keyboard, this has been the case for quite a few years now.
    • by Anonymous Coward

      they get email on their mac that is spoofed to look like a mail from Apple, the mail contains an eecuteable that is labelled "system upgrade"?

      I bet a lot of Mac users would click on something like that :-)

  • Maybe we should send the malware maker some cease-and-desist letters.

    • Or since they are producing malware, perhaps the authorities might be interested in talking to the Lawyer who sent the C&D letters regarding their criminal employers.
  • Cease-and-Desist talking about the malware? Yeah, I am sure filing a lawsuit will to a great job of that, Barbara.

    Also, why isn't what the malware maker doing illegal?

    • by bloodhawk ( 813939 ) on Wednesday December 13, 2017 @04:15PM (#55733907)

      Also, why isn't what the malware maker doing illegal?

      Not sure on this particular case as can't be bothered reading the whole story. BUT most malware/adware is perfectly legal as it relies on user ignorance and stupidity, simply put in some terms and conditions that you accept the adware in the install of product X, 99% of people don't read the terms so you have an easy install path that is perfectly legal.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Totally. Even if it trashes your data. Or damages your hardware. Or spies on your kids.

        Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.

        • by HiThere ( 15173 )

          No, there are limits. They can't enforce an agreement that's against the policy of the enforcing agency. They can't demand that you do something illegal. But the limits are quite broad. Broad enough that I stopped using both MS and Apple over EULAs. (Read it sometime, and try to understand it.)

        • Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.

          So you think a contract can nullify criminal law? Regardless of what anybody writes in an agreement, punching someone is criminal assault, with very few exceptions and they have very specific conditions, e.g. boxing and martial arts.

          If an advertiser or software developer breaks the law, they can be prosecuted like everyone else.

        • Wise words. Never sign one of those bits of paper which say someone gets to punch you Ow! whenever they like. Ow!

  • find this scumbag making this malware advertising and smash his computers and break his knees and and elbows with baseball bats
  • ... Maker of Sneaky Adware to his maker.

  • They should send the report and the lawyer's address straight to the FBI. If it's accurate, the software is violating the Compture Fraud and Abuse Act. And Israel will honor the extradition...

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...