Apple fans targeted by smut-punting malware

Uh, not so much on targeting Mac

Note that one is only vulnerable to this trojan if one is using that POS IE. Why would a Mac user do that when there are several much better browsers - including Apple's own Safari?

A second point. Cruising porn is a pretty stupid thing to do to begin with, but not ignoring a pop-up that tells you that you need to install additional software to view a porn video is quite simply moronic.

There are enough Mac users inthe world to induce the writers of viruses and trojans to target them. But Mac uses a UNIX kernel and it's much harder to do. Even when you can get past the superior security model of UNIX, it's even harder to deliver a small payload to do so.

@Tim 49

Tim, I think you've interpreted how this works the wrong way because Pareto just posted a picture of the Windows payload on their blog.

The malware served up is different depending on whether you visit the site using Windows or Mac OS X.

We have a video demonstrating what happens if you visit on a Mac over at

http://www.sophos.com/blogs/gc/g/2009/06/10/mac-malware-adopts-porn-video-disguise/

We're seeing more and more of these two-pronged attacks - working out if you're visiting via Windows or a Mac, and serving up the appropriate flavour of malware.

@Anonymous Coward

What makes you think it only works on Internet Explorer?

We tried it on IE, Safari and Firefox using Windows and Mac OS X computers.

The attack is based around social engineering rather than a flaw in a browser - so any user with a hunger for porn may find themselves tempted into downloading the codec.

RE: Uh, not so much on targeting Mac

I have not read such drivel in quite a while.

1) IE has not been available for mac in quite a while - it was an ie 5 version that was removed from download in something like 2006.

2) About not ignoring popups or messages etc - that is how most windows machines get infected too! People are not foolproof, that is the point of social engineering.

3) Ah yes the infamous super secure UNIX kernel!! Hold on are you talking about OS X, Linux, Solaris - perhaps FreeBSD? In many ways the NT security model is more flexible than the UNIX one, shame that most people have to run as administrator. Most security vulnerabilities are not kernel-level, but in userland components. In any case, whatever your protections, it is hard to stop a user doing something they want to, because they don't think its a mistake.

@AC @15:11

Why is cruising for porn a stupid thing to do? During work time maybe, but otherwise it's no more stupid than reading the sport websites, being on Facebook, reading El Reg etc. Just because you don't, doesn't make it stupid.

Creamy

I've been looking for decent AV software to stick on my Mac for some time. I've had trouble finding any reason to trust any that I've come across so far.

Had no idea that ClamAV, which I run on my FreeBSD servers, had been ported to OSX. Makes sense really - duh. Will install tonight :-)

It's Active-X, moron

Anyone stupid enough to think that _anything_ depending on Active-X will work outside of Windows (and, except in a very few special cases, outside of MSIE) bloody well deserves what he'll be getting. I don't know who're the bigger idiots, the twits who thought this up or the pervs who downloaded it. I do know that they deserve each other. Long may they stay together.

Paris, 'cause I suspect that she's infectious, too.

PEBCAK

No 1 security problem with all OS's

The User

you can be using openbsd and if you run some unknown code as root / admin your STILL in trouble.

people who own computers should know how to use them.

I can't wait...

For the mother of all viruses that wipe out the Windoze PCs so that Linux can reign.

YAY!!!!

Chalk up yet another Mac failure......Oh wait there isnt any such thing. Macs are impervious.

Twats.

Anything can be infected regardless how "well" its made. Fact of life

Does affect Macs

The example that is linked to shows the alert message a person will get if they surf to the fake porn page using Windows and Internet Explorer, but this malware also has a Mac flavor and will attempt to infect people using Mac browsers (including Safari and Firefox).

Anyone on any platform using any Web browser who attempts to "play" one of the promised "movies" will see what looks like a Windows XP Internet Explorer popup window complaining that a new ActiveX control must be installed. The fact that the phony popup looks like an XP dialog window should be a tipoff to Linux, Mac, and Vista users.

In fact, the phony popup "window" is just a graphic, and clicking on it will try to download the malware.

When a user clicks on the phony "dialog" the software on the back end looks at the browser's user-agent strings. If the user-agent string is a Windows browser, it attempts download of a Windows .exe file. If the user-agent string shows a Mac browser, it downloads a file called "QuickTime.dmg" which contains a Mac installer.

If a Mac user downloads the .dmg, then mounts it, then runs the installer, then enters his administration password, then the Mac user will be infected with malware which silently changes the Mac's DNS settings and installs a cron task which will periodically change them again should the user attempt to reset them.

This is nothing new. The Zlob gang has been doing the same thing for over a year; the Mac version of the Zlob malware is occasionally downloaded from nearly identical sites if the site sees a Mac user-agent string.

When ESThosts went dark a while back, the Mac community caught a break; the Mac malware was served up from IP addresses in ESThost's range, and the people responsible for it soon moved the Windows malware downloaders to new servers but it took them quite a while to restore the Mac download servers.

It's a very crude social engineering trick--the phony popup dialogs are designed to look like Windows dialogs, and they talk about installing an ActiveX control. The Mac malware can not install itself (it requires user action and the entry of an administrator password to be installed). It's also not a new trick; the only novel twist is the particular strain of malware being downloaded.

I talked about this at length quite some time ago:

http://tacit.livejournal.com/238112.html?thread=2363168

@ CreamyInTheMiddle

"It's always handy to have an anti-virus program running no matter what platform you're using."

Yes, it handily takes away all the superfluous CPU cycles and RAM thinggies that clog the tubes inside the box. Who needs these anyway?

Also, Mike 85 have a point: Macs are better targets, as Tim 49 quite conveniently proved a couple posts up...

security through obscurity doesn't wash

I don't think it matters what OS your running, you should have some form of AV protection, hell I even have AV software on my mobile even though there's not much of a slim chance that it will catch anything.

I'm prepared, dib, dib an all that.

you need a plug in to watch videos???

welcome to 1997....

@Mick F

Er.. Where do you get those stats from? Apple has shipped about 7 million iPhones. Let's assume (albeit wrongly) that ALL of these have been bought by a different customer. So we've got 7 milliion iPhone users.

Now, computers being used Worldwide probably number in the hundreds of millions (over 72 million 'Personal Computers' sold in 2008). Even at a ratio of 1:10 there are still more Macs out there than iPhones.

That aside, even if there were less Macs, 5 million potential marks for a scam still makes a pretty good bet for phishers, scammers and any other kind of scum who ought to be drowned at birth.

Same user, Different OS

I find most windows users are used to virus's and such like, trouble is now average users are buying macs, not spending 1 second to think about AV or anything but they are still as stupid. Same stupid users, different OS will end up in the same results; hacked boxes.

Anyone the person who said Safari is better...are you having a joke? That browser has serious flaws, they did some massive updates recently, and looking on a full-disclosure list, I see more safari hacks then IE in recent times

RE: Same user, Different OS

Chris Harries wrote: "Anyone the person who said Safari is better...are you having a joke? That browser has serious flaws, they did some massive updates recently, and looking on a full-disclosure list, I see more safari hacks then IE in recent times"

Yeah they did some massive updates. They updated it to Safari 4. As I have know doubt you read on El Reg...

What's your point? What are these flaws?

Where is this "full disclosure list" you mention and who made it? I've never heard of a single Safari hack...

This article is about a social engineering trick, pure and simple. Doesn't matter which platform is being used, stupid users will do stupid things. Don't try and use it as an exuse to say <your favourite OS> is better than <someone else's favourite OS>.

Yup!

I'm a Mac man - even a fanboy - BUT I'm often asked to look at the Windows boxes of various friends who've got system which are well & truly nadgered.

With a little moderate interrogation applied to the user (i.e. limited use of the cosh, cattleprod & Agadoo tapes) I have found that over the last few years, more & more occurrences are due to what is laughingly called "social proliferation" (when it's damned ANTI-social to perpetrate it).

So, as always, the weakest link in ANY system is the liveware: the cheaper & more commonplace systems become, the greater the number that are bought by those who will just turn it on & use it, without any form of driving lesson, learning etc. With an ever-increasing pool of totally non-savvy users, life becomes a little easier for the ungodly.

Driving tests for computers, anyone?