Category Archives: Mac

MacRansom (& MacSpy)

(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)

Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’

Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service

Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”

AlienVault: MacSpy: OS X RAT as a Service

David Harley

 

Support scams update

Just added to the tech support scam page here: a link to a lengthy blog I recently put up on the ESET site.

Here’s a direct link to that blog article: Tech Support Scam Update: Still Flourishing, Still Evolving.

It includes some information on gambits gleaned from people who’ve commented on ESET articles on the topic, from blogs by Martijn Grooten and Jerome Segura, and from some conversations I had at this year’s Virus Bulletin conference a few weeks ago. The misuse of ping for convincing Mac users they have a problem is particularly interesting, though they’ll need to find another approach now. (All is explained in the article.)

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Mac Whacks Back

It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.

Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here:

http://www.makemineamac.info/2009/10/dont-bug-me-why-macs-are-still-virus.html

Thanks, however, to Kurt Wismer for reassuring me that Mac security is not just my own personal crusade:

http://anti-virus-rants.blogspot.com/2009/12/why-mac-fanatics-still-believe-theyre.html

I have a feeling I’m not done with this issue. And just to be clear: for most of those 20 years I was working for customers, not for vendors…

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Possible probabilities

Rich at Securosis (@securityninja on Twitter) made an interesting post yesterday about the fact that, in referring to Mac security, the possibility of a threat doesn’t equate to there being a probability of it. While we can argue the toss about who in the security industry does or doesn’t have a clue about basic probability theory* the point made is none the less worth examining.

There’s definitely something in the fact that, as yet, the Mac OS has not been a great target for malware. This, as most people with any sense will acknowledge, is not due to the fact that Macs are automagically non-virusable, but rather due to the lower market penetration they currently hold, making them a somewhat lower priority for exploitation. Although there are signs that this is changing, particulary with the porting of the Zlob Trojan to Mac, to this point I agree with Rich, the risk is relatively low AS FAR AS GETTING INFECTED with something is concerned.

Where I have a problem with his post is that, in pointing out one logical fallacy, he makes another; that of confusing correlation and causation. The fact that you use a Mac may protect (to whatever limited extent) against certain types of threats, but that does not mean that you are not equally exposed to other threats – in fact, precisely because of your false sense of security, you may be even more so. Phishing, for instance is completely platform agnostic – having a Mac won’t protect you – because the thing being infected is the USER not the SYSTEM – there’s nothing to stop you getting caught out and putting your banking credentials onto a fraudulent website (unless of course you have some security suite that might warn you of the fact…oh, that’s right, you don’t need that on a Mac). To be fair, the fact that security against malware isn’t really all about getting an Anti-Virus program on your system is also something that should be emphasised more often and that’s something that probably is the fault of the industry.

Similarly, many have been predicting the rise of malware for mobile phones, with all sorts of dire prophecies of doom, however, as Mikko Hypponen (@mikkohypponen on Twitter) points out; at the moment the prevalence of mobile malware is falling because most phone OS vendors are tightly controlling the applications that go on their platforms. He goes on to point out something that should be blindingly obvious (even to the most devoted of Mac fanbois), but sadly isn’t – once you get past having the user involved in the infection cycle and start finding a way to exploit the OS itself (or an application running on it) – by discovering and exploiting vulnerabilities – the game changes.

I’ll leave you with a lovely image that demonstrates my general feeling about life, the universe and everything – http://twitpic.com/snklj/full – if there’s one thing I’ve learnt in my years in the Anti-malware industry, it’s that ‘There will be Malware”. And that’s more than just a possibility.

*For a great (and very funny/bitter) introduction to statistics and probability I recommend John A Paulos’ excellent book “Innumeracy: Mathematical Illiteracy and its Consequences”

Andrew Lee CISSP
AVIEN CEO