Malware back on the Mac agenda
By Stephen WITHERS
During the last month or so there's been an apparent burst of activity on the Mac malware front.
Fake antivirus software scams have been popping up on Mac screens thanks to what seems to have been effective search engine poisoning campaigns involving Google image searches in particular.
The windows generated by the malicious web pages are becoming increasingly Mac-like. You can see an example at Intego's Mac Security Blog and at Sophos's Naked Security blog (with video). Keep in mind that the names used have varied, and may change again.
Basically, the scam is to persuade the victim that their Mac is infected (eg, with dire warnings and by automatically opening smutty web pages), and that a paid copy of the fake AV software will clean it up. User interaction is needed, so it's not a huge threat - but some people are being fooled.
The other issue is that "The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums" according to security researcher Peter Kruse at CSIS Security Group. The 'Weyland-Yutani BOT' carries out web injection (ie, it can add content such as bogus form fields to web pages before they are rendered) and form grabbing (ie, it can steal data you typed into web forms, such as usernames and passwords). The initial version worked with Firefox, but Kruse said support for Chrome and Safari would follow.
What wasn't made clear is how purchasers of the Weyland-Yutani BOT are supposed to get the malware onto victim's computers in the first place (presumably via the usual tricks employed to induce people to visit malicious pages), but the existence of kits like this do make life easier for the criminally inclined but less technically able.
There's a tendency in some parts of the Mac community to liken anyone expressing concern about the likelihood of a serious outbreak of Mac malware to the boy who cried wolf. In one way, I think they may be right: the wolf did eventually show up. The difference that when (if) that happens, the boy will be safe but his fellow villagers will be in jeopardy. So I believe the assumption that anyone expressing such concerns must be acting out of self-interest or malice (as did the boy in the story) is misplaced. Yes, there are commercial interests at play, but it would be a mistake to think that's the whole story.
I've practically given up offering advice on this issue. It's become an almost religious matter with little chance that people on either side will change their minds. So I'll continue to take the precautions I consider appropriate, and leave everyone else can do whatever they think is best - which for some is nothing beyond installing OS and application patches when they get around to it. We'll see who ends up worse off.
|Subscribe to Hydrapinion|