etc: Kaspersky Lab is questioning what’s going on with Apple’s…
Kaspersky Lab is questioning what’s going on with Apple’s malware tools in Snow Leopard. New malware signatures have not been added in quite a while.
Read More:
Threatpost
Latest jailbroken iPhone worm tries filching bank passwords
The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users’ bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn’t likely to care about until it affects “legit” users.
According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.
Latest jailbroken iPhone worm tries filching bank passwords
The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users’ bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn’t likely to care about until it affects “legit” users.
According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.
Truly malicious iPhone malware now out in the wild
If you didn’t heed previous warnings to secure your jailbroken iPhone, you may be in for some serious trouble. Computer security firm Intego has identified the first known truly malicious code which targets jailbroken iPhones with default root passwords.
The latest in a string of recent attacks, iPhone/Privacy.A uses a technique similar to previous hacks. The malware scans for phones on a given network with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. Unlike the previous versions, which merely replaced the wallpaper image to alert users that they have been cracked, the new version silently copies personal data—”e-mail, contacts, SMSs,
calendars, photos, music files, videos, as well as any data recorded by any iPhone app.” It then sends the data back to the machine running the software.
iPhone worm attacks jailbroken iPhones with default password
The first known malware worm for the iPhone is targeting jailbreakers running SSH and default root passwords, “rickrolling” vulnerable iPhones by replacing the wallpaper image with an image of ’90s pop star Rick Astley. The image also includes a boast that hacker “ikee” is “never gonna give you up.” While the hack is apparently harmless, it serves as another reminder of the potential security vulnerability that jailbreaking can cause.
Unlike the hack we reported last week, this malware can spread itself to other vulnerable devices that are accessible to an infected phone. The worm scans the network, looking for jailbroken phones with an open SSH port and attempts to use the default passwords. At least four variants exist in the wild, the latter of which makes an attempt to hide itself by burying the code in a filepath that looks like the path for Cydia, a jailbreak app installer.
Snow Leopard includes rudimentary malware protection
The malware threat on Mac OS X is infinitesimally small, but it does exist. The biggest threat so far seems to come from trojans that attempt to disguise themselves as legitimate software updates or installers. Though it’s not mentioned anywhere in the extensive list of enhancements and refinements on Apple’s website, it turns out that Snow Leopard does have some level of protection against such malware.
Security firm Intego turned up the feature, which seems to be an enhancement of the usual “This file is from the Internet, are you sure you want to open it?” warning. If a disk image or installer package contains known malware, Snow Leopard will warn that it can damage your computer. If you don’t choose to open the installer anyway (and we recommend you don’t), the offending file will be automatically moved to the Trash. Intego hasn’t been able to identify exactly how the mechanism works, but several MacRumors forum members confirmed that it does identify known trojans.
Chances are this functionality won’t protect against unknown attacks, and it’s not clear exactly how Apple might protect against new trojans (yes, new malware definitions would come via Software Update, but when? how often?). The feature also doesn’t seem to be as extensive as third-party antivirus software, but we don’t know a lot of details at this point. Still, it is an extra safety net to keep you from being the victim of a social engineering hack.
Snow Leopard includes rudimentary malware protection
The malware threat on Mac OS X is infinitesimally small, but it does exist. The biggest threat so far seems to come from trojans that attempt to disguise themselves as legitimate software updates or installers. Though it’s not mentioned anywhere in the extensive list of enhancements and refinements on Apple’s website, it turns out that Snow Leopard does have some level of protection against such malware.
Security firm Intego turned up the feature, which seems to be an enhancement of the usual “This file is from the Internet, are you sure you want to open it?” warning. If a disk image or installer package contains known malware, Snow Leopard will warn that it can damage your computer. If you don’t choose to open the installer anyway (and we recommend you don’t), the offending file will be automatically moved to the Trash. Intego hasn’t been able to identify exactly how the mechanism works, but several MacRumors forum members confirmed that it does identify known trojans.
Chances are this functionality won’t protect against unknown attacks, and it’s not clear exactly how Apple might protect against new trojans (yes, new malware definitions would come via Software Update, but when? how often?). The feature also doesn’t seem to be as extensive as third-party antivirus software, but we don’t know a lot of details at this point. Still, it is an extra safety net to keep you from being the victim of a social engineering hack.
Better safe than sorry? Trend Micro Smart Surfing for Mac
Filed under: Analysis / Opinion, Software
Earlier this week, PC security app vendor Trend Micro announced a new product aimed at Mac users. Smart Surfing for Mac (US$69.95 per user per year) provides antivirus, anti-spyware, anti-rootkit, and web threat protection, and also has a two-way firewall built in.
This, of course, brings up the old debate for Mac users. On the one hand, our 10% of the personal computing market is virtually free of the virus and malware attacks that plague the Windows world. On the other hand, should you be concerned enough to consider purchasing protection that might be overkill?
Some of the features of Smart Surfing for Mac could be very useful for users who might otherwise be in danger of certain nefarious schemes. For example, it blocks visits to dangerous websites and has anti-phishing capabilities. While I know enough to check the real URL of links in emails by simply hovering my cursor above them, there are a frightening number of people who don’t do this and who are at real risk of phishing scams. Parents might like Smart Surfing for Mac for their kids, as it restricts access by content categories, controls IM access, and also lets you block certain websites.
Are products like Smart Surfing for Mac expensive overkill, or are they cheap insurance against the remote chance of actually getting hit with a Mac virus, malware, or a scam? Let’s hear your opinion in the comments section!
TUAWBetter safe than sorry? Trend Micro Smart Surfing for Mac originally appeared on The Unofficial Apple Weblog (TUAW) on Sat, 25 Apr 2009 14:30:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Evidence suggests first zombie Mac botnet is active
If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.
Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the ‘Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.
Click here to read the rest of this article
Evidence suggests first zombie Mac botnet is active
If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.
Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the ‘Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.
Click here to read the rest of this article
