Apple releases fix for MacDefender Trojan

Ok OS X folks. Looks like Apple finally is releasing a ‘fix/update’ for the MacDefender Trojan.

The update provides a File Quarantine definition for the "OSX.MacDefender.A" malware and Mac OS X 10.6.7 will now automatically update the definitions on a daily basis. The update will also search for and remove MacDefender and its known variants.

The knowledge base article is here 

and the actual download is here

Please update your systems.

My previous article is here.

MacDefender Trojoan Strikes Again!

Apple and Mac folks I’d like to welcome you to the Windows world of malicious and pernicious attacks – even ‘drive bys’. For over two decades I and the rest of the security world have been trying to inform people that NO networked system is safe from attack. Because of the sheer number and percentage of Windows machines vs. Mac and Linux machines, they have been the most easily targeted and exploited target. But that is changing! With the spread of OSX on the desktop and the realization by the malicious software vendors that Mac people are VERY EASILY duped and exploited because of their false sense of security, they are coming on strong and fast!

I recently wrote about the new Mac Trojan out and how to defend against it and remove it – read here. After 25 days Apple finally did put a notice and instructions on how to remove it. BUT only after telling their technicians AND users that 1st it didn’t exist and then that they would not provide help!

Mac malware authors have released a new, much more dangerous version of MacDefender trojan variant:

"Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind."
Please read this from ZDnet

Apple is promising an update to OS X "in the coming days" that will detect the malware and its known variants, remove it, and remain in order to warn the user if they download it again. But don’t hold your breath!

I’ve spent years worth of time dealing with people who have been ‘sold’ on the false idea that "Macs don’t get viruses or hacked". Wrong wrong wrong! OS X is built on a ‘*nix’ core – one of the oldest operating system architectures in the world. How could you NOT think that there are exploits around that are just waiting to be ported to the newest derivatives? What type of systems do you think the hackers/crackers where getting into in the 70’s and 80’s?
I fault Apple a great deal for this. They have been literally selling the LIE that Macs are not susceptible to hacks for years. AND people believe them!

Again welcome to the world of Windows PC responsible computing. Be careful or get burned.

Please practice safe computing folks.

MacDefender trojan/malware is currently spreading on Mac systems – let’s kill it!

MacDefender, is the rogue antimalware trojan currently spreading on Mac systems. This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center".  It is a great example of how ‘social engineering’ can be used to trick people into harming themselves. Below are clear and easy procedures for removing it, read the quick summary or follow the links at the end for walk-throughs with loads of screen shots

I have written recently about this here, but it appears more people are being ‘snagged’.

Apple support is being of absolutely NO help either! In fact they are telling their people,"Do not attempt to remove malware.." Read about that BS here if you wish. So I thought I’d again provide some tips.

Here is the simple summary of what to do:

  1. In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
  2. Open up "Activity Monitor" (this is in your Utilities folder within Applications)
  3. Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
  4. Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
  5. Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
  6. Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan. Yes. It’s really that simple to remove.

Here are the two best links I could find for simple walk-throughs. I would rather not repeat the tutorials they have already taken the time to do.
Their work is much appreciated.

Now the super links with detailed screen shots and some additional tips:
The HowToGeek.com site has a great walk through here.

VRT-blog has some good information on this also, read that here.

Folks, if you use a Mac and you connect it to any systems – especially the internet, please realize that you are vulnerable to attacks and hacks. NO system is immune to attack! Although Mac’s and Linux systems have benefited by a more secure file system/OS structure (for the most part) than previous Windows systems AND the fact that their numbers were small – about 8% of all network connected desktop machines and presented a ‘low volume’ target they are now increasingly being attacked. This is especially true since many Apple uses have been lied to and told they are invulnerable to attacks.

BE SAFE FOLKS!

The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete – Cant add Outlook accounts…

How I recently fixed one hell of an Outlook 2007 to Exchange 2003 connection problem.

This occurred on brand new Windows 7 Enterprise AND brand new Windows XP workstations while trying to configure the Outlook clients to connect to our Exchange 2003 server.

The actual error is:
"The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete – Cant add Outlook accounts.."

Worse still is that this problem did not occur one every new workstation! Windows XP or Windows 7 – only some random ones.

I checked all network/connectivity parameters I could – DNS, LDAP, RPC, TCP/IP etc., and otherwise checked routing and name resolution ad nauseum. And all checked out.
I had this problem a year or so ago but could not find any of my notes! Aggravating to no end. So I swore I would make sure to document my fix when I found one.
So Google here I come….

One of the first things I did then was this:
http://support.microsoft.com/kb/913843/en-us

I checked that the ‘Attendant’ service was running on Exchange; it has been for a few years.

And virtually everything mentioned in every article I could find – 5 days of searching and hundreds of pages!!
Like:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/44a24ec6-33b5-4b66-9fdb-2318b4874fbc

and

http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/1227b956-c533-4c08-b56d-150ad8486b4c

I also tried importing the Outlook registry keys from machines (both Windows 7 and Windows XP) that do work – still no joy.

I literally went 11 pages deep on Google http://goo.gl/EddW9 and many, many more deep from each of those, looking for a fix!

I read deep somewhere in one post that someone mentioned running ‘Outlook rpcdiag’ – I don’t remember that switch. I checked RPC on the machine(s) and it showed no errors already right..

But since this was a specific ‘Outlook’ switch I though what the hell.
So…
I ran:
"outlook /rpcdiag" from the command line.

It tried to ‘find connections error’ but did not report anything. Damn..
Then it just closed after it could not really start.

Then I started Outlook in Safemode (I was prompted to upon launching Outlook, but it can be run "outlook /safe").

I was then able to add and configure the Exchange account and get connected!!
I waited until it updated the mailbox completely.
Then I restarted Outlook normally and IT WORKS NOW on all of the affected boxes!

I am not sure if all of these steps need to be taken but I now have a plan to follow.

I hope this may help someone, because from most of the posts I read it is a MAJOR issue and MS is not doing much about it! At least I’ll have my notes.

How to create a VPN Connection on MAC OS X 10.5 Leopard

How to create a VPN Connection on MAC OS X 10.5 Leopard

This is a step-by-step guide on how to create a VPN Connection on a MAC OS X 10.5 Leopard System.

I recently had to do this again for some of our remote staff, so I thought I’d post it as a reminder to me and maybe help others who have asked in the past.

1. Go to ‘Apple’ –> ‘System Preferences’

clip_image002

2. Select ‘Network‘ from system preferences

clip_image003

3. In ‘Network‘ system preferences, click the ‘+‘ icon on the bottom left cover of window to make a new VPN Conection.

clip_image005

4. As shown in the image below, a new window appears. Click on the ‘Interface’ menu and see the list of choices and select ‘VPN’.

clip_image007

5. Next, Change the ‘VPN type‘ from ‘L2TP over IPSec’ to  ‘PPTP‘. And then In the ‘Service Name’ field, type in ‘VPN Office’ or ‘Company Name VPN’ or make one up. Once you have done, Click on ‘Create’

clip_image009

6. Next, we need to make a configuration. Select the ‘Confguration’ drop menu and select ‘Add Configuration’

clip_image011

7. A window will pop up, asking to name your new configuration. Type you ‘Company Name VPN’ here and then click ‘create’

clip_image013

8. Next, enter in your company’s ‘Server Address’ example; ‘server.domain.com’ or ‘72.14.213.x’ and ‘Username’, for example ‘administrator’ or ‘LarryHolmes’ or what ever

clip_image015

9. Next, Select the ‘Authentication settings’ button

clip_image017

10. Enter in Your ‘password’ and click ‘OK’

clip_image019

11. Next, Click on the ‘Advanced’ Button

clip_image021

12. Make sure that ‘Send all traffic over VPN Connection’ is unticked. Then Click ‘OK’

clip_image023

14. Once you have done that, click ‘Apply’. And connect to your New Vpn Connection by clicking on ‘Connect’.

There you go…

LastPass Warns of Potential Breach, Ratchets Up Security

OK FOLKS, TAKE NOTE LAST PASS MAY HAVE BEEN HACKED!!

Read about it here.

I don’t use them, but I know many people who do! CHANGE YOUR MASTER PASSWORD IMMEDIATELY!
It’s important to note that they have no evidence that anyone was actually compromised – YET.

Once you change your master password any breach that may have happened will be rendered moot. Their service is still good, I’m sure – just not good enough for me.

I have used KeePass for years and looks like I will continue to do so now for sure – it is open source and resides on YOUR system(s). It may not be as ‘slick’ and completely web based as LastPass but I trust it more. I guess I will NOT be migrating to that service after all.

As a systems administrator and IT guy, I have no less than 78 items in my main password safe! And I have a few smaller ‘safes’ for some of my clients. So it is necessary for me to have a place to keep them all and of course a flat file or piece of paper wouldn’t work.
I keep a KeePass safe on my machines that I sync and also on a usb drive. I have always believed in owning my information.

Be safe folks.

New Mac Trojan horse and Security tips from the NSA

There is a new Mac Trojan horse masquerades as virus scanner – read about that here . This is another example of social engineering – tricking users into making security mistakes.
Users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing this. Essentially this is ‘ransomware’. It requires payment to ‘stop’ the ‘infection’. AND the payment information is often then sold to other nefarious people.

Remember that NO operating system is immune to attack. And since every system is utilized by humans they remain the biggest weak link – humans that is.

Also in other security news the NSA has released some good advice and documents for better security practices with your home network, and Operating Systems (including Mac OSX).
Read about that here. [via PCMAG Security watch blog].

Nearly all of this contains information that I and other security people have been saying for years but is well worth reading.