About Me

Craig Schmugar

Craig Schmugar

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

OSX/Puper: A Real Threat to Macs, or Just More Hype?

Friday, November 2, 2007 at 4:57pm by Craig Schmugar
Craig Schmugar

I just read another story that talks about the overreaction to the new Mac OS Trojan, the threat first reported by Intego the other day. Generally the arguments make these points:

  • There are far fewer threats for Mac OS compared with Windows
    [my response: True, but it takes only one to get infected.]
  • You’re at risk only if you’re surfing porn
    [my response: False. Although the initial report stated porn sites were driving people to the malware, McAfee Avert Labs has found dozens of domains serving the malware, none of which was explicitly related to pornography. They are related to installing a video codec for the purpose of viewing movies in general.]
  • A user must take extraordinary actions to get infected: download a file, open it, run the installer, enter in the admin password
    [my response: Yeah, so? Bagle was one of the most successful pieces of malware targeting Windows users. Many variants came as a password-protected ZIP archive attached to an e-mail message. The password was sent as an image attached to the message. Before getting infected, a user would have to open the suspicious email message, open the suspicious ZIP attachment, manually enter the password provided in the other email attachment, and then run the virus. Result: many many thousands of users getting infected. Password-protected archives are an anomaly for most users, on Mac or Windows. I contend that the social engineering around installing a software package to watch a video is greater than that of having to enter a password provided in an email message simply to access what's supposed to be a photo.]

Having said all this, these points are not what make this threat significant. What sets this threat apart from other proof-of-concept Mac threats and low-scale attacks is the entity behind it. Puper (a.k.a. Zlob) is one of the most widely reported pieces of malware for Windows. McAfee VirusScan Online users reported more than 4 million detections during the past two years. Microsoft’s latest security threat report states Zlob was the most frequently disinfected piece of malware. Unlike earlier Windows malware, this Mac Trojan is authored by professionals who likely pull in thousands of dollars a month through click fraud, hijacked affiliate sales, and other illegal activity.

I have to admit that when I first heard rumors of some new Mac Trojan being reported from a vendor I hadn’t heard of, I figured it was likely hype. But when I learned who was behind the threat, I knew this was real.

Now after all of this doom and gloom, I should say that we were able to contact two universities that have rather large Mac user bases to see if they showed traces of infected systems. Thus far their log files show no sign of infection. Thus far.

It took a long time for the Windows threat landscape to evolve to where it is now. Yes, the Mac threat landscape is far behind and will be for a long time, but what OSX/Puper represents is not something to take lightly.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (1)

  • AJ November 14, 2007 7:41AM

    It’s far from certain that there are not already a significant amount of mac systems infected with this and other malware, but no one would ever know it, because a) mac users don’t tend to know anything about what’s going on ‘under the hood’ (i.e. under that nice shiny desktop), b) there’s no way of detecting the threats on their systems, because they’re convinced they don’t need any security software.
    It’s almost amusing that these people who claim that a move to a mac is a rational defense against malware can have such blind faith in a system they so clearly know nothing about.

    -AJ

    Reply