MacDailyNews - Where Mac news comes first

pppffffffttt.

"installing a System Library shouldn't be allowed without prompting the user."

should be easily fixed!

Calling it specifically adware doesn't seem accurate. That sounds like a security hole that should generally be closed. While it could be used to launch a browser, and PRESUMABLY direct that browser to a specific sight, calling it Adware diminishes the threat.

Apple should take steps to control this ASAP and not do their typical silent act in relation to this one.

Well thanks to these morons, and other morons like them I am sure they will release how this occurred, and instead of TELLING APPLE they will tell some idiot spammer.

It should be illegal to release malware information to ANYONE but the manufacturers of the software.

These people think they are doing something good for the world? The only thing they should do is tell apple directly and not ever tell the public.

Fools...

I still don't see the fun in all this Adware and Virus stuff..

Can ANYONE explain what the use of it is???

I agree with theloniousMac. Apple should be very open about these issues, recognise them and even give a timetable or actual status of the solution proces. Secrecy is this area will certainly harm Apple and does not make sense.

The only threat to Mac users are the security companies who are desperate to get something out that will put pressure on us to buy their software.

well folks, if I am reading right what was blogged this is not a real threat, not at all.
one needs Admin privileges to install a System Library (the iadware) and THEN it can do its damage. They are not saying that the System Library itself can get installed without a warning or asking for admin password. All they say is that AFTER it is installed it can go about doing its thing behind your back.

easy then, do not install anything coming from an unknown source.

(mw:rest) as in rest assured they'll keep posting alarming headlines on OS X malware, maybe someday they'll hit one, but it is not this one

I still don't see the fun in all this Adware and Virus stuff..

Can ANYONE explain what the use of it is???

It's like the nice people who key your car & slice its tires.

They do it because it's easy, and to just be general assholes.

Since real Mac OS X malware has been impossible so far, we get this crap.

It can only affect one user. if you log out and log in as another user , that user is unaffected.

It doens't install a "system library" it installs only in the users home directory.

And without a registry to manually redownload it can't reinstall itself. so once you delete it it's gone.

The wost case is if it changes it's own owner to root or admin, and then all it takes is to

su rm dumb/adware/filepath/name and enter the admin password.

it won't take special tools that only sometimes work.

So how many 'real' adware / spyware / viruses are out there for OSX again? < 0 ?

sounds like BS to me.

Gee, if I were an administrator on a network, or already logged onto a Mac, I could do PLENTY of damage. Maybe their proof is that if you're an idiot, you can mess up you computer. Windows users have been proving that little factoid by the MILLIONS... EVERY day... for YEARS!

Don't these Virus Protection Rackets get enough business and make enough business from the Windows market?

Why do they keep on announcing "proof-of-concept" malware things, if only to frighten people into buying their software.

Apple has been very quick to plug security holes in Mac OS X.
Some of these "concepts" have appeared AFTER Apple has already plugged holes.

From what I've seen Symantec's Mac anti-virus software IS a virus.

Duh,,
that should have read:

Don't these Virus Protection Rackets get enough business and make enough MONEY from the Windows market?

How come no MDN take on this??

Sum Jung Gai needs to upgrade to the latest version of the OS/Safari as I never see a pop up on MDN.

"This is easier to do than with Windows. After all, it's a Mac."

These people are so fucking bitter. So insecure about their INFERIORITY.

As others have pointed out here, this is such a minimal and easily removable "threat" that it's a joke.

Julio,

Agreed. This just looks like another form of trojan.

Are there any good countermeasures besides user awareness?

Few people would allow uninvited strangers into their homes, esp. ones offering to install or fix something. Why let unknown software into your Mac?

Ya know we Mac proponents are very proud of Apple's security record but we need to face some facts.

While MDN likes to claim that "security through obscurity" is a myth, I beg to differ. There have been and there will continue to be holes in the Mac OS. Mac OS X may be more difficult to exploit than Windows, but not impossible.

And Apple... well I'm still fuming at their willingness to buy off on the no virus hype. Instead Apple should simply say, "While we are proud of the Mac's security record to date, we still advise all Mac users to take prudent measures with regard to computer security."

Sooner or later we're going to get hit with something and it's going to come from some place we trust, like Apple.

We should be careful, not smug. Constantly touting the 150,000 viruses for Windows and none for the Mac stat is asking for trouble. If I were a virus writer, at this point I'd be working on it.

I just wish ONE person who does viruses and stuff would step up to the plate and just explain: "Why I do this dorky thing".

It would be a whole lot easier to understand is all.

I just created a proof of concept technique for destroying all files on my hard drive

I opened my hard drive, dragged all my files to the trash, and clicked Empty Trash.

Pay me money or else.

Well, all the politics aside, I'd be curious to know the technical details.

The term "system library" is extremely vague. The closest thing to the correct meaning of this term would a malicious framework installed into /System/Library/Frameworks or /Library/Frameworks. However, this most definitely cannot happen without an admin prompt, and furthermore it would not do anything unless it replaced another framework that an app was already designed to call, without losing any of the correct functionality. Unlikely.

More likely this is a malicious Input Method, which is a type of plug-in that can load into Cocoa applications and modify they way they handle data (for example, there's one called IceCoffee that adds the Services menu to every right-click menu. There are also Input Methods for gesture-based input or expansion of abbreviations). These can be installed on a per-user basis without additional authentication, under ~/Library/InputMethods. They can also be installed globally, in /Library/InputMethods, but this might require authentication (can anyone confirm?)

While a potential issue, this is a limited attack vector because it would only affect the logged in user, affects only Cocoa applications, and does not modify (infect) any apps on disk, only at runtime. Removal would constitute removing the plug-in and logging out and back in.

Generally, I'm surprised that there haven't been more exploits of Cocoa runtime extensibility, given the relative renown of Objective-C for being dynamically modifiable.

Try this command in Terminal:

open http://walmart.com


Instant adware! Replace an application with a script to run this command and then launch the original application, and you've accomplished the same thing.

Haven't you noticed something...
Now that Microsoft says NO to anti-virus companies, there are all kinds of Mac virusses (proof-of-concept) popping up!!!
And the anti-virus companies are the only one that are finding these things.

Don't you think that THEY are actually behind all these things because they are trying to get a new market...the Mac users.

Lo and Behold! Its another MS "payoff" to a Anti Virus company to spread FUD among the newcoming mac users of intel macs!







"Jealousy makes the bones brittle"

"Releasing" this vaguely described adware FUD during a U.S. extra-long weekend ensures few Mac sites will run it into the ground quickly, giving it time to gain whatever traction it can (MDN has no one on hand to denigrate the story, either). So the story has until late Monday or even Tuesday before it's shot down, by which time it's catch-up.

I suspect this “exploit,” if there is indeed one, is only able to operate on those who use admin accounts for everyday use. I doubt it could work against a regular user account.

The problem is, however, that Apple sort of encourages users to use admin accounts, as it is the default on installation of MacOS X. They should make an attempt to educate users, and discourage this practice.

peragrin writes: “The wost case is if it changes it's own owner to root or admin”

Actually, to do that requires root privileges.

@ theloniousMac: MDN is correct in their position on the security through obscurity myth. Any real security expert will tell you there is no such thing as “security through obscurity.” This has been proven through decades of experience. Anyone who thinks there is security through obscurity is either not well educated on computer security, or blowing smoke.

http://www.digitalmunition.com/dma.html claims to have the iAdware code.

Welcome to the world.....the world of Windows, that is

It's a little thing really, but some days it bugs the hell out of me.

SIGHT is something your EYES give you.

SITE is a place to go on the web, like MDN webSITE

People do not go to webSIGHTS.



OK I got it off my chest.

HAHAHAHAHA

Pure BS and FUD

Theoloniusmac is wrong. Dead wrong and emac is right. When are we going to learn that blasting our weaknesses from the house tops only gets us killed? for some dumb reason we have decided that if we let "everybody know how and where to hack computers" that somehow you are doing me a favor? that's the kind of favor I don't need--dumbass! What I need is for you to apple and only apple or microsoft for that matter. Otherwise keep you big fat mouth closed! Thank you

Security through obscurity is a myth. Acuras are no where near abundant in the wild, but they're the number one stolen car in a number of geographical areas. The degree to which something is targeted is based on human preference, not its sample size. Macs are a huge target and will continue to be. The small number of malware writers attack computers. Windows is easiest to attack.

If Apple wants to keep the OS relatively secure, they just need to be better than Windows. It's the same reason burglar alarms, The Club, and other ant-theft devices are used. They are not certainly going to help, but the perpetrator will rather move to the next target because it's easier.

In other related news, " F-Secure have created a proof-of-concept sample of adware that targets Apple Mac OS X users called "iAdware" ..."

Isn't that the truth of it? - I thought they'd have too much time on their hands with Windows' problems to be writing adware for OS X.

"Haven't you noticed something...
Now that Microsoft says NO to anti-virus companies, there are all kinds of Mac virusses (proof-of-concept) popping up!!!
And the anti-virus companies are the only one that are finding these things.

Don't you think that THEY are actually behind all these things because they are trying to get a new market...the Mac users.
"

Actually if they are vetting the MacOS for holes, thats not a bad thing. Lets hope that Apple will fix soon.

to Freddy the Pig

What a lovely comment! Makes such a change from the normal irrate comments about spelling and such on forums in general...

I can understand how it bugs someone to see native language abused that way.
However it is nice to see that someone can be sensative to the fact that not all of us are native English speakers/writers and do make mistakes....
cheers to the open mind

Finally, a Mac news web site that has come out with this new Mac OS X adware story. Thank you MacDailyNews. Good work. I bet the lights are still on at the Apple campus thinking up a fix.