Category: Trojan

Phishing attacks getting more efficient for the bad guys

Folks, please, please, please be very careful of what you click on and what financial information you provide. Especially in response to an ‘alerting’ email!
There are a great number of ‘phishing’ attacks occurring again and they are getting even more sophisticated. Many almost look and sound legitimate. I have written previously on some of this here.

But as a reminder, if you get an email or text telling you you must login to a financial (or any other for that matter) site via a link in an email DO NOT CLICK ON ANY LINK AND MOST IMPORTANTLY DON’T ENTER ANY INFORMATION IF YOU DO!!
If you must visit a bank, credit card or online vendors site for ‘verification’ or what ever do so through the ‘Front Door’. By that I mean open a brand new Web Browser window and log in to ‘their site’ and proceed from there. i.e. https://wellsfargo.com etc.

If you click on many of these links a few things are likely to happen. 1st you will probably be silently infected by a Trojan/backdoor application and 2nd you will probably be brought to a ‘bogus’ site that looks very much like the legitimate site. You will be prompted to enter in financial and/or information such as account/card numbers passwords and other verification. The MOMENT you do you can be assured that your account will be compromised! Sometimes in as little as a few minutes your account can be emptied!

Here is an example of one of the hundreds of emails that have been hitting my email server this weekend. You can see that it almost looks legitimate; the wording is sufficiently scary and authoritative and there is a ‘real logo’. But the link in the email is to a phishing site. AND the email address on the ‘from’ is not correct.

Security

This looks very ‘scary’ and it is – but for the reason that you WILL be screwed, not that you are yet.

Please use some caution in the digital world. You would not give a perfect stranger your bank card and pin but some will do just that in cyberspace.

Be safe folks!

Apple releases fix for MacDefender Trojan

Ok OS X folks. Looks like Apple finally is releasing a ‘fix/update’ for the MacDefender Trojan.

The update provides a File Quarantine definition for the "OSX.MacDefender.A" malware and Mac OS X 10.6.7 will now automatically update the definitions on a daily basis. The update will also search for and remove MacDefender and its known variants.

The knowledge base article is here 

and the actual download is here

Please update your systems.

My previous article is here.

MacDefender Trojoan Strikes Again!

Apple and Mac folks I’d like to welcome you to the Windows world of malicious and pernicious attacks – even ‘drive bys’. For over two decades I and the rest of the security world have been trying to inform people that NO networked system is safe from attack. Because of the sheer number and percentage of Windows machines vs. Mac and Linux machines, they have been the most easily targeted and exploited target. But that is changing! With the spread of OSX on the desktop and the realization by the malicious software vendors that Mac people are VERY EASILY duped and exploited because of their false sense of security, they are coming on strong and fast!

I recently wrote about the new Mac Trojan out and how to defend against it and remove it – read here. After 25 days Apple finally did put a notice and instructions on how to remove it. BUT only after telling their technicians AND users that 1st it didn’t exist and then that they would not provide help!

Mac malware authors have released a new, much more dangerous version of MacDefender trojan variant:

"Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind."
Please read this from ZDnet

Apple is promising an update to OS X "in the coming days" that will detect the malware and its known variants, remove it, and remain in order to warn the user if they download it again. But don’t hold your breath!

I’ve spent years worth of time dealing with people who have been ‘sold’ on the false idea that "Macs don’t get viruses or hacked". Wrong wrong wrong! OS X is built on a ‘*nix’ core – one of the oldest operating system architectures in the world. How could you NOT think that there are exploits around that are just waiting to be ported to the newest derivatives? What type of systems do you think the hackers/crackers where getting into in the 70’s and 80’s?
I fault Apple a great deal for this. They have been literally selling the LIE that Macs are not susceptible to hacks for years. AND people believe them!

Again welcome to the world of Windows PC responsible computing. Be careful or get burned.

Please practice safe computing folks.

MacDefender trojan/malware is currently spreading on Mac systems – let’s kill it!

MacDefender, is the rogue antimalware trojan currently spreading on Mac systems. This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center".  It is a great example of how ‘social engineering’ can be used to trick people into harming themselves. Below are clear and easy procedures for removing it, read the quick summary or follow the links at the end for walk-throughs with loads of screen shots

I have written recently about this here, but it appears more people are being ‘snagged’.

Apple support is being of absolutely NO help either! In fact they are telling their people,"Do not attempt to remove malware.." Read about that BS here if you wish. So I thought I’d again provide some tips.

Here is the simple summary of what to do:

  1. In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
  2. Open up "Activity Monitor" (this is in your Utilities folder within Applications)
  3. Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
  4. Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
  5. Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
  6. Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan. Yes. It’s really that simple to remove.

Here are the two best links I could find for simple walk-throughs. I would rather not repeat the tutorials they have already taken the time to do.
Their work is much appreciated.

Now the super links with detailed screen shots and some additional tips:
The HowToGeek.com site has a great walk through here.

VRT-blog has some good information on this also, read that here.

Folks, if you use a Mac and you connect it to any systems – especially the internet, please realize that you are vulnerable to attacks and hacks. NO system is immune to attack! Although Mac’s and Linux systems have benefited by a more secure file system/OS structure (for the most part) than previous Windows systems AND the fact that their numbers were small – about 8% of all network connected desktop machines and presented a ‘low volume’ target they are now increasingly being attacked. This is especially true since many Apple uses have been lied to and told they are invulnerable to attacks.

BE SAFE FOLKS!

New Mac Trojan horse and Security tips from the NSA

There is a new Mac Trojan horse masquerades as virus scanner – read about that here . This is another example of social engineering – tricking users into making security mistakes.
Users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing this. Essentially this is ‘ransomware’. It requires payment to ‘stop’ the ‘infection’. AND the payment information is often then sold to other nefarious people.

Remember that NO operating system is immune to attack. And since every system is utilized by humans they remain the biggest weak link – humans that is.

Also in other security news the NSA has released some good advice and documents for better security practices with your home network, and Operating Systems (including Mac OSX).
Read about that here. [via PCMAG Security watch blog].

Nearly all of this contains information that I and other security people have been saying for years but is well worth reading.

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Mac OS X Trojan catches Sophos’ eye

Two very recent article point out what most security people know and the rest should knowNO technology, especially computers connected to any network, are completely secure!

An article here points this out:

"It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share."

And from another one here:

"More than half of Americans believe that PCs are "very" or "extremely" vulnerable to cybercrime attacks, while only 20 percent say the same about Macs, according to this ESET survey.
(Credit: ESET)"

ESET released the results of a survey in November related to awareness of cybercrime in the U.S. The survey of more than 1,000 people found that while both PC and Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found. "Viruses are a diminishing percentage of what we’re seeing," said Randy Adams, director of technical education at ESET. "A lot of attacks have to do with social engineering and that kind of attack is platform agnostic."

Please folks, practice safe computing practices. I’ve written extensively on that so I won’t go into that here, just search my blog(s) for security items.

For those of you that are interested in an antivirus product for Mac Eset makes a fantastic one. You can check it out here.

By the way Eset’s products are top notch! If I were to buy a security solution it would be theirs.

Keep safe folks.