 sj |
||
|
||
Tech: Osama Death causes Malware Explosion
|
|
|
|||||||
|
Tech: Osama Death causes Malware Explosion |
Share Thread
|
||||||
|
Subject: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 03 May 11 - 01:17 AM Warnings are up: Malware Specifically targets Mac Users Malware attack specifically targets Mac users By Rosa Golijan It's not unusual for a new malware attack to pop up on the Internet every other moment, but the latest vicious bit of software floating around is particularly fascinating because it specifically targets Mac users. The Next Web reports that a malware version of the popular MacDefender antivirus application is confusing and infecting a great number of Mac users right now: Early reports show that users have been targeted as they search Google Images, one user stating that the bogus MacDefender application was automatically downloaded as he browsed images of Piranhas. Further searching through the Apple Discussion boards suggests that the malware campaign is targeting users of Apple's Safari browser, displaying warnings that the user's computer has been infected with viruses that only the unofficial MacDefender application can remove. Part of the reason many are being easily infected by the malware is that Safari — the default browser in Mac OS — can be set to automatically open trusted software. This means that users are getting infected without even a hint of what's happening until the malicious app demands payment for "protection" like a digital mob boss. The good news? So far it doesn't appear that the malicious MacDefender app does much, other than attempt to scare people into forking over their credit card numbers. It can even be easily removed: 1. To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open 'safe' files after downloading." 2. Searching for the application and deleting it directly may fail, saying the app is in use. To stop it running, check Activity Monitor (in Applications > Utilities) and disable anything that relates to MacDefender. 3. Look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons for references to the malware app. 4. Once quit, head to the Applications folder and drag the MacDefender app to the trash, then delete trash. 5. To ensure all references to the app are cleared, run a search using Spotlight and delete all MacDefender references you find. As a precaution, it would be wise for Safari users to toggle the "Open 'safe' files after downloading" setting whether they're infected or not. It could prevent attacks similar to this one. Rosa Golijan writes about tech here and there. She's a bit obsessed with Twitter and loves to be liked on Facebook. And for EVERYBODY Bin Laden death brings malware explosion By Suzanne Choney With the biggest news in a decade dominating the Internet, it didn't take long for rogue viruses, Trojans and other malware to mess with computers given the chance. Web searches and links to a variety of stories — real and fake — about the death of Osama bin Laden are sprouting with all kinds of malicious software as cybercriminals look for a big payday tied to the appetite for news about the Al-Qaida leader's demise. "The bad guys were quite fast and started to poison searches results in Google Images," said Favio Assolini, a Kaspersky Labs expert on the security software company's blog. "Some of the search results are now leading users to malicious pages." As an example, Assolini shared a Google search page with the words "osama bin laden body" typed in the search box. "When clicking an image in the results page, the user will be redirected to one of the malicious domains," antivirus.cz.cc/fast-scan/ and pe-antivirus.cz.cc/fast-scan/, he said. Both are "offering" a copy of rogueware called "Best Antivirus 2011." And both can bring your computer down. "When searching, even for images, be careful," Assolini warns. And the computer programmer quickly becoming known "the guy who liveblogged the Osama raid without knowing it" even found his own blog server stricken by malicious software. "It is a good thing my blog server is infected with malware today, I guess :-/" Sohaib Athar said on his Twitter page, after being inundated with questions by journalists and Twitter followers. But it is NOT a good thing if you click on Athar's website that's listed on his Twitter page. That's where some malware is sprinkled, and you could get hit. Christen Gentile of Kaspersky Labs' said as Internet users search for bin Laden news, "they should be aware of two new types of scams that are ready and waiting to take advantage of them." Cybercriminals, Gentile said, have begun search engine optimization efforts, where they "take popular search terms," like bin Laden or anything associated with him or his death, "and use them to direct people to malware ... in popular search engines, trying to lure users to install rogueware." Search results in Google images have been poisoned, he said. "Some of the search results are leading users to malicious pages. Upon clicking on this search result or image, the user will be redirected to a malicious domain which can infect the user's computer." Also, on Facebook, where an "Osama bin Laden is DEAD" page sprouted up, there are some advertising offers celebrating bin Laden's death and offering "free tickets or free sandwiches, in some cases," Gentile said. "By clicking on these ads, users will be redirected multiple times, each time asking for more information, resulting in the potential gathering of email addresses or sensitive information." advertisement For more information on the Facebook scram, check Kaspersky Lab's blog. SophosLabs has a good guide to help you decide what to do: Watch out for the links you're likely to come across in email or on social networking sites offering you additional coverage of this newsworthy event. Many of the links you see will be perfectly legitimate links. But at least some are almost certain to be dodgy links, deliberately distributed to trick you into hostile internet territory. If in doubt, leave it out! Sometimes, poisoned content is rather obvious. The links in this spam captured by SophosLabs, for example, give the impression of going to a news site: "If you go to a site expecting to see information on a specific topic but get redirected somewhere unexpected — to a 'click here for a free security scan' page, for instance, or to a survey site, or to a 'download this codec program to view the video' dialog — then get out of there at once. Don't click further. You're being scammed," says SophosLabs' Paul Ducklin on the company's blog. So be extra careful on the Interwebs today, kids. Don't do what I did — click on a link that I thought was legitimate, only to be hit with a rogue installation of a Windows "Total Security Removal" Trojan that flashed fake security alerts and installed itself on my computer without my permission. I'm working to get if off the laptop right now, and writing this on another computer. It's a Mac, but from colleague Rosa Golijan's report today, I see that's not safe, either. [end quotes] John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Arthur_itus Date: 03 May 11 - 03:21 AM What hope is there, if you got snared John? |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 03 May 11 - 03:34 AM The one who got snared was the writer of the article (Suzanne Choney). It's all quotes down to [end quotes]. I'd usually add a comment, but merging the two different articles seemed like enough for people to read at a first shot. The "redirection to malware sites" gambit has been increasingly common in recent months, and we apparently have had a couple of our people who got bit. (I think they blamed it on their cats(?) who were surfing without parental permission.) The ease of such mislinking apparently is part of the "reason" (assuming there really is one) for the annoying changes in the most recent IE versions, and probably is a big part of getting Adobe off their - - - posteriors - with the last pair of long overdue patches to Flash and Reader. John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Don Firth Date: 03 May 11 - 02:24 PM Thanks for the warning, John! Much appreciated! Don Firth |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: wysiwyg Date: 03 May 11 - 02:53 PM Wrong linking of "cause" with effect ~S~ |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 03 May 11 - 05:37 PM Wys - The phenomenon of a sudden increase in malware, especially via phony links to malicious sites, has been associated with many prior "interest items." The malware distributors "seed" their sites with key-word tags to get them to pop up in any search for whatever is of "sudden and widespread interest." Similar, but smaller, blips have been associated especially with international sports events. There was a small one stimulated by the "wedding." They have especially liked sports events where wagering is prominent, since those looking for somewhere to place a bet are to some degree self-identified as "risk takers" and/or "impulsive responders." An apparent liking for "nervous nellies" with only vague understanding of how their computers and the web work has also been observed. There is NO QUESTION that searches for anything related to Osama NOW are much more likely to lead you to malware than was the case even a week ago, and searches on that subject are currently much more likely to lead to links to malware than are searches on "less popular" subjects. This is a known and documented "behavior" for the distributors, but this blip was significantly more rapid in appearance and more widespread than for any previous subject of widespread (rabid) popularity. The rapidity of appearance indicates that the malware distribuots are getting a lot better at responding quickly and getting their malicious sites more widely exposed; but that's just a side effect we all knew about. The threat that is the subject of the second report is specifically the result of the sudden widespread interest in "things Osama." The cause and effect link is quite clear (although of course there will be another "hot item" soon with similar response from the evil ones). John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 03 May 11 - 08:20 PM Hi, for the Mac Users out there, here is another link with info on the MacDefender Issue with a little more specific information: http://reviews.cnet.com/8301-13727_7-20058847-263.html?tag=mncol;txt Its from the CNET MacFixit website. Its not a patch o the old MacFixit when Ted Landau ran it but on occasions it still carries some useful information. Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 13 May 11 - 07:23 PM Here's another article on a new Mac OSX specific bit of malaware that might be of interest to any Mac using 'catters out there. The CNET MAcFixit site reports on the following item: Apple Security Center' malware targeting OS X users. http://reviews.cnet.com/8301-13727_7-20062597-263.html#ixzz1MHGdXlKb http://re Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 13 May 11 - 08:55 PM It may be worth noting that recent news on the "Osama" malware specifically emphasize that any link that claims to have a picture of "dead bin Laden" is almost 100% certain to be on a malware site. Since the only pictures known to exist were those taken by the US team, and those have not been released, the only ones on the web should be phony. The US photos may have been shared via some diplomatic circles, some of which may have had leaks, so it's not impossible that something has been - or eventually will be - posted, but odds now are exceedingly low. John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 24 May 11 - 06:45 PM For the Mac users out there in 'catterland, the good news is that Apple will shortly release a software update that will automatically find and remove MacDefender and its known variants, as well as giving users a warning if the malware is downloaded to the Mac. Please see the article at the link below if you care to follow up the issue. http://www.tuaw.com/2011/05/24/apple-mac-os-x-update-coming-to-block-macdefender-malware/ Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Bonnie Shaljean Date: 25 May 11 - 02:09 AM Andrez & John - you guys are the angels of Mudcat. Thanks so much for all of this helpful info! |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 25 May 11 - 06:35 AM There has been lots of buzz about Apple, possibly just because those who denied that Apple/Mac could ever suffer from malware have finally seen a bit of it happen. Much was made, a week ago, of a supposed "internal memo" at Apple instructing instructing Tech Support people NOT to either confirm or deny that users' computers were infected with something: Apple to support staff: Don't discuss Mac malware was the report seen. It's still up now, but may be nearing end-of-life soon. The critics were comparing the Apple stance that malware is "third party software for which they provide no support" to the Microsoft policy of providing removal tools for significantly damaging stuff. Given the minimal (although not zero) attacks Apple has seen it's more - IMO - a matter of them not having had the need to work up a policy before ow. I suspect support will be similar from both once Apple's attitude "matures" with respect to malware. All users (all OSs) should be aware of a surge in malicious links recently reported, infecting nearly all "currency converter" sites. Several established and reputable sites were (may still be) infected with "phony links," usually placed as ads, inviting you to "click here to save your @@@ from ***" and the links were invariably to malicious sites. There were also a number of "phony sites" that imitated legitimate converters but were actually malicious. Comment on this threat has faded, but it's uncertain whether the malware has been suppressed or whether there just weren't many editors interested in making change in international markets. Apple iPhone and iPad users have been getting malicious SPAM linked to the "app store." The malicious messages are received only by people who have placed an order for an app, and state that "Your order has been cancelled in response to your request." There's a link to click for information, which of course goes to a malicious site that may attempt to infect your iWhat. There seems, at present, to be no particularly disastrous results from responding (other than the confirmation that you're a bit stupid). The worrisome part of this is that nobody seems to have figured out how they know who's placed an order with the Apple store in order to know who to send the messages to. This probably should be "something to watch." Check out New scam targets Apple App Store patrons if interested. A recent news report is that "scientists have found a bacterium that lives on caffeine." The call it Pseudomonas putida CBB5 but I'd always thought it's common name was just "programmer." (?) Watching that one for more info. ... John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 25 May 11 - 07:49 PM Essentially what computer users need to be mindful of regardless of the brand of operating system they use is to be mindful that your data and communications can be compromised in any number of ways by "the dark side of the force". From a practical perspective that means buy and install (or get someone to do this for you) an antivirus package, make sure your firewall settings are appropriate for your needs (or get someone to check this for you) and use your common sense when you get an invitation from a website or email or telephone call inviting you to click on a link, turn your computer on etc, etc. That aside in terms of risk, the Microsoft operating systems remain the prime contenders for the OS most likely to be compromised award and this includes Windows OS variants from Win 95, 98, NT, 2000 and XP with which I am most familiar. Vista and Win 7 haven't done that much to inspire confidence and reduce risk levels either. You would imagine that with all their money, resources and brain power that Microsoft could have actually redesigned their software and plugged the endless sequence of vulnerabilities that hackers seem to be able to find almost overnight regardless of the software incarnation. The fact that they don't do so would suggest that for reasons best known to them the situation suits the "powers that be" from some fundamental commercial perspective or another. On that note, I'm not sure if this scam has been reported elsewhere on this forum but it is also worth alerting 'catters about it as it depends on the gullibility of the computer user as well as exploiting Microsoft software products. Check it out: Windows Event Viewer phishing scam remains active Current or potential issues with Apple OS's are relatively trivial by comparison but as John suggests that is no reason for complacency when it comes to looking after your data. In this case here is an update on a MacDefender variant. Securing your Mac from the new MacGuard malware variant Cheers, Andrez PS: In terms of the politics between Apple and Microsoft, its worth knowing where various bits and pieces of news are sourced. In this case the link to the story "New scam targets Apple App Store Patrons" is on an MSN (Microsoft Network) site. So given Microsofts own lamentable history in dealing with security vulnerabilities, it is worth being mindful that it is in Microsofts interests to latch onto this info and promote it in much the same way Rupert Murdoch promotes his politics through his media interests in the US and the UK. General info re the MSN service set up is available on Wikipedia here: http://en.wikipedia.org/wiki/MSN |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 25 May 11 - 08:18 PM Whoops, sorry I missed this while scanning for info on "Mac Defender". I preface this with the advice that it is from a site with a vested interest in Apple product but that aside the points made in the article are well made. As I noted in the previous post, the point made in this article as well, is that "its the con, not the technology that is the issue of concern to computer users. Mac Defender: Pay attention but don't panic The article also provides balance and perspective regarding what mac users need to actually be concerned about as well as the relative status of Microsoft Windows 7 and Mac OSX operating system. Some of the reader feedback is also of interest suggesting that the issue is less with the Tech side of computers but rather with the changing demographics of computer users as this quote by 'charlituna' on the site above suggests: "An 80 year old Granny isn't likely to think twice about putting in her credit card for an antivirus program anymore than she would think twice about how Christian that nice sounding young man that sent her the email about his inheritance is. It isn't that the alarm systems are faulty or the burglars have figured out how to break them. No they just trick folks into not turning them on. And then clean them out". Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 28 May 11 - 07:37 PM FInally it seems there is news reporting on what Apple is actually planning to do to deal with the MacDefender malaware issue. For those interested in the issue the link to the article by Ted Landau is here: Bugs & Fixes: Mac Defender strikes again; Apple fights back Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 01 Jun 11 - 06:40 PM A little more news of the Apple Malaware issue. It seems that the Malaware writers and Apple are in for an extended war of wits and its worth being mindful of the fact that new variants of the 'bugs' are being developed and updated on a regular basis. From our perspective as users it just highlights the need to be vigilant about computer security regardless of the computing platform used. No doubt there will be other news items on the same issue but this is the first I've come across so I'm just putting it out there for interested 'catters. Apple's malware detection update circumvented in 8 hours Cheers, Andrez |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 01 Jun 11 - 09:52 PM Those with reason to be interested should also watch for current info on attacks on the current fad in notepad and notebook devices. These are fairly new, third-party security defenses are "primitive," and apparently some features are pretty easy to hack. iPad and Android have both been seeing a fairly large number of "malicious aps" and questions have been raised regarding the "security" of supposedly safe "encrypted" transmissions for both. (Encryption keys for some new devices have been pretty well "cracked," so payment info for apps could be threatened(?). I haven't seen any major threats, but there have been a bunch of "annoyances" that can be pretty irritating. Since I don't have one of the new things, I can't guess whether the makers/marketers are making an effort to inform users about best defenses. John |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: Andrez Date: 02 Jun 11 - 06:25 PM Its really a never ending cycle. Once again I'm sure there will be lots of posts on IT websites around the net on the issue but for those people interested, here is some news on Apples response to the MacDefender malaware update. At least we can be confident that someone at Apple is on the case. Apple quashes latest version of MacDefender Hmmmm, yum, this coffee is good :-) Cheers, Andrez PS: Since the focus now really is about malaware, I wonder if the Obama reference in the title of this thread could be removed so it can go 'upstairs' again and perhaps catch the eye of 'catters' who may not follow threads below the line? |
|
Subject: RE: Tech: Osama Death causes Malware Explosion From: JohnInKansas Date: 03 Jun 11 - 11:28 AM It was labelled (correctly) as Tech when it started, and hasn't discussed anything except malware, so I'm not sure why it was switched to BS. It must have been the drift to Apple malware that offended a clone(?). John |
| Share Thread: |
