34 Comments

Summary:

Not that any TheAppleBlog readers would ever try to acquire software in a less-than-legal manner, but just in case you know someone who would, tell them to watch out for web sites claiming to bear Snow Leopard gifts. Like the Adobe Photoshop CS4 and iWork ’09 […]

trojan

Not that any TheAppleBlog readers would ever try to acquire software in a less-than-legal manner, but just in case you know someone who would, tell them to watch out for web sites claiming to bear Snow Leopard gifts.

Like the Adobe Photoshop CS4 and iWork ’09 before it, Snow Leopard now has a super-special malware edition floating around the web. It’s a classic software honeypot scheme: You find a site advertising a free Snow Leopard upgrade, download a disk image file (.DMG), and it unleashes its trojan payload.

Trend Micro is advising folks to avoid any and all sites advertising free Snow Leopard upgrades, since what you actually get is a new variant of the DNS charger trojan known as OSX_JAHLAV.K. The Apple-specific malware, once it makes itself at home on your computer, will redirect your Internet browser to phishing sites and malware-infected web sites. OSX_JAHLAV.K has a particularly nasty trick up its sleeve — it sends you to a site that advertises fake antivirus software that will notify you that you have an infection until you pay to register and have it removed.

Trend Micro’s advice is to pick up its Smart Surfing for Mac malicious URL-blocking software, which will cost you $50 a year in subscription fees. My advice is to think long and hard about how much you’re willing to pay down the road just to avoid spending $29 upfront for the 10.6 upgrade.

No doubt this will give antivirus companies cause to raise the red flags once more, and spout on about how the end is nigh for the days of OS X being the secure choice, but as before, smart browsing and downloading policies are still your best bet for a happy, safe Mac.

Photo courtesy of Flickr user Darcy McCarty.

You’re subscribed! If you like, you can update your settings

  1. Malware infected Snow Leopard on pirate networks | Smoking Apples Tuesday, September 1, 2009

    [...] Malware infected Snow Leopard on pirate networks → [...]

  2. Anyone who is careless enough to get these kind of viruses and trojans deserves them, i say.

    Just watch out what you do and think logically about what’s what on sites that offer free software.

    1. Funny thing is that any computer can get malware, regardless of the OS.

      Anyone with a brain stem and a mind that they control can figure that one out. Alas, so many mac users are blind to this.

    2. @Orm:
      Exactly! This is why what Apple does in order to sell computers is so evil: it makes Mac users complacent, and so puts them at risk of losing their personal information.

      Even worse, the days of things like the “I Love You” worm are long, long gone. These days, you could lose your personal information and not be aware of it. This is probably happening to many security-complacent Mac users today, and they don’t know it and think that it can’t happen to them.

      This is just one reason to go with Microsoft: The folks in Redmond are (these days) very proactive, honest and open about security, and they don’t control the media the way Apple seems to.

      I suspect that if many Mac users were afflicted, and they didn’t know, but Apple did figure it out, Apple wouldn’t tell anybody. They sell more computers that way.

  3. Let’s think about this. A snow leopard dvd is 8 gigs… the likelyhood that the dmg you speak of is 8 gigs is nil. It’s probably like 4 megs. Anybody that thinks a complete operating system can be stored on a 4 megabyte disc image file is a moron.

  4. Microsoft Vista users – and Windows 7 – are completely safe from this kind of stuff, assuming they heed the warnings that the OS puts up telling you who, if anybody, digitally signed the EXE you’re about to give admin privileges. This cannot be spoofed.

    Apple Inc. would be doing the best thing for its users if it copied MSFT here – oh, but wait, it can’t, because that would be an obvious way of copying MSFT and Apple would look less “innovative.”

    Apple Inc. is crapping on you people – did you notice?

    Go with Windows 7. It’s safer, even given much larger market share.

    1. Signed EXE’s are not the solution to slow down the average computer user from installing malware or other software. I would equate these safety measure to putting a stop sign out on a dirt road in a county with a population of 2. The drivers would just blow right by the sign on a day to day basis. There are no good OS level solution for users applying software to their computers, independent of the MS and Apple OS’s. The only solution is the antivirus route, which admittedly, apple users don’t contend with as much (for a variety of reasons, user size, Unix under body), which may lead to this false security idea with installing software.

      My thinking comes from the idea that when I start a new windows machine first thing that goes on is firewall and virus protection, where as with the Mac, I start setting my preferences for user experience without concern about firewall or virus.

    2. OS X also has signed executables, warning dialogs, and a battle tested user separation layer that helps to prevent these issues as well. They all do no good if the user gleefully clicks through them all, or in this case, downloads an OS image with the malware baked in.

  5. Michael Linehan Tuesday, September 1, 2009

    Please edit this sentence…
    “You find a site advertising a free Snow Leopard upgrade, download a disk image file (.DMG), and it unleashes its trojan payload.”

    To read
    “You find a site advertising a free Snow Leopard upgrade, act like a complete moron, download a disk image file (.DMG), again act like a complete moron by inputing your password, and it unleashes its trojan payload.”

  6. I’m not surprised that Mac fans minimize the utility of spoof-proof authentication of EXEs from identities who are generally trusted and whose brand is important, and maximize the stupidity of users when it is convenient for them to do so.

    True – the only way that the Conficker worm ended up in the news is that there were a large number of Windows clients on the ‘net who did NOT accept the default Microsoft updates, and hence were vulnerable to Conficker, which was reverse-engineered from an October 2008 MSFT patch and showed up in November 2008.

    Personally, I refuse to install anything that isn’t signed by an entity with a known brand. It’s a very useful security utility because it guarantees that, after the EXE was signed, nobody messed with it and man-in-the-middle attacks are impossible.

    @Tom: Windows comes with firewall ON by default – and SN comes with a simple anti-virus built into it. Apple and MSFT are both doing some of the worrying for you – good for them both! – but MSFT still is more proactive and effective re. security. MSFT surpassed Apple for security years ago, and I’m not sure Apple will ever catch up, now.

    Guys: don’t confuse obscurity (small market share) with security! They are two different things.

    Also, don’t confuse a unix base with “superior security”. Complacent people could get badly hurt.

  7. Ever since MacOs X, every applications that is downloaded to your mac had to have an administration password in order for it to be installed in your hard drive. So it is up to the users to exercise caution and a certain level of logical thought before installing any files that you pick up on the internet, especially the free versions of commercial applications which normally cost a certain amount of money to buy. Downloading applications from a dubious site ought to trigger all kind of red flags unless one is too clueless to understand the danger of it. There has been no known infection on a Mac to this day caused by just opening a piece of e-mail because this route of infection simply is not open to the system.

    As for me I prefer to exercise caution and run my Mac without these so called anti-virus programs, some of them having been known to cause a lot more headache than is worth the trouble.

    Another point to be clarified. The mac operating systems have never handled .exe files, whether pre OS X or OS X systems, so it was always shielded from the thousands of .exe files which infected millions of window machines in the 90s and early 2000s.

  8. @Jocca:
    so, Mac users do the same thing whether they’re installing a piece of malware (unknowingly, of course) or Adobe Flash? Just enter your admin PW – easy, and just as automatic.

    Your statement about email attachments on the Mac applies equally to Vista and Windows 7 – oh, except that Macs have very small market share, hence obscurity, which is not to be confused with security.

    SN includes an anti-virus – so, are you saying that Apple is wrong to include that in the OS.

    Oh, about the “exe” files – I’m referring to executables, in the general sense. The actual file name doesn’t matter.

    Vista’s UAC (and, even better, Windows 7) is a great tool, which will always do more than Mac as long as Apple finds insufficient pressure to adopt the technique. Sure, people on Macs and MSFTos’ both do stupid stuff sometimes, but MSFT gives people the better tools with which to make good decision.

    1. “Vista’s UAC…is a great tool”

      I was neutral and occasionally in agreement with you up until this point, but then you had to ruin it with an amazingly retarded comment. OS X has had a functional system of admin password entry, to prevent apps doing things they shouldn’t, since day one, back in 2001. Microsoft’s version of this, implemented five *years* later, is an amazingly insecure and fundamentally broken concept. UAC prompts appear so often in Vista that all the “feature” succeeds in doing is training the user to click OK whenever it shows up.

      By saying that UAC is “a great tool, which will always do more than Mac”, you may as well run a flag up the pole that says, “Hey, MS fanboy over here! Come listen to me talk a load of crap!”

  9. Windows are a great piece of software.
    2 days ago my friend got a brand new PC. He decided not to use it for surfing the web, never allow anyone to put a USB drive on it etc.
    He got it with windows preinstalled. He installed Adobe CS suite, connected his photo camera and downloaded some pictures from it.
    Guess what happened… when he rebooted teh PC, strange error messages started to appear. To make a very very long story short, he didn’t buy and install a third party antivirus before connecting his camera, so he got a virus from cameras memory card.
    That is just awesome. Windows are really superb piece of software.

    I wonder what would happen if he would surf the net for few hours without the third party antivirus software?

    Just to let you know, I use both win and osx machines. Windows for CAD and 3D work, and OSX for all the rest (2d graphics, internet, video…). Works like a charm. I use macs for 1.5 years already. 0 hours of work for system maintenance wasted, 0 problems with viruses and malware. MS beat that.

  10. @ComputerUser – if you like to make your Mac community look ignorant about security issues and what is being shipped today vs. what was being shipped 9 years ago, keep posting :)

    Your story is strange (why buy a new computer and not use it for web access?) but clearly your “friend” was running Windows XP, a very old and outdated OS.

    And, you’re talking is if large market share should be equated with security issues. So, what if everyone listened to you and bought a Mac? The malware writers would target Macs exclusively (because they’re big, porous targets, relative to Vista) and Apple Inc. would have to do what Microsoft already did in order to survive.

    I think your problem is that you believe the marketing from Apple Inc. This kind of gullibility could come back to bite you in the butt, when the keyboard-reader malware that is running right now on your Apple sends your credit card info to China and your credit rating is ruined.

    1. “clearly your “friend” was running Windows XP, a very old and outdated OS”

      In September 2007, Vista was the standard OS on Windows PCs. You could still get XP, but you’d have to hunt for it. The chances are a lot higher that his friend was using Vista.

      The rest of your post doesn’t even make sense. The guy said nothing about security through obscurity and he also said that he has both Macs and PCs, so your painting of him as a gullible Mac fan only highlights the fact that you’re a typical fanboy who lacks the intellect to approach this topic rationally. Hopefully, you’re posting this from school and, therefore, you still have time to develop into a normal adult. If you’re already an adult then I hope you’re sterile so that your ignorant genes are unable to pollute humanity any further.

Comments have been disabled for this post