Mac Defender malware now spreading virally via Facebook
Summary: Mac malware has made the leap to Facebook and is now spreading virally, claiming to be a video of IMF boss Dominique Strauss-Kahn.
[UPDATE: Apple issues security update to detect and remove Mac Defender and variants, but still allows users to open known infected files!]
Mac malware has made the leap to Facebook and is now spreading virally, claiming to be a video of IMF boss Dominique Strauss-Kahn.
Security firm Sophos has the details:
The fake anti-virus attack first appears in your timeline as a message apparently posted by one of your friends.
In case you've been out of the loop, the text used refers to the news story of IMF chief Dominique Strauss-Kahn who is facing charges in New York over charges that he allegedly tried to rape a hotel maid.
People who know what they're doing will recognize this for what it is - a sick fakey headline and the promise of a video is used to entice people to click on the link which goes to a site pushing malware - in this case Mac Defender. For good measure clicking on the link also posts the same message onto the Facebook wall of the person clicking on the link - this helps find the next sucker victim.
Sophos senior technology consultant Graham Cluley calls it a 'a genius piece of social engineering.'
Needless to say, if you see this on Facebook, don't click on the link!
Apple has promised a patch for Mac Defender and its variants, but so far this hasn't materialized. [UPDATE: The Apple security update has just materialized.]
Windows users shouldn't get too cocky though, given that the same viral 'video' is being used to spread the Zeus botnet malware to the Microsoft crowd. Linux users don't get to play.
Additional coverage:
- Here's something Apple should spend some of that $65.8 billion cash reserve on
- Modern Mac owners need to ignore the dinosaurs and get protection
- You have malware on your Mac and you call Apple support ... what happens next?
- Apple to issue update to 'automatically find and remove' Mac Defender malware
- Mac OS X has you covered ... really?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Mac Defender malware now spreading virally via Facebook
RE: Mac Defender malware now spreading virally via Facebook
Don't say that too loud. The Apple police will be knocking on your door.
RE: Mac Defender malware now spreading virally via Facebook
And there's a lesson here for Linux users too. There is no magic. If Linux grew to near 9%, gained a development environment that didn't suck too much, was used by people who had money or believed in paying for software, then they could play too.
The same applies to a clay tablet and stick, which has about the same global share ;-)
RE: Mac Defender malware now spreading virally via Facebook
Garbage. Unlike Apple, Linux gets it's software through it's distro supported Package Repository. By default, the executable bit is turned off and you can't just click on wizards in the wild and download things like you do with Windows. If you've ever used it (and I suspect you haven't), you would know this.
I wouldn't be surprised if Apple extends it's App Store the same way a Package Repository does, only unlike Linux, you'll have to pay for many of the apps that are in there.
Message has been deleted.
People have to be really clueless to be harmed from this
Let's count the number of things wrong with the sentence
If you want to go back in history to begin counting -- which you obviously do because there aren't any really relevant modern viruses affecting Windows 7 any more -- the *First* PC virus ever written -- Elk Cloner -- was for the Apple.
But, to be fair, Mac OS X is a fairly immature operating system that only goes as far back as Leopard -- Tiger being on a completely different platform. Even still, Leap-A and a number of other viruses existed on both Leopard and Tiger.
Given the fact that these computers are sold on the FUD that they are somehow more secure than a modern Windows 7 Operating system and that the Mac OS goes out of its way to manage the user experience, Mac users tende to be naive <B>there is no comparison</b>.
RE: Mac Defender malware now spreading virally via Facebook
RE: People have to be really clueless...
Oh I am not denying that but if 25 years working with computers and in IT has taught me anything there are many clueless computer users out there no matter what platform or software or technology they choose to use.
No one isn't saying that this scam like all the other similar onese are not obvious (especially to those that are computer literate) but it does not change the fact that they are effective. This scam is virtually no different than all the Scareware that gets on Windows computers and yet millions have fallen for those scams too. They all have one goal and that is to trick the user into thinking their computer is compromised and to get them to enter a credit card thinking the fake software will fix it.
Also as it has been said many times viruses (and I mean actual viruses) and worms are not very effective in modern Windows or fully patched Windows systems either unless for some reason you are using Windows XP Pre SP2 or earlier versions of Windows without a firewall or something insanely stupid. Of course stuff like that happens too as most of the machines I see with an infection are not properly patched. Either that or they were doing something "clueless" to let the infection in. You can bring up the history of Windows viruses all you want but it doesn't change the fact that it is irrelevant today.
RE: Mac Defender malware now spreading virally via Facebook
Let's keep in mind that XP is still the most popular version of Windows, since Vista sucked so badly. Ummmkay?
One problem doesn't mean that 'security though obscurity' BS is proven. It's not, and this is still a socially engineered exploit, not the common, garden variety Windows exploit that requires NOTHING of the user whatsoever.
Windows 7 doesn't change things much, the Windows(?) reputation is still suffering from XP's near total lack of security, just like Mac users are still suffering from bogus FUD, etc.
RE: Mac Defender malware now spreading virally via Facebook
You are full of it.
This idea that XP is the truly representative version of Windows is nonsense. XP is about half of worldwide Windows usage, and only because of all the pirate copies throughout the developing world. It is a distinct minority of Windows in the developed world. Win7 is the fastest selling version of Windows ever and its share is edging ahead of XP in Europe and North America. So which version of Windows is "popular?" I know you love your straw man, but it's time to give it up.
Your reference to a "common, garden variety Windows exploit" requiring no interaction from the user is completely false in today's environment. Most Windows exploits are socially engineered, just like the Mac exploit.
If there ever was a system that had its reputation damaged by FUD it was Vista, not OS X. Acknowledging that OS X is as vulnerable to malware as modern versions of Windows is not FUD.
Perspective: Mac v PC viruses
This Mac Defender thing is one piece of malware (which a user has to run and provide a password to install).
We've seen three dozen stories about it on ZDNet. So
Mac: 1 malware = 36 stories
PC: x00,000 malware = 4 or 5 stories
There isn't an epidemic of Mac malware. There's an epidemic of Mac malware scare stories.
RE: Mac Defender malware now spreading virally via Facebook
Do the checks you get from Steve Jobs make you sleep better at night?
RE: Mac Defender malware now spreading virally via Facebook
RE: Mac Defender malware now spreading virally via Facebook
RE: Mac Defender malware now spreading virally via Facebook
Ok... Once again you are living in the past as viruses and worms are not really a big issue anymore as if they do end up on a computer it is usually because a piece of malware like this has opened the door for them.
Second of all this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people. This is the way computers and people are being exploited today.
Thirdly it is no different than the very many articles and blogs written about conficker a few years ago when that was made out to be the threat that took down Windows for good and ended up only really affecting about .07% of all the Windows computers in the world. I am sure there were 36 or more stories about Conficker then too and it is still brought up as an example of a major Windows exploit today even though there was a patch for Windows months before it even hit and it only really affected unpatched systems.
I have had my hands on one Mac with this Malware and have received several emails and messages from teachers I work with and family and friends that use Macs that have had this installed. Thankfully this one is relatively easy to uninstall and remove and as long as they did not cough up any credit card or personal information they should be OK.
Untrue - not living in past
You said: "this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people"
Exactly. PC gets malware, it's dog-bites-man. Mac gets malware it's man-bites-dog.
It's no surprise that the PC centric industry media is going to go on about this. I'm just saying the hype is overblown.
Don't install software off the internet unless you're totally positive what it is, and if you're not convinced you can avoid this temptation, go get A/V software for the Mac.
I am running my Macs without it.
RE: Mac Defender malware now spreading virally via Facebook
[i]"You said: "this is the first piece of Malware for MacOS that anyone has ever seen grow and be spread like this so it comes to a shock to many people"
Exactly. PC gets malware, it's dog-bites-man. Mac gets malware it's man-bites-dog."[/i]
I think you severly overestimate the MacOS user community. They are people just like Windows users and they will remain their own worst enemies when it comes to stuff like this. This malware is biting and for most it becomes an annoyance but for some it is very effective.
[i]"Don't install software off the internet unless you're totally positive what it is, and if you're not convinced you can avoid this temptation, go get A/V software for the Mac."[/i]
That is great advice. Now see if people will actually follow it. Current events and recent and distant history has shown that is the one factor that will not change. The operators of the computer will be it's downfall no matter how secure you make an OS or piece of software. Malware writers know this and that is why they choose to use this method and other methods the prey on the unsuspecting user like phishing.
Message has been deleted.
RE: Mac Defender malware now spreading virally via Facebook