ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

New Mac OS X DNS changer spreads through social engineering

By | August 11, 2009, 1:50pm PDT

Summary: TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. More info on OSX_JAHLAV.D: The Trojan contains [...]

TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family.

The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim.

More info on OSX_JAHLAV.D:

The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.

Not only are cybercriminals beginning to acknowledge the “under-served” Mac OS X segment, but also, they’re already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players. The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection.

From fake ActiveX objects at adult sites like the “Macintosh Porn Tube”, to bogus codecs and players, these tactics have been dominating the Windows threatscape for years, and will continue to do so, simply because they work. However, among the key advantages a cybercriminal coding/generating malware targeting Apple’s Mac OS X has, is the overall perception of its invincibility to malware, a state of false feeling of security shared across a huge number of people.

Meanwhile, Apple Inc. is already offering security advice stating that “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.

Just like previous campaigns, the latest OSX_JAHLAV.D one issues an offensive message if it detects that security researchers are attempting to assess it. The gang is clearly motivated.

What do you think - is Mac OS X malware gaining momentum, or are they just scratching the surface?

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Macintosh, DNS, Malware, Cyberthreats, Apple Mac OS X, Apple Mac OS, Security, Operating Systems, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
159
Comments
Add Your Opinion

Join the conversation!

Just In

RE: New Mac OS X DNS changer spreads through social engineering
zeus496 23rd Apr
funny how macs are detailed to make up explanations like""hey that is not a virus.."" if you gave your password and installed you deserve to be infected"" the original claim is that you dont get troubles with your data using mac,whatever malware its is, if its botnet,trojan the average newbie that spent money on apple dont care about definitions, and then is not true that you dont get virus/malware problems on a mac, makes me fun how macs are disturbed like their life wouldnt had sense if there is a virus, besides they dont need antivirus because apple packs them in the update, sorry kids you dont live in paradise you are the same burglar dressed in italian clothing, dont wreck your brain in subtle semantics......
View in thread
0 Votes
+ -
I cannot be
honeymonster Updated - 11th Aug 2009
everyone know that Macs are only being exploited in laboratories and only when users are asked to hand over their credentials!
0 Votes
+ -
No, the apology has had to change with the recent iLife trojan botnet
NonZealot 11th Aug 2009
If a trojan is in a piece of pirated software or a piece of free software, then the user was obviously trying to get something for nothing and deserves to get infected. Therefore the malware doesn't count.

There are still 0, zero, nada, zilch pieces of malware out there attacking OS X that "count"*.

*and if one were to appear, the rules for what "counts" will simply change
0 Votes
+ -
LOL
mrohwohlt@... 12th Aug 2009
You're funny.
0 Votes
+ -
LOL, ditto
deepee912 13th Aug 2009
ditto here
0 Votes
+ -
Dittio... HAHAHAHA
electroman76 13th Aug 2009
Ditto that twice!
0 Votes
+ -
Heh heh. Thanks for quoting me, Zealot.
vulpine@... 12th Aug 2009
It's nice to be quoted by people. It means you're being heard.

I am rather intrigued with this one. Wonder if I'll ever see it myself?
0 Votes
+ -
No problems vulpine
NonZealot 12th Aug 2009
I've always had a lot of admiration for the incredibly inventive Apple apologies that you guys are consistently able to come up with. Stating that everyone who gets hit with a trojan deserves it because they were trying to get something for nothing was yet another apology I could never have come up with myself.

BTW, now that trojans don't count, viruses with a social engineering component don't count, and drive-bys don't count, it would be interesting to do a recount of Windows malware that counts! You'd better hope no more rule changes are required or Windows too will have 0, zero, nada, zilch malware affecting it either! happy
0 Votes
+ -
King of the straw men.
DeusExMachina Updated - 13th Aug 2009
"I've always had a lot of admiration for the incredibly inventive Apple
apologies that you guys are consistently able to come up with."

And I have always admired how you almost always fail to make any
substantive argument, no matter what the topic, and, more
impressive, how you always leave the conversation when I post factual
responses to the factually devoid drivel you post.

Now, you DO know what a straw man argument is, right? You should,
seeing as how that is about the only argument you seem capable of
making. Notice that NO ONE from the mac side even posted before
you jumped in with your refutations. But I'll be more than happy to
take you on, again. (BTW, you may want to do a search over your past
posts for all the times I have called you a coward for running away
when I make substantive refutations of your BS, even though you
continue to post on other parts of the thread. It makes for amusing
reading.)

"BTW, now that trojans don't count,"

Who is saying trojans don't count. I have not seen anyone here claim
that. What they HAVE said, and what you appear to be to technically
inept to understand, is that trojans do not usually count as OS
exploits, are NOT the same things as viruses, that as long as you have
a general purpose computational device, trojans will be possible, and
that as such, their existence is not a particular issue for OSX. More to
the point, without privilege escalation, they can't do much of anything
on OSX, and that BSD makes privilege escalation difficult (please,
please bring up pwn2own here, please.) The same could not be said
about any version of Windows prior to Vista, where privilege escalation
was not only trivial, it was unnecessary. Vista made it harder, but not
impossible, and such exploits existed in the wild before Vista RC was
even out. But there is no need to bring up Windows. The point here is
that despite your assertions that you own a mac, you know NOTHING
about macs, let alone OSX security.

"viruses with a social engineering component don't count,"

This alone shows you don't know what you are talking about. Viruses
don't need a social engineering component. That is part of what
distinguishes them as viruses. And social engineering exploits don't
particularly upset people in the OSX world, because, again, they are
possible in any general purpose device. So it is not a shocker, and is
defeated by simple social inverse engineering, i.e. don't use admin
accounts, and don't give unknown apps your password.
Drivebys would count, if there were any in the wild, which there aren't.

"You'd better hope no more rule changes are required or Windows too
will have 0, zero, nada, zilch malware affecting it either!"

Now, king of putting words in people's mouths, I dare you to show any
place where I have "changed my definition." In fact, most mac people
posting here have been very consistent, and have not changed a
thing. Different people post different responses, and you are so
obsessed with your ZEALOTRY that you attribute every pro mac
comment to a single, mythical mac user.
Some people are unconcerned about particular reports of mac
malware because they don't download stuff off torrent sites, others
because they don't employ tactics that leave them vulnerable to social
engineering exploits. Others don't care because they run AV. But they
are not necessarily the same people.
For the record, I have never claimed trojans don't count as malware,
and in fact, they disprove your silly market share argument. I am just
not concerned with them. I DO claim that there are no OSX viruses,
because there aren't; but I also don't make a big deal about it, nor am
I complacent about it. Nor have I, or any of the hundreds of mac users
I know, EVER had any OSX malware. I know for a fact that you can not
say the same about Windows, as I have read your posts. You just
blame it on stupid users. I'll leave the rest unsaid.
  • Flagged
0 Votes
+ -
Projection?
ShadowGIATL 13th Aug 2009
While I don't agree with NZ very much, everything you listed is what YOU do.

You fail to provide factual information, and have no answers when facts are presented.

Do the *nix communities a favor and switch sides. You'd get more convertees that way.
0 Votes
+ -
Put up or...
DeusExMachina Updated - 14th Aug 2009
"While I don't agree with NZ very much, everything you listed is what
YOU do."

Oh really? Everything?
Leaving alone the fact that that doesn't even make any sense, I
challenge you to provide a SINGLE instance where what you claim is
so. Good luck with that.

But what do you mean, "what I do?" I didn't list things NZ did, so that
makes no sense. Or do you mean this:

"Different people post different responses, and you are so
obsessed with your ZEALOTRY that you attribute every pro mac
comment to a single, mythical mac user."

Again, I challenge you to post a SINGLE instance of me doing this.

In fact, it appears you are doing the exact same thing yourself,
lumping my posts together with others and just attributing them to
the opponent of the moment.

"You fail to provide factual information, and have no answers when
facts are presented."

I consistently provide factual data, and even cites where necessary.
Usually, however, my arguments are logical refutations, and as such,
no cites are necessary, unless the premises are disputed, in which
case I readily provide sources.

As for failing to provide answers, you've got to be kidding. I have
taken the rap here for being a tad bit verbose, arguing every minute
point, so to claim that I don't answer when facts are presented is just
ridiculous.If anything, my fault is that I fail to not have answers when
"facts" are presented, often in the form of disputing the supposed
facts with counterexamples.

"Do the *nix communities a favor and switch sides. You'd get more
convertees that way."

Huh? Switch side to what?
0 Votes
+ -
@DeusExMachina
ShadowGIATL 13th Aug 2009
Your above post is proof enough.

Just because you think you're right... doesn't make it so.

You claim that others are spouting off nonsense, by doing the same.

But hey, you're entitled to free speech. Go ahead and waste your time if you wish.
0 Votes
+ -
Just copy these rehashed comments
gkrwc 12th Aug 2009
and post them again when ever Mac and Malware
are written about or instead listen to these mp3's
for something slightly more interesting and to the point

http://campaign.constantcontact.com/render?v=001e
DD-TjGUnnCfo-vzO4Ebar4s_QJOVt7Mh0oYlJ_RSz
6iGgMYb1j_gm4EA8ZseGRflwMxQc2mOrdAR1JaKly
VVlcZTWoxGUK2O07G8G6bHYE%3D
0 Votes
+ -
Its just a matter of time
snafu_77 11th Aug 2009
As Apple computers become more popular or as malware authors seek out new territory the number of exploits will grow. The whole "its a mac, it doesn't have viruses" nonsense will not help users and will hurt Apple's image. As a new macbook pro owner I am pretty disappointed in the security apps available. No real firewall is available unless you want to dig in to the commandline. There is one dominant outbound connection blocker that allows traffic to be passed without the user's knowledge and costs $30 (little snitch). The AV apps are pretty scarce too. My university has a recent version of McAfee which is as useless as McAfee's support forums. ClamAV is what I use currently. Its okay but the background service fails to load at startup and I haven't had time to trouble shoot that. That old "it just works" mac adage is flawed to the core. I still prefer OSX to Windows though. I am hopeful that is just a small valley and not the top of a steep slope in product quality/security.
0 Votes
+ -
Well, good luck
honeymonster 11th Aug 2009
with your new machine. All operating systems have quirks, although some more than others. Today the most vulnerable part of any PC or Mac is located 16 inches from the screen. The vast majority of malware infections are not caused by vulnerabilities in the OS or software, buth rather by gullible users.

Thankfully you don't appear to belong to that category, judging from what you wrote.

Let's just hope more OSX users start using some common sense instead of acting on information they received from Apple ads.
0 Votes
+ -
A Checkbox Supreme
DannyO_0x98 Updated - 11th Aug 2009
I haven't checked, so this is speculative, but it is my impression that
the downloads section of apple.com have a lot of free gui wrappers
around command-line configuration apps. I do recall firewall
applications available there a few years back.

Configuring a firewall is a matter of changing a plain text
configuration file, so any editor would work, as long as it is saved
back in plain text. Remember to work with a copy and rename, do not
replace, the one that came with install. The arcana of the
configuration and the research as to what in-to-out network traffic
should be allowed seems a lot more time-consuming then the
command line work, but mileage does vary. (I've done a couple for
FreeBSD and it is no fun.)

The Mom and Pop way to firewalling references the "Sharing" settings
in System Preferences. The general consumer will spend more time
pondering what Remote Login (ssh) means than how to enable it. I
found the technique for opening the firewall to inbound traffic for
tomcat (port 8080) was as easy as I would hope. You seem to be
concerned with connections out, so I don't know how useful that was
for you.

Today's fun adventure for me was configuring a Linux Desktop/Server
running Kubuntu Jackalope for a static ip. I mean, trying. Apparently
you can't get there from here with KDE's network-manager. While
Google gave me some friendly advice, it wasn't particularly effective.
So, back to DHCP for that guy. Meanwhile, it's pretty easy on OS X.

"Just works" about the Mac says to me that, on the whole, there's a
better ratio of "that was simple" tasks to "that should have been a lot
easier" tasks for the ordinary person's needs. Coming back to firewalls
- a poster boy for unintended consequences - it is hard to imagine
something robust and bullet-proof and customized could be done
with a couple of check boxes and an okay.



0 Votes
+ -
In my recent browsing
snafu_77 12th Aug 2009
of apple.com and google searching I have found a few wrappers. The best looking one seems to be not actively being updated. I have no problem with configuring iptables or ipfw in the mac's case. I just would have thought there would be more robust apps out there for a prominent operating system. Out of the box Ubuntu offers much more at the drop of an apt-get.

I agree that the "it just works" is referring to much more than the limited scope of security apps I personally prefer but as rootkits, malware and viruses become more prevalent and those simple tasks get sidetracked....then it works not so much. I guess that is part of my point too that a few checkboxes and an okay doesnt make a secure system- not in this case at least. And unfortunately many ill-informed users believe they are running openbsd locked down with a apple lit up on the screen.

On Jackalope- try Ubuntu Forums if you haven't already. There are often bugs in the network mgmnt apps. Wifi pissed me off to no end. I was forced to write custom scripts and reconfigure kernels to get support for my wireless device and higher security protocols - wpa2 etc. Its free software but that does not take into account the price you may have to pay in time configuring and troubleshooting.

Also don't get me wrong, I don't feel exposed on this OSX box, although I am to a certain degree, as we all are on 99.9% of internet connected devices.
0 Votes
+ -
All your security needs in one package
shanee25 12th Aug 2009
Obviously you are not looking very hard for security products. The one
that stands out and has done so for a long time is the Intego product
line. You can purchase firewall, anti virus, anti spyware, anti malware and
a whole bundle of other goodies if you are interested. This has been out
for years (ever since Ive been using a mac at least (6 years or so)
0 Votes
+ -
Thanks!
snafu_77 12th Aug 2009
Hadn't heard of their products at all. I've probably spent a few hours researching apple's forums and other apple user forums and they werent mentioned in any threads I've read through. Net Barrier is all I need, if it proves worthwhile.

On another note - Personal Backup X5 looks like a great solution to my NAS backup issues. I don't care for the Time Machine - SMB workarounds.

Excellent info!
0 Votes
+ -
Every Mac malware...
arminw 12th Aug 2009
out on the Internet until today and including this, has needed user
interaction. No Mac has ever been infected at any time anywhere by
simply surfing to a website and contracting a self spreading virus or other
bad program. Macs are still safer, although not maybe more secure, but
increasingly both on Windows and on Macs, attacks have concentrated on
the computer's user rather than on the computer itself.
0 Votes
+ -
Basic economics - Investment vs profit
brendan@... 12th Aug 2009
Malware that can infect a computer without a users interaction takes a lot more effort to write than malware that convinces a user to open the door for them. Which is why it's still so focused on Windows, which is the one OS with enough of a market presence to warrent investing that much time and effort.
0 Votes
+ -
Bull
DeusExMachina 13th Aug 2009
I have grown increasingly annoyed at the people who post this market
share nonsense, especially those who write it as if they are saying
something illuminatingly original. The market share myth has been
debunked so many times, one would think people would know better by
now. I have done so myself on at least a dozen threads.
As to the idea that malware that doesn't require user interaction is easier
to write, that is true, but to make the leap to that being the reason that
there is no motivation to do so on OSX is absurd. It isn't done on OSX,
because the basic BSD underpinnings makes it very hard.
0 Votes
+ -
The market share "myth"
rtk 13th Aug 2009
has never been debunked, because it's not a myth.

Sure, a few blogs have posted some straw men arguments attempting to debunk it, but they are generally so transparent as to be easily spotted as junk logic.
0 Votes
+ -
The danger of universally quantified statements
DeusExMachina Updated - 13th Aug 2009
The fact that you would make such a blanket statement is telling. In
order to make that statement with any validity, you would have had to
have read every post on the entire internet. That is the problem with
universally quantified statements. That you would make that
statement, and fail to actually address the issue, says volumes about
your understanding of the issues involved. To wit:

It is just a matter of simple logic:

1) OSX has tripled in market share over the last two years. According
to the market share myth, there should have been a commensurate
increase in malware. There is NO evidence of this in the market, just a
bunch of prophesying of the eventual doomsday, that never seems to
actually come.
Or are you postulating some magical threshold level, beyond which
these mythical malware beasts will suddenly spring into being? If so,
see #2.

2) One can easily attack the logic of this silly argument from its
undebelly. According to this argument, market share corresponds to
malware penetration, such that the greater the market share, the
greater the amount of malware exploits. Likewise, the smaller the
market share footprint the lesser the number of viruses, etc..
Please explain, then, why OSX has no malware in the wild while
OS9, with a smaller market share, had hundreds; why were
there were even viruses for the Atari ST, the Amiga, and the Coleco
ADAM, for god's sake! Are you claiming that the ADAM had a larger
installed base than OSX?!?

Regardless of what operating system you favour, the
numbers refute this claim.

3) most original malware authors are NOT criminals trying
to steal money or information. They are security
researchers and hackers motivated by personal drives. This
work is then appropriated by criminals, who modify it to
their own ends. Most criminals do NOT write their own
original code. So the profit motive is irrelevant. With the
original coders, hacking a system whose designer and
adherents claim the system as safe is a HUGE motivation.
And yet no malware in the wild.
This directly addresses the point made by brble, but more on that
later.

4) Even if financial motivations were paramount, the OSX
installed demographic in general is more affluent and has
more disposable income. If you are a criminal, do your
target people on food stamps or people who live in
mansions, especially if, as you claim, they are complacent
about security?
More to the point, a large portion of financial, government,
and military institutions and other organizations with large
amounts of capital or valuable information run on one or
another flavour of UNIX. Many even run OSX, including the Army. Are
you claiming they are not financially attractive targets? And yet where
is the malware?

5) Market share is not even an important number? The
only number that matters is installed base. OSX users tend
to keep their machines on average three times longer than
owners of Windows machines. Windows users, on the other
hand, often turn over their machine every few years. As
such, their market share is inflated by all the people
buying replacement machines, which does NOT grow the
installed base of machines.
In addition, most used macs are not discarded, unlike PCs,
but handed down to others or repurposed. Again, this is
much less so with PCs, which are routinely discarded in the
trash. The OSX installed base is thus several times larger than its
market share.

There are any number of other arguments, but again the
"simple" arguments you make about security recall the
response by Henry L. Menkin. "For every complex problem
there is an answer that is clear, simple, and wrong."
0 Votes
+ -
Agreed, your universally quantified statements are dangerous.
rtk Updated - 13th Aug 2009
The fact that you would make such a blanket statement is telling

The blanket statement was that "the market share myth has been debunked.". No, it hasn't.

I don't have to read every post on the 'net to know this. I don't need to empty Loch Ness to know the monster is a myth either.

Market share has a direct correlation to the number of people looking to create exploits from vulnerabilities.

1) OSX has tripled in market share over the last two years.

Yeah, maybe you need to get your info from somewhere other than Apple. Apple's market share globally remains less than 5%. It hasn't tripled, it hasn't even doubled.

2) ... why OSX has no malware in the wild

Oh, but it does, if you open your eyes. I'm sure you'll excuse each and every one as "not counting" for various weak fanboi reasons, but that doesn't fool too many.

3) Malware purveyors are criminals looking to steal mainly resources, and often passwords and other private data.

4. Malware is about money, mostly spam bots. Get a clue.

5. The installed base of macs hasn't increased by any appreciable number in years. I don't know what the magic number is, but 5% isn't it.

That's not to say that OS X isn't now being targetted, because it is.
0 Votes
+ -
You clearly don't understand basic predicate calculus
DeusExMachina Updated - 14th Aug 2009
"... your universally quantified statements are dangerous."

Very clearly you do not know what a universally quantified statement
is. Hint, I didn't make one.

"The blanket statement was that "the market share myth has been
debunked.". No, it hasn't."

Yes it has, and was done so again, here. But, just FYI, that was NOT a
universally quantified statement. It can be rephrased as: There exists
an argument such that the idea behind market share being
proportional to malware penetration is debunked. Whether you agree
with the conclusion, the argument itself is sound, and is an
EXISTENTIALLY quantified statement, not a UNIVERSALLY quantified
one. But that said:

"I don't have to read every post on the 'net to know this. I don't need
to empty Loch Ness to know the monster is a myth either."

Actually, you do. That is the pitfall of universally quantified
statements. In order to prove them, you need to enumerate every
instance. In order to disprove them, you need to just provide a single
counterexample. The converse is true for existentially quantified
statements, to prove them a single instance must be demonstrated, so
disprove them, every instance must be enumerated, and shown to not
match the exemplar. Seriously, take at least one class in logic before
you attempt to debate it.

"'1) OSX has tripled in market share over the last two years. '

Yeah, maybe you need to get your info from somewhere other than
Apple. Apple's market share globally remains less than 5%. It hasn't
tripled, it hasn't even doubled."

Since Apple does not market to the entire world, especially China and
India, global numbers are irrelevant. Since combined, these two
countries alone make up 50% of the entire global population, your
numbers are heavily skewed. Even if they did, the degree of OS piracy
in both these countries makes market share data pointless.

Clearly I was discussing US market share. Why is this appropriate?
Because the US is by FAR the target of preference of malware authors.
If the market share argument held water, it would be the US numbers
that were the most important.

That said, even if one did look at global numbers, a few years ago,
Apple market share was a 1.9% (Source Gartner.) In 2005 it was about
4.4%. in 2007 it was about 6.6%, and last year it topped 8% (Source:
Market metrics firm Net Applications.) You were saying?

"Malware purveyors are criminals looking to steal mainly resources,
and often passwords and other private data."

and

"Malware is about money, mostly spam bots. Get a clue."

And your point is? Since Mac owners demographically have more
money, and since you claim they are wide open to infestation, since
they run such an insecure OS and use no anti-malware software, they
should be prime targets. And yet, they aren't.

"The installed base of macs hasn't increased by any appreciable
number in years. I don't know what the magic number is, but 5% isn't
it."

Seriously, crawl out from under that rock you call your home. Mac
market share has grown exponentially year over year for the last five
years.
This it both in the US as well as globally.

"That's not to say that OS X isn't now being targetted, because it is."

And yet... .
0 Votes
+ -
@DeusExMachina
ShadowGIATL 13th Aug 2009
All that rambling, and you failed to make a factual point. Opinion... but not a factual point.
0 Votes
+ -
Factual points
DeusExMachina Updated - 14th Aug 2009
Since you seem incapable of understanding the distinction, here is a
sampling (though not all, by any means) of factual points in the
previous post:

1) Whether you agree with the conclusion, the argument itself is
sound, and is an EXISTENTIALLY quantified statement, not a
UNIVERSALLY quantified one.

Things either are or are not universally quantified. This is not a matter
of opinion.

2) That said, even if one did look at global numbers, a few years ago,
Apple market share was a 1.9% (Source Gartner.) In 2005 it was about
4.4%. in 2007 it was about 6.6%, and last year it topped 8% (Source:
Market metrics firm Net Applications.)

In what way is this not a factual point, one directly relevant to the
claim that world mac market share is stagnant at less than 5%? You
are free to dispute the numbers, and I can post similar numbers from
other firms, but your contention that they are not factual points is
absurd.

3) Since Mac owners demographically have more
money, and since you claim they are wide open to infestation, since
they run such an insecure OS and use no anti-malware software, they
should be prime targets.

This is both two factual statements and a logical conclusion therefrom.

4) Mac market share has grown exponentially year over year for the
last five years.
This it both in the US as well as globally.

This is another two factual statements, one a repetition of the
previous point.

While my argument was primarily a logical one, it was based on a
number of factual poitns for which I provided citations.

Again, you were saying?
0 Votes
+ -
Weak
notsofast 14th Aug 2009
Since Apple does not market to the entire world, especially China and
India, global numbers are irrelevant. Since combined, these two
countries alone make up 50% of the entire global population, your
numbers are heavily skewed. Even if they did, the degree of OS piracy
in both these countries makes market share data pointless.

Wow! That is an incredibly weak argument. Apple doesn't market in China or in india, because they wouldn't sell. At some point in time, the average level of income may rise to a point where Apple can sell their products at their chosen price point, but that day hasn't come.

Their worldwide marketshare DOES matter.

I'm not going to get into your silly logical games --they're interesting, and you're clearly very intelligent, but it's just a game.

Marketshare matters, because that's how malware groups make money.

Marketshare matters, because if you're building a botnet, you have far greater potential with MS than you do with Apple. If Apples worldwide market share is 5% and the malware guys were 100% successful (and they'll never accomplish that on any platform) they'd only have to find success on 5% +1 windows machines to do better.

The only argument that supports yours is that it's easier to write malware for Apple, which is why we're seeing an increasing number rudimentary of attacks on the Mac.

In the end, most attacks are not direct attacks on the OS (and this applies to *nix, Windows and OS X). they attack a weakness in an app or the weakest link of all: the end user.

You attack based on marketshare, because malware is a numbers game, just like Telemarketing was (is?). You don't search for the richest people, you just keep calling everyone, because a certain percentage will say yes.

Not everyone will fall for this attack on the Mac. I've never fallen for it on the PC. But some will. Eventually, the malware architects will build an infrastructure to attack macs like the one they have for windows, but at this point, they're just testing. It's 1999 for Macs.

Welcome to the big show.
0 Votes
+ -
re: Factual points
rtk 14th Aug 2009
netapplications has OS X at 4.86%, up from 3.73 a year ago. 4.8 hasn't "topped 8% last year", it hasn't grown exponentially, and it surely hasn't tripled.

Maybe you need less time on Roughlydrafted?
0 Votes
+ -
Arguments with logical flaws are weak.
DeusExMachina 14th Aug 2009
The point of the first quote is that market share data is not useful, for
a variety of reasons. Also, since the majority of the people in question
are of limited means, they are also not particularly useful targets of
malware except for use in botnets. The fact that a large percentage of
OS installations are pirated also skews the number.
More importantly, the issue was brought up in response to the claim
that OSX market share globally was less than 5%, and the contention
that it had no tripled in the last few years. Clearly that contention is
wrong.

"Their worldwide marketshare DOES matter. "

No it doesn't. Foot print matters. MS could fail to sell a single machine
for the next year, and they would still have a huge install footprint.

Logic is not a game. It, along with empirical data are the ONLY way of
determining truth. If your argument is not logically valid, it is faulty.

"Marketshare matters, because that's how malware groups make
money."

Again, not so, they make money from installed base, which can be
markedly different from market share.

"If Apples worldwide market share is 5% and the malware guys were
100% successful (and they'll never accomplish that on any platform)
they'd only have to find success on 5% +1 windows machines to do
better."

First, OSX market share is higher than that, second, while your
argument is correct, if OSX were as vulnerable as claimed, a high
percentage of penetration would be virtually assured, and, as 5% of
the Windows market would not be realistic, a botnet of OSX machines
would easily DWARF a Windows net.

"The only argument that supports yours is that it's easier to write
malware for Apple, which is why we're seeing an increasing number
rudimentary of attacks on the Mac."

Again, neither of those are the case. Especially if you go by the
postings here, which contend that market share makes finding explots
and developing malware kits more attractive. As such once such tools
are available, writing malware is trivial, it is strange to suppose that
OSX malware authoring would nonetheless be easier.

Also, there is absolutely NO data to support your contention that there
is an increasing number of attacks against OSX. In fact, the data
clearly show that the number of such attacks have remained stable.

"You attack based on marketshare, because malware is a numbers
game, just like Telemarketing was (is?). You don't search for the
richest people, you just keep calling everyone, because a certain
percentage will say yes."

Having worked as a telemarketer, I can assure you that this is not the
case. Many phone lists are demographic specific, and many clients
demand these lists, which command a premium. They are, in fact,
coveted in the industry.

"Not everyone will fall for this attack on the Mac. I've never fallen for it
on the PC. But some will."

There is no evidence of this attack having actually affected anyone in
the wild.
0 Votes
+ -
Market Share
brble 13th Aug 2009
It's not just about the potential target (although that's a big part of it), it's also about the source.

A recent study showed that over 40% of malware comes from China, and more than 10% comes from Russia - that's over half of all malware, with only about 21% coming from the U.S.

How many of those malware writers in China and Russia have Macs, do you suppose? Based on the market share info I've seen, my guess is it's a very low number, and if the majority of the people writing malware don't have Macs, then how would they write any for Macs?

The BSD underpinnings of OSX may make it more difficult to get something to run (or not - I can't say for certain myself), but if the majority of those writing malware do not have a Mac or know much about them, they're not going to even be trying.

Add to that the size of the potential target base, where a small percentage of affected Windows systems could be larger than the entire Mac market, and I just don't think there's a lot of motivation for the majority of those people to go after Macs.
0 Votes
+ -
Law of the jungle
DeusExMachina Updated - 13th Aug 2009
While your argument on the surface appears to have merit, deeper
inspection shows it to be invalid. First, part of this is addressed in
points 3 and 4 above. Beyond that, first, malware is a multi BILLION
dollar a year industry. Are you claiming that malware authors could
not afford a mac if they were a profitable target?!? That is absurd.
(Not that having an actual mac would be a necessary prerequisite,
unless you're saying that malware authors are too stupid to figure out
how to run a Kalyway install. Are you?)
But even if we assume they ARE that stupid, it wouldn't matter
anyway. If OSX were that much more insecure as people here claim,
and its users that much more complacent, and therefore vulnerable,
malware authors would FLOCK to the platform.
I used to help teach a self-defense course, where we spend a
significant amount of time on victimology. The statistics paint a clear
picture of the criminal mind. Criminals do not necessarily target the
most well-off people for potential victims, crime is mostly a business
of opportunity. It is just simply easier to make a living going after low
hanging fruit than expending the resources necessary to go after
harder targets. As such predators target the victim of easiest
opportunity, the weak and the vulnerable.
The same is true in nature, where predators seldom attack adult,
healthy animals, even if they would provide far better meals. Instead
they go after the young, the old, the sick, and the injured.

If mac users were so wide open and vulnerable, it is foolish to think
that Chinese and Russian hackers wouldn't immediately target them,
and would be more than willing to purchase a few machines in order
to do so. And in fact, the demographics are quite clear that, for
obvious reasons, mac owners tend to be better off and have more to
steal, anyway. As such they would be a HUGE target, regardless of
market share. The fact that few people go after them is telling, and
clearly has little to nothing to do with market share, but instead
evinces the fact that the original premises were flawed, and that mac
users are not quite as easy targets as they appear.
0 Votes
+ -
Yes, law of the jungle
brble 13th Aug 2009
To extend the analogy, an animal is not going to leave its habitat in search of food if there is plenty around, especially if it has to develop new hunting techniques, even if there are a few animals out there with more meat on them.

Malware writers have been working in the Windows environment far longer than OSX has been around, and have developed familiarity with it and a number of tools for creating malware. The much, much larger numbers of Windows users ensures that they will get at least a few "fat cats," and will make up in volume what they might lack in juicy targets.

And all that assumes that malware is only being created to get credit card numbers, etc. For DDoS attacks and other botnet uses, the Windows market share is far more useful.
0 Votes
+ -
Nature and habitat
DeusExMachina 13th Aug 2009
"To extend the analogy, an animal is not going to leave its habitat in
search of food if there is plenty around, especially if it has to develop
new hunting techniques, even if there are a few animals out there with
more meat on them."

Since the habitat is the internet, it is hardly necessary for anyone to
leave their environment. Since mac owners generally have more
money, but are supposedly wide open to malware attacks by virtue of
running a very insecure OS and running no AV software, as well as
generally being naive, they should be being targeted like crazy. And
yet they are not. The logic of your argument has been foisted by it's
own petard.

"Malware writers have been working in the Windows environment far
longer than OSX has been around"

OSX is BSD Unix. Unix has been around since before a guy in Texas
wrote a little thing called DOS.

"and have developed familiarity with it and a number of tools for
creating malware."

Actually most of those tools were NOT created by malware writers.

"The much, much larger numbers of Windows users ensures that they
will get at least a few "fat cats," and will make up in volume what they
might lack in juicy targets."

And the much larger number of fat cats, all of whom are supposedly
unable to defend themselves, would more than make up in volume of
results what they lack in overall numbers. This is exactly what one
would see in the wild. Non indigenous species that enter an area that
have no natural defenses against predators get decimated, because
the predators switch to them as preferred prey, as they are
defenseless.
0 Votes
+ -
@DeusExMachina
brble 13th Aug 2009
First of all, your post re-enforces the stereotype that Macs are expensive and only for the wealthy - do you believe that's the case? Do you really believe that the 5% market share of Macs could produce an equal or greater amount of income than the 90% market share of Windows? Really?

And I noticed you didn't even address the DDoS/botnet part of the discussion.

Second, your reply makes little sense - the "habitat" is the OS ecosystem, not the Internet. Macs and OSX don't run the same software as Windows, so malware writers would have to learn a new environment and obtain new tools to make their applications work. And again, all that for 5%.

BSD has been around a while, but Apple has built a lot around it, and that's largely where the security holes are (there are holes, otherwise Apple wouldn't bother patching anything). BTW, DOS was written in Seattle, not Texas.

Looking at the posts of yours here, I'm convinced that if every hacker/cracker/malware user on the planet lined up and told you that they don't go after the Macs because it's not worth their time, you'd say they were all lying.

If God in heaven above came down an told you OSX was not secure, you'd tell him he was wrong.

In light of that, I don't see any real point in continuing the discussion.
0 Votes
+ -
Supreme beings with better things to do
DeusExMachina 14th Aug 2009
If anything, OS would be a microclime, not a habitat. the machines all
inhabit a single large network, and that is the habitat in question. If it
were just the "OS ecosystem" the issue would be moot.

Where are you getting the 5% number. It certainly isn't accurate. Nor is
using market share in the first place, as market share reflects
machines sold, NOT OS footprint.

But yes, the smaller mac market share, if they were as vulnerable as is
claimed, most decidedly WOULD produce a greater amount of income
than the Windows market share, because you could guarantee an
almost total takeover rate. The same response is valid to the DDoS
argument, which is why didn't bother to repeat it, especially since it is
claimed here that mac users are so complacent, they wouldn't even
notice that their machines were taken over, and would have no way of
fixing it even if they did.

In what way does my post reinforce the idea that macs are expensive.
While one can certainly make that argument, it does not stem from
anything I wrote in this thread. That said, as far as cost, macs and equivalently speced windows boxes are cost comparable. This is not
just me making this claim, but rather any number of Windows centric
PC magazines, including Laptop Review, PCWorld, etc.. To claim
otherwise is to evince a lack of knowledge of hardware specs.

"BSD has been around a while, but Apple has built a lot around it, and
that's largely where the security holes are (there are holes, otherwise
Apple wouldn't bother patching anything).


First, I have never said there weren't. The issue is not holes, but
exploits. And "holes" in support software is not the same thing as OS
issues. I do not consider a Word macro virus a Windows problem
(although it clearly is an MS one.)

"BTW, DOS was written in Seattle, not Texas."

Yeah,that was just a brain freeze. Not sure where Texas came from.

"Looking at the posts of yours here, I'm convinced that if every
hacker/cracker/malware user on the planet lined up and told you that
they don't go after the Macs because it's not worth their time, you'd
say they were all lying."

There is no need to speculate. Hackers routinely go after OSX, as do
malware authors. Not sure what you mean by crackers, since OSX
installations do not require a license key, and therefore there wold be
nothing for a cracker to do. About the only thing a cracker would find
to do would be to emulate the logic board certification of Apple
hardware to allow OSX installation on non-Apple hardware. That was
done a while ago, was not all that difficult, as Apple didn't try to make
it all that hard, and has nothing to do with OS weaknesses, but hey, I'll
give you the point if you want it.
So there is no need for your mythical line up of hackers to profess
their lack of interest in OSX, as a large number of hackers have
actually already professed the opposite. In fact, have you ever even
attended DefCon? There are mac EVERYWHERE! A significant number
of hackers use macs as their primary machines.

This includes Charlie Miller, who uses macs routinely. He prefers
them. His main machine is a 1.83 GHz MacBook, even though he has
won other, more impressive machines.
0 Votes
+ -
Hackers vs. Crackers
brble 14th Aug 2009
Like I said, I'm not going to debate you on OSX security - you think I'm wrong and I think you're wrong, so there's no point in continuing.

Just for reference, though, the term hackers originally referred to those hacking systems to find ways to make them work better and find tricks. Crackers were those who tried to break into systems and circumvent security, although the term hacker has been used more to describe that type of behavior recently. I mentioned both to be complete and accurate.

Here's a page that gives a pretty good breakdown:
http://project.cyberpunk.ru/idb/crackers.html

A cracker is the one who does cracking. Cracking is the act of breaking into a computer system, often on a network. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
0 Votes
+ -
Hackers
DeusExMachina 14th Aug 2009
"Just for reference, though, the term hackers originally referred to
those hacking systems to find ways to make them work better and find
tricks. Crackers were those who tried to break into systems and
circumvent security, although the term hacker has been used more to
describe that type of behavior recently."

I was around, then, and I can assure you that this was not the
distinction. Hacking was an overall term for throwing hardware
(eventually extended to code) together to get a job done in a quick
and dirty fashion, and later was extended to breaking into systems,
either for good (white hats) or not. The term cracking was not used to
distinguish black hat hackers from white hats. It was originally used
to refer to those who developed ways to bypass copyright security to
allow programs to be installed without purchase, and occasionally to
refer to systems hacking.
Back then I was hacking Dec-10s and PDP-11s running TOPS. No one
made that distinction back then.
0 Votes
+ -
You crack me up (no pun intended)
brble 14th Aug 2009
I was using Primes and Vaxes, and no one ever used the term hacker to refer to someone who broke into systems. Also, if you do any search you're going to find that the vast majority of data support what I said.

http://www.cs.utah.edu/~elb/folklore/afs-paper/node9.html

http://www.iwriteiam.nl/HackerDef.html

http://beemerworld.com/tips/hacker.htm

http://blogs.techrepublic.com.com/security/?p=1400

http://www.hackinglinuxexposed.com/about/hackers_vs_crackers.html

But I don't expect a few facts to change anything for you.
0 Votes
+ -
facts and the joy of cherry picking
DeusExMachina 14th Aug 2009
Anyone can cherry pick links that bear out their position.
In fact, if you enter "Hacker definition" into google, the first several
links contradict your position. Interesting that all your links are of
relatively recent origin. The attempt to rehabilitate the term is a new
found phenomenon, similar to the use of the made up word
polyamory.
This made up etymology is NOT how the term was originally used.
One need only look at their origins section, The term has been around
for hundreds of years, and entered computer parlance by virtue of
hardware, not software. As it came to be applied to software, it had a
generic, general purpose meaning similar to its use with hardware,
that of McGuyver like skill in accomplishing a task. One such task was
breaking into secure systems.
I used VAXes running both VMS and UNIX, and even the occasional
Xerox Alto, and I can assure you that the term "hacker" was already in
use in a broad spectrum of meaning, including that of breaking
computer security. Back in '79 I was already in a group of self
professed hackers, some of whom reveled in breaking into banking
mainframes.
The term "cracker" was NOT in common use until MUCH much later.
No one called themselves a cracker in the 70s, and probably not in
most of the 80s either. It was coined in an attempt to rehabilitate the
term "hacker."
From the first link (wikipedia):
"Several alternative terms such as "black hat" and "cracker" were
coined in an effort to distinguish between those performing criminal
activities, and those whose activities were the legal ones referred to
more frequently in the historical use of the term "hack"."

0 Votes
+ -
@DeusEx
ShadowGIATL 14th Aug 2009
facts and the joy of cherry picking
Anyone can cherry pick links that bear out their position.

Funny, when you post links, it is irrefutable fact, but when others post them they are cherry picked to support their position.

You have ultimately proved just how biased, and out of touch you are here.

Maybe it is time for a new hobby.
0 Votes
+ -
of the burden of proof
DeusExMachina Updated - 15th Aug 2009
First, you really need to take a class in logic and what constitutes
proof, because you clearly don't have a clue.
Second, not all citations are created equal. In this instance, he posted
a set of links to sites of rather recent origin. This proves nothing
about the history of the word. I was there when the terms were
originally used, and NO ONE used the term cracker back then.
Third, again, we hit the issue of universally and existentially quantified
statements. They each require quite different burdens of proof.
Fourth, the links I post cite specific facts under contention, such as
data and quotations. You are free to dispute them, as I have done
here. You will most likely have your refutation examined, and in turn
responded to with a proof to the contrary. You are free to attempt to
do so with whatever I cite. But you don't; you just troll along here
posting silly whinings and superficial trivializations.
0 Votes
+ -
universally and existentially...
ShadowGIATL 15th Aug 2009
you're full of crap.

You're still rambling, and still biased. The proof is in your own words.
0 Votes
+ -
That means a lot
DeusExMachina 15th Aug 2009
considering that you still have no idea what either of those words mean.
0 Votes
+ -
Net Applications changed their metric
DeusExMachina Updated - 14th Aug 2009
The numbers you are reporting come AFTER Net Applications changed
their metric, earlier this year. The numbers I reported, using the
original metric, are nonetheless valid as to market growth. Whether
you like the numbers, the growth pattern is the same.

"Net Applications, one of the leading sources for online market share
information for year, has changed the rules. And now it reports Mac
market share at half the figure they used in May.

Rather than use the same methodology we have depended on for
years, Net Applications decided to apply "country level weighting" to
its data. That means that it no longer simply looks at real world data
and reports it. Instead, the real data for each country is weighted
based on its population of Internet users, based on CIA data."

Regardless of the metric Mac market share has exhibited exponential
growth over the last five years. Even using their new numbers. Funny
how you don't bother to post the adjusted metric numbers for
previous years, as they do not bear out your criticism.
0 Votes
+ -
WHAT SAY IT An't So
rparker009 12th Aug 2009
But those Ads that talk about how much better mac is over Pcs say they can not get them.....

You mean they lied about that ? Then what else did they lie about ?
0 Votes
+ -
WHAT SAY IT An't So This is can not be right
rparker009 12th Aug 2009
But those Ads that talk about how much better mac is over Pcs say they can not get them.....

You mean they lied about that ? Then what else did they lie about ?
0 Votes
+ -
let the firework begins!
Mectron 11th Aug 2009
Since Apple as no clue/concept of security and the Avarage Mac user is as dum as a bag of hairs. maleware will flourish on the Mac....
0 Votes
+ -
Apple should ask the experts
shanee25 12th Aug 2009
I think the guys from Cupertino should head up to Redmond to see how
the security experts do it!
0 Votes
+ -
Ostriches
M.R. Kennedy 12th Aug 2009
"I think the guys from Cupertino should head up to Redmond to see how
the security experts do it!"

Actually, until very recently the Guys from Cupertino have collectively had their heads buried in the sand WRT Mac malware. If anything, their marketing department (note the various "Mac vs. PC" ads) have done so.

Your suggestion has some merit, though.
0 Votes
+ -
RE: New Mac OS X DNS changer spreads through social engineering
zeus496 23rd Apr
funny how macs are detailed to make up explanations like""hey that is not a virus.."" if you gave your password and installed you deserve to be infected"" the original claim is that you dont get troubles with your data using mac,whatever malware its is, if its botnet,trojan the average newbie that spent money on apple dont care about definitions, and then is not true that you dont get virus/malware problems on a mac, makes me fun how macs are disturbed like their life wouldnt had sense if there is a virus, besides they dont need antivirus because apple packs them in the update, sorry kids you dont live in paradise you are the same burglar dressed in italian clothing, dont wreck your brain in subtle semantics......

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix