Hackers Aim Ruse at Apple Computer Users

Status
Not open for further replies.

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,400
It looks like Apple did a 180 from an article posted here last week. Apple has now officially warned of a malware problem on the Macs. It must be a real shocker for Apple users to digest the information coming from Apple itself concerning the possibility Macs could actually get malicious code on the computer. I guess when you begin to draw attention of phishers and hackers, you have arrived. :D

Names of the fake anti-virus programs included MacDefender, MacProtector, and MacSecurity, according to Apple.
 
/me puts on his ice skates and parka... pretty cold day in Hell, might as well make good use of it... :D
 
If anything the Mac users would be better targets. In my experience Mac users are uneducated computer users who have plenty of disposable income to purchase whatever might popup on the screen instructing them to upgrade to something more magical. It wouldn't be difficult to spoof legitimate Apple advertising, maybe even a commercial video preceding the transaction. Just look at the Apple commercials on TV, they actually advertise the fact that they do your shopping for you. Totally sheepish behavior is ripe for exploitation.
 
If anything the Mac users would be better targets. In my experience Mac users are uneducated computer users who have plenty of disposable income to purchase whatever might popup on the screen instructing them to upgrade to something more magical. It wouldn't be difficult to spoof legitimate Apple advertising, maybe even a commercial video preceding the transaction. Just look at the Apple commercials on TV, they actually advertise the fact that they do your shopping for you. Totally sheepish behavior is ripe for exploitation.

Given about 40% of my clients are Mac users, I want to argue this. Unfortunately the majority of them basically fit into this description exactly. I almost have trouble comprehending the sheer amount of money most of them waste on stupid useless bullshit that promised (and failed) to make them more productive or secure.
 
I think the malware makers are doing it wrong; shouldn't it be "i" and not "Mac"?
 
[UPS] Sorce;1037317106 said:
I think the malware makers are doing it wrong; shouldn't it be "i" and not "Mac"?

maybe for the iPad, but not for the MacBook :p
 
This was bound to happen sooner or later. The only thing that kept Apple off the radar was their small market share.

Its only a matter of time before smart phones and tablets become targets.
 
This was bound to happen sooner or later. The only thing that kept Apple off the radar was their small market share.

Its only a matter of time before smart phones and tablets become targets.

Given the amount of personal data stored on those devices (especially given the popularity of the iphone being first to market) I am surprised that malware coders aren't already infesting such hardware.
 
Given the amount of personal data stored on those devices (especially given the popularity of the iphone being first to market) I am surprised that malware coders aren't already infesting such hardware.

ah, but the master malware maker itself has that area locked down, you don't want Apple to send in the feds after you...
 
It's gonna take more than a warning or two from Apple for Mac users to get the message. Apple has spent years cultivating a feeling of security in its user base. Essentially they have been saying (right down to their ads) that "viruses, Trojans and other malware is stuff Windows users get, not us cool and trendy Mac elite." The great majority of Mac users believed that sort of thing with something close to religious fanaticism and disabusing themselves of the Gospel according to Steve will not come easy.

Given the demographics of the Mac user base (largely upper middle class to affluent, not that technically adept and virtual babes in the woods when it comes to dealing with security issues), I'm surprised that malware authors haven't made a more concerted push sooner. The Mac base is relatively small compared to Windows, but it's largely unprotected and there's a good concentration of money to be mined from it. Regardless, the cat's out of the bag now. I have a feeling that this is just the beginning.
 
It looks like Apple did a 180 from an article posted here last week. Apple has now officially warned of a malware problem on the Macs. It must be a real shocker for Apple users to digest the information coming from Apple itself concerning the possibility Macs could actually get malicious code on the computer. I guess when you gain enough market share to matter, and you keep touting how untouchable your operating system is compared to Windows, you're bound get some pimpslap attention from malware. :D

Fixed that for you :D
 
Phide is conspicuously missing from this thread...

You know it had to be pretty inarguable that Apple is fucking up here...

http://www.appleinsider.com/article...alware_attacks_mac_os_x_without_password.html

http://technologizer.com/2011/05/25/the-macs-malware-problem-just-got-a-lot-worse/

...When one of them only works the way it does because Apple is making the same mistakes with user security that Microsoft was slammed for 10 years ago: Making the administrator privileged account DEFAULT.
 
I am impressed... :D


All you mac zealots better not whine and bitch when your sweet untouchable imac gets slammed.

Karma is a bitch!
 
One thing is for certain...I will Absolutely NOT be removing any of this crap for the mac users for free. While they seem to have utterly no problem dropping money on the stupidest shit, every single one of them seem to think I am at their personal disposal at the office despite 50% of my income being from side jobs. As such not a single one of them ever wants to pay me, they all want to try and get it free. Won't happen if any of them are dumb enough to get slapped with this.
 
i wonder why there isn't MORE malware for mac at the moment.

most apple users switched to mac because they are too dumb to use windows, making them the most suitable and easiest targets for malware. There is a greater chance of success for malware on mac.
 
I think the most interesting thing is the amount of ignorant PC users once again spouting bullshit...and apparently unwittingly swinging at strawmen while disparaging mac users.

Apple users don't walk around saying that they are impervious to malware attacks. What has been said is that there aren't any virii in the wild that can infect a mac. If you don't know the difference between a virus and a trojan or other malware then that's due to your own ignorance, not mac users.

It's unfortunate that gearburn mis-characterized this attack as a virus, but once again, that's speaks more to the ignorance of the readers perpetuating the strawman attack rather than the ignorance of mac users.
 
I think the most interesting thing is the amount of ignorant PC users once again spouting bullshit...and apparently unwittingly swinging at strawmen while disparaging mac users.

Apple users don't walk around saying that they are impervious to malware attacks. What has been said is that there aren't any virii in the wild that can infect a mac. If you don't know the difference between a virus and a trojan or other malware then that's due to your own ignorance, not mac users.

It's unfortunate that gearburn mis-characterized this attack as a virus, but once again, that's speaks more to the ignorance of the readers perpetuating the strawman attack rather than the ignorance of mac users.

What ever... Your mac could have been hacked (in a matter of seconds) years ago and you would not even have known it. Of course you would claim it was a trojan not a virus, which is actually worse because you remain oblivious to the fact it's happenning. Oh and virus's are out there too.

The only difference: Now someone is actually making it public...it's your time for the bitch slap of reality.
 
I think the most interesting thing is the amount of ignorant PC users once again spouting bullshit...and apparently unwittingly swinging at strawmen while disparaging mac users.
Well that didn't take long. You can't rebuild the Reality Distortion Field; it's broken permanently now.

Apple users don't walk around saying that they are impervious to malware attacks.
Some do.
 
If they do, they're no worse than the amount of ignorant PC users who can't differentiate between a trojan and a virus, as evidenced by this thread. Those same numbnuts think that slapping cheap parts in a case enables them to come away from that experience thinking they're tech savvy...

(and apparently if someone points this lack of reasoning ability out they're automatically labeled a mac user ;)) <<< which is strange given that group-think is one of the most cited criticisms of mac users.
 
Apple users don't walk around saying that they are impervious to malware attacks.

Maybe not existing mac users, but I can't count how many times I've been asked by someone about switching to a mac so they don't have to worry about viruses/malware/etc.


If anything the Mac users would be better targets. In my experience Mac users are uneducated computer users who have plenty of disposable income to purchase whatever might popup on the screen instructing them to upgrade to something more magical.

Agreed. Based on experience, there would be more money to be made off the average mac user than the average windows user.

I wouldn't say all mac users are uneducated, since there is a small group of power users. However most of the growth in mac sales the last several years have been to "uneducated computer users", or consumers who have trouble with Windows.

This was bound to happen sooner or later. The only thing that kept Apple off the radar was their small market share.

It's not so much Apple's slight increase in market share, as it's Windows 7's fault.
Windows 7 is much more locked down that XP or Vista ever was. As more people switch to Windows 7, it's getting tougher to infect them with malware/virus's. The writers are simply switching to an easier target.
 
If they do, they're no worse than the amount of ignorant PC users who can't differentiate between a trojan and a virus, as evidenced by this thread. Those same numbnuts think that slapping cheap parts in a case enables them to come away from that experience thinking they're tech savvy...

Just because I slap cheap parts into a case doesn't mean I'm not tech savvy.... :)

Over the last year I've also spec out and install several Windows 2008 servers, including upgrading to Exchange 2010, virtualizing several old servers with Hyper-V, setup up Sharepoint, along with working on Cisco routers, firewalls, and expanding the office phone system.
 
If they do, they're no worse than the amount of ignorant PC users who can't differentiate between a trojan and a virus, as evidenced by this thread.
That's why I use the overarching term "malware". Much easier.

Those same numbnuts think that slapping cheap parts in a case enables them to come away from that experience thinking they're tech savvy...
Some do. But those of us who've built over 1,000 computers and fix them for a living probably know better.
 
im gonna buy some popcorn later and watch my mac zealots friends rage and deny stuff like these :D
 
I think the most interesting thing is the amount of ignorant PC users once again spouting bullshit...and apparently unwittingly swinging at strawmen while disparaging mac users.

Apple users don't walk around saying that they are impervious to malware attacks. What has been said is that there aren't any virii in the wild that can infect a mac. If you don't know the difference between a virus and a trojan or other malware then that's due to your own ignorance, not mac users.

It's unfortunate that gearburn mis-characterized this attack as a virus, but once again, that's speaks more to the ignorance of the readers perpetuating the strawman attack rather than the ignorance of mac users.

/point Starbucks

nuf said.
 
Did anyone here read the article?

If you did, you would have known pretty much everything you needed to know from the first sentence:
Apple on Wednesday was warning about a &#8220;phishing scam&#8221; that stealthily directs Mac users to fake websites which pop-up bogus warnings that computers are infected with viruses.

So it appears that this issue speaks more of the fact that Mac users are easily scared and deceived. I don't understand how this turned into a thread about how Mac's are suddenly vulnerable or something. Same thing can happen to any operating system when you allow the program to have administrative privileges.

It's sad that Apple has to tell it's users "don't run that fake program!" The overflowing user ignorance speaks for itself. It's the users who are vulnerable to things like this.

As much as I don't want to defend any one operating system, there just isn't much that you can do about user stupidity and ignorance.
 
What ever... Your mac could have been hacked (in a matter of seconds) years ago and you would not even have known it. Of course you would claim it was a trojan not a virus, which is actually worse because you remain oblivious to the fact it's happenning. Oh and virus's are out there too.

The only difference: Now someone is actually making it public...it's your time for the bitch slap of reality.

It's been known for a while. The problem is that Apple's fallen upon their own sword. After years of saying "Make the Switch" because PCs are rife with these kinds of problems... it's just immensely satisfying to say "ha ha!" when Apple is caught making the EXACT SAME MISTAKES with user security.

Malware is malware, whether they classify it as a trojan or a virus to divide the type and point fingers to say someone else is worse off than they are. They still are playing the ignorant, too dumb to know better Mac user thinking all that you have to do is use a Mac to be safe... when it's actually one constant in every case where a system is compromised: The user and what they do.

MacOSX trojans exist. They are in the wild. They have been for QUITE some time. They do compromise the system if the user infects themselves. Behaviour is the only difference between a trojan and virus. Making this distinction is pointless to everyone, but Mac users. Why? Windows Viruses don't really exist anymore. Viruses do one thing: Trash the system and make it unusable. Why would malware do that now when the authors of this crap can just turn it into a bot and make some cash off it? So again, infection is infection... be it malware or virus. Apple users are the only ones who even fucking care anymore when it comes to pointing this out.

This is old news. Really, it is. Otherwise, you wouldn't have warnings posted for MacOSX about malicious software like this one: http://www.intego.com/news/ism0902.asp or this one: http://www.intego.com/news/ism0901.asp or even this one: http://www.macrumors.com/2009/01/22/iwork-09-torrent-carrying-os-x-trojan/

This is not a new trend.

Even back in 2004, MacOSX had a higher percentage of security vulnerabilities that allowed for exploits without local access.

http://news.techworld.com/security/1798/mac-os-x-security-myth-exposed/

Do note that Apple doesn't have that great of a history when it comes to handling security. ALL of the current exploits known for MacOSX are because of what was added to the BSD foundation by Apple. All of them.

Hell, even Apple can claim to have had the first ever computer virus in the wild. http://en.wikipedia.org/wiki/Computer_virus#History

For more recent information regarding exploits and known vulnerabilities...

http://secunia.com/advisories/product/96/ - Vulnerability Report: Apple Macintosh OS X, Vendor Apple, Affected By 152 Secunia advisories, 1505 Vulnerabilities

http://secunia.com/advisories/product/22/ - Vulnerability Report: Microsoft Windows XP Professional, Vendor Microsoft, Affected By 352 Secunia advisories, 465 Vulnerabilities

And these two are about the same age in the end.

http://secunia.com/advisories/product/13223/ - Vulnerability Report: Microsoft Windows Vista, Vendor Microsoft, Affected By 147 Secunia advisories, 287 Vulnerabilities

http://secunia.com/advisories/product/27467/ - Vendor Microsoft, Affected By 65 Secunia advisories, 132 Vulnerabilities

The point isn't that Windows is more secure than MacOSX, no. The real concern is best explained here: http://www.crn.com/software/220100937?pgno=3

A breakdown: Claims of being more secure will draw more attention from those wishing to disprove it. Marketing that a product is more secure lures users into a false sense of security by giving the impression that there is nothing they need to do to remain secure.

It has gotten severe enough for Apple to stop saying that users do not need to install any antivirus programs. Apple announced that with Snow Leopard, the OS came with antivirus and security features. Why do you need those if you've never seen an infected Mac?

It's either one of two things. Sheer luck, or responsible user behaviour.

"Unlike PC owners, Mac users are simply not used to dealing with rampant malware, experts say. As a result, Mac users are much more likely than their Windows counterparts to underprotect their machines, or not protect them at all."

I can't say I've never seen an uninfected Windows install. I can't even say I've never seen an uncompromised Linux install, either. Or a MacOSX one, for that matter. When it comes to Windows, the systems I've had to clean up for people... How many of those were -repeats- after teaching them what they needed to do and installing the software that will do it for them? Very, very few. People tend to learn their lesson after being exposed to the risks. If you think you're risk free, that's going to be a harder lesson to learn.

Yes. I'll say it. Apple promotes user ignorance with its claims about MacOSX.

Macs, FIVE years in a row, were the first machines/OSes compromised in the Pwn2Own contest. http://en.wikipedia.org/wiki/Safari_(web_browser)#Browser_exploits - Of the three modern OSes tested 2008 and 2009, MacOSX was the only OS compromised by network only attacks.

That means it did the worst of all major OSes. All you had to do was go online and click one bad link to become compromised. No third party software. The flaws in the security were entirely because of Apple.

In 2010... MacOSX was still the first OS to become compromised. Bonus, the iPhone was also remotely hacked. http://en.wikipedia.org/wiki/Pwn2Own#Contest_2010

And this year, in 2011... MacOSX again was the first OS to fall. What was interesting was that MacOSX was compromised using one vulnerability but that it took a combined THREE vulnerabilities to compromise Internet Explorer on Win7.

"During the first day of the competition Safari and Internet Explorer were defeated by researchers. Safari was version 5.0.3 installed on a fully-patched Mac OS X 10.6.6." http://en.wikipedia.org/wiki/Pwn2Own#Day_1_3

http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

"Bekrar’s winning exploit did not even crash the browser after exploitation. Within five seconds of surfing to the rigged site, he successfully launched the calculator app and wrote a file on the disk without crashing the browser."

“The victim visits a web page, he gets owned. No other interaction is needed.”

That is how secure MacOS is.

TLDR: Apple users need to stop being smug jerkasses and wake the fuck up.
 
It's not so much Apple's slight increase in market share, as it's Windows 7's fault. Windows 7 is much more locked down that XP or Vista ever was. As more people switch to Windows 7, it's getting tougher to infect them with malware/virus's. The writers are simply switching to an easier target.

Vista was already much more secure than XP. The big problem was that people didn't switch because of Vista's perceived or real problems. Now that Win7 is taking off and people are finally abandoning XP, it's going to get harder for the malware and virus makers.

Apple doesn't have any experience dealing with security, trojans, viruses etc .What doesn't kill you makes you stronger - Microsoft (and Windows users) has been dealing with these kinds of problems for at least a decade if not longer.
 
I think the most interesting thing is the amount of ignorant PC users once again spouting bullshit...and apparently unwittingly swinging at strawmen while disparaging mac users.

Apple users don't walk around saying that they are impervious to malware attacks. What has been said is that there aren't any virii in the wild that can infect a mac. If you don't know the difference between a virus and a trojan or other malware then that's due to your own ignorance, not mac users.

It's unfortunate that gearburn mis-characterized this attack as a virus, but once again, that's speaks more to the ignorance of the readers perpetuating the strawman attack rather than the ignorance of mac users.

hey look, it's a mac user. and he's volunteered himself to speak for the entirety of the mac user base.
 
hey look, it's a mac user. and he's volunteered himself to speak for the entirety of the mac user base.
By doing so he also has volunteered himself to perpetuate the elitist mac user stereotype by calling everyone ignorant.
 
The makers of this phony av crap need to be identified, arrested, .... Wait, just hang them up by their balls, and dangle the key in front of them locked in a box eith a credit card slot.
 
i wonder why there isn't MORE malware for mac at the moment.

most apple users switched to mac because they are too dumb to use windows, making them the most suitable and easiest targets for malware. There is a greater chance of success for malware on mac.

Really. That's your story...
 
It's been known for a while. The problem is that Apple's fallen upon their own sword. After years of saying "Make the Switch" because PCs are rife with these kinds of problems... it's just immensely satisfying to say "ha ha!" when Apple is caught making the EXACT SAME MISTAKES with user security.

Malware is malware, whether they classify it as a trojan or a virus to divide the type and point fingers to say someone else is worse off than they are. They still are playing the ignorant, too dumb to know better Mac user thinking all that you have to do is use a Mac to be safe... when it's actually one constant in every case where a system is compromised: The user and what they do.

MacOSX trojans exist. They are in the wild. They have been for QUITE some time. They do compromise the system if the user infects themselves. Behaviour is the only difference between a trojan and virus. Making this distinction is pointless to everyone, but Mac users. Why? Windows Viruses don't really exist anymore. Viruses do one thing: Trash the system and make it unusable. Why would malware do that now when the authors of this crap can just turn it into a bot and make some cash off it? So again, infection is infection... be it malware or virus. Apple users are the only ones who even fucking care anymore when it comes to pointing this out.

This is old news. Really, it is. Otherwise, you wouldn't have warnings posted for MacOSX about malicious software like this one: http://www.intego.com/news/ism0902.asp or this one: http://www.intego.com/news/ism0901.asp or even this one: http://www.macrumors.com/2009/01/22/iwork-09-torrent-carrying-os-x-trojan/

This is not a new trend.

Even back in 2004, MacOSX had a higher percentage of security vulnerabilities that allowed for exploits without local access.

http://news.techworld.com/security/1798/mac-os-x-security-myth-exposed/

Do note that Apple doesn't have that great of a history when it comes to handling security. ALL of the current exploits known for MacOSX are because of what was added to the BSD foundation by Apple. All of them.

Hell, even Apple can claim to have had the first ever computer virus in the wild. http://en.wikipedia.org/wiki/Computer_virus#History

For more recent information regarding exploits and known vulnerabilities...

http://secunia.com/advisories/product/96/ - Vulnerability Report: Apple Macintosh OS X, Vendor Apple, Affected By 152 Secunia advisories, 1505 Vulnerabilities

http://secunia.com/advisories/product/22/ - Vulnerability Report: Microsoft Windows XP Professional, Vendor Microsoft, Affected By 352 Secunia advisories, 465 Vulnerabilities

And these two are about the same age in the end.

http://secunia.com/advisories/product/13223/ - Vulnerability Report: Microsoft Windows Vista, Vendor Microsoft, Affected By 147 Secunia advisories, 287 Vulnerabilities

http://secunia.com/advisories/product/27467/ - Vendor Microsoft, Affected By 65 Secunia advisories, 132 Vulnerabilities

The point isn't that Windows is more secure than MacOSX, no. The real concern is best explained here: http://www.crn.com/software/220100937?pgno=3

A breakdown: Claims of being more secure will draw more attention from those wishing to disprove it. Marketing that a product is more secure lures users into a false sense of security by giving the impression that there is nothing they need to do to remain secure.

It has gotten severe enough for Apple to stop saying that users do not need to install any antivirus programs. Apple announced that with Snow Leopard, the OS came with antivirus and security features. Why do you need those if you've never seen an infected Mac?

It's either one of two things. Sheer luck, or responsible user behaviour.

"Unlike PC owners, Mac users are simply not used to dealing with rampant malware, experts say. As a result, Mac users are much more likely than their Windows counterparts to underprotect their machines, or not protect them at all."

I can't say I've never seen an uninfected Windows install. I can't even say I've never seen an uncompromised Linux install, either. Or a MacOSX one, for that matter. When it comes to Windows, the systems I've had to clean up for people... How many of those were -repeats- after teaching them what they needed to do and installing the software that will do it for them? Very, very few. People tend to learn their lesson after being exposed to the risks. If you think you're risk free, that's going to be a harder lesson to learn.

Yes. I'll say it. Apple promotes user ignorance with its claims about MacOSX.

Macs, FIVE years in a row, were the first machines/OSes compromised in the Pwn2Own contest. http://en.wikipedia.org/wiki/Safari_(web_browser)#Browser_exploits - Of the three modern OSes tested 2008 and 2009, MacOSX was the only OS compromised by network only attacks.

That means it did the worst of all major OSes. All you had to do was go online and click one bad link to become compromised. No third party software. The flaws in the security were entirely because of Apple.

In 2010... MacOSX was still the first OS to become compromised. Bonus, the iPhone was also remotely hacked. http://en.wikipedia.org/wiki/Pwn2Own#Contest_2010

And this year, in 2011... MacOSX again was the first OS to fall. What was interesting was that MacOSX was compromised using one vulnerability but that it took a combined THREE vulnerabilities to compromise Internet Explorer on Win7.

"During the first day of the competition Safari and Internet Explorer were defeated by researchers. Safari was version 5.0.3 installed on a fully-patched Mac OS X 10.6.6." http://en.wikipedia.org/wiki/Pwn2Own#Day_1_3

http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

"Bekrar’s winning exploit did not even crash the browser after exploitation. Within five seconds of surfing to the rigged site, he successfully launched the calculator app and wrote a file on the disk without crashing the browser."

“The victim visits a web page, he gets owned. No other interaction is needed.”

That is how secure MacOS is.

TLDR: Apple users need to stop being smug jerkasses and wake the fuck up.

Well put together and definitely factually supported post. Now sitting on the sidelines waiting the "educated" replies to come in while I enjoy my popcorn.
 
Right: the user base which has been told that "It Just Works".

I actually had more win 7 malware infections last week than xp. All were fake av.

All these useless "scan your computer" shit on tv and high traffic tech sites is making things worse. While they may not be so-called rogue, the are desensitizing people from the danger.

Even most well known download tech sites are designed to trick you into clicking on one of these links.
 
Well put together and definitely factually supported post.
Not if you click on the links he provided and actually read the content.

Not to mention that he's wrong with his definition of a virus vs. trojan...and his claim that no one cares since it doesn't matter.
 
Status
Not open for further replies.
Back
Top