May 30, 2012 - 12:30 AM EDT — AAPL: 566.49 (+4.20, +0.75%) | NASDAQ: 2847.73 (+10.20, +0.36%)

Proof of concept Mac OS X adware debuts

Friday, November 24, 2006 · 10:57 am · 37 Comments

Hackers have created a proof-of-concept sample of adware that targets Apple Mac OS X users called “iAdware” by anti-virus firm F-Secure.

Kamil writes for F-Secure:
We recently received a proof-of-concept sample of an adware program. Normally that wouldn’t be worth blogging about, but in this case it’s for Mac OS X. In theory, this program could be silently installed to your User account and hooked to each application you use… and it doesn’t require Administrator rights to do so. We won’t disclose the exact technique used here, it’s a feature not a bug, but let’s just say that installing a System Library shouldn’t be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.

The result: This particular sample successfully launched the Mac’s Web browser when we used any of a number of applications.

This is easier to do than with Windows. After all, it’s a Mac.

“The malware is notable for its rarity rather than its threat value, which remains minimal. There’s hundreds if not thousands of ad-ware packages floating around that are capable of infecting Windows users with intrusive pop-up software that impairs system performance,” John Leyden reports for The Inquirer. “iAdware is the first such application for Macs that we’ve come across.”

Full article here.

[Thanks to MacDailyNews Reader "Dirty Pierre le Punk," "RadDoc," and "Fred Mertz" for the heads ups.]

Categories: MacDailyNews, News

Thank You for supporting MacDailyNews!

♥ Adobe Photoshop CS6 Extended for Mac - Student and Teacher Edition DVD (65171323) only $249!
♥ Blowout: Apple 15.4" MacBook Pro i7/4Core/2.0GHz/4GB/500GB (MC721LL/A) only $1,549.99 + Free Shipping from MacMall
♥ Mac Madness Save 25% on Parallels Desktop 7!
♥ 15% Off Compatible Ink. 10% Off All Others (excludes OEMs). Free Shipping over $55. Coupon: 123BLOSSOM, Expires 6.18.12
♥ Save up to 60% at the Hammacher Schlemmer Special Values Sale-While supplies last.
♥ Dragon Dictate for Mac 2.5 - New! Simply Smarter Speech Recognition
♥ Up to 30% OFF Accessories from Verizon Wireless
♥ Limited Time Offer: Get free ZAGGsmartbuds when you buy a ZAGGsparq!

Comment Feed

37 Comments

1 2 Next »

librium

Friday, November 24, 2006 - 12:01 pm · Reply

pppffffffttt.
macaholic

Friday, November 24, 2006 - 12:08 pm · Reply

“installing a System Library shouldn’t be allowed without prompting the user.”

should be easily fixed!
theloniousMac

Friday, November 24, 2006 - 12:09 pm · Reply

Calling it specifically adware doesn’t seem accurate. That sounds like a security hole that should generally be closed. While it could be used to launch a browser, and PRESUMABLY direct that browser to a specific sight, calling it Adware diminishes the threat.

Apple should take steps to control this ASAP and not do their typical silent act in relation to this one.
eMax

Friday, November 24, 2006 - 12:13 pm · Reply

Well thanks to these morons, and other morons like them I am sure they will release how this occurred, and instead of TELLING APPLE they will tell some idiot spammer.

It should be illegal to release malware information to ANYONE but the manufacturers of the software.

These people think they are doing something good for the world? The only thing they should do is tell apple directly and not ever tell the public.

Fools…
Eddy

Friday, November 24, 2006 - 12:15 pm · Reply

I still don’t see the fun in all this Adware and Virus stuff..

Can ANYONE explain what the use of it is???
Silly

Friday, November 24, 2006 - 12:16 pm · Reply

I agree with theloniousMac. Apple should be very open about these issues, recognise them and even give a timetable or actual status of the solution proces. Secrecy is this area will certainly harm Apple and does not make sense.
Macaday

Friday, November 24, 2006 - 12:21 pm · Reply

The only threat to Mac users are the security companies who are desperate to get something out that will put pressure on us to buy their software.
julio

Friday, November 24, 2006 - 12:27 pm · Reply

well folks, if I am reading right what was blogged this is not a real threat, not at all.
one needs Admin privileges to install a System Library (the iadware) and THEN it can do its damage. They are not saying that the System Library itself can get installed without a warning or asking for admin password. All they say is that AFTER it is installed it can go about doing its thing behind your back.

easy then, do not install anything coming from an unknown source.

(mw:rest) as in rest assured they’ll keep posting alarming headlines on OS X malware, maybe someday they’ll hit one, but it is not this one
oh joy

Friday, November 24, 2006 - 12:27 pm · Reply

I still don’t see the fun in all this Adware and Virus stuff..

Can ANYONE explain what the use of it is???

It’s like the nice people who key your car & slice its tires.

They do it because it’s easy, and to just be general assholes.

Since real Mac OS X malware has been impossible so far, we get this crap.
peragrin

Friday, November 24, 2006 - 12:30 pm · Reply

It can only affect one user. if you log out and log in as another user , that user is unaffected.

It doens’t install a “system library” it installs only in the users home directory.

And without a registry to manually redownload it can’t reinstall itself. so once you delete it it’s gone.

The wost case is if it changes it’s own owner to root or admin, and then all it takes is to

su rm dumb/adware/filepath/name and enter the admin password.

it won’t take special tools that only sometimes work.
tt

Friday, November 24, 2006 - 12:33 pm · Reply

So how many ‘real’ adware / spyware / viruses are out there for OSX again? < 0 ?

sounds like BS to me.
Mr. Reeee

Friday, November 24, 2006 - 12:38 pm · Reply

Gee, if I were an administrator on a network, or already logged onto a Mac, I could do PLENTY of damage. Maybe their proof is that if you’re an idiot, you can mess up you computer. Windows users have been proving that little factoid by the MILLIONS… EVERY day… for YEARS!

Don’t these Virus Protection Rackets get enough business and make enough business from the Windows market?

Why do they keep on announcing “proof-of-concept” malware things, if only to frighten people into buying their software.

Apple has been very quick to plug security holes in Mac OS X.
Some of these “concepts” have appeared AFTER Apple has already plugged holes.

From what I’ve seen Symantec’s Mac anti-virus software IS a virus.
Mr. Reeee

Friday, November 24, 2006 - 12:40 pm · Reply

Duh,,
that should have read:

Don’t these Virus Protection Rackets get enough business and make enough MONEY from the Windows market?
plasticmd

Friday, November 24, 2006 - 12:41 pm · Reply

How come no MDN take on this??
Tommy Boy

Friday, November 24, 2006 - 12:42 pm · Reply

Sum Jung Gai needs to upgrade to the latest version of the OS/Safari as I never see a pop up on MDN.
nuflux

Friday, November 24, 2006 - 12:43 pm · Reply

“This is easier to do than with Windows. After all, it’s a Mac.”

These people are so fucking bitter. So insecure about their INFERIORITY.

As others have pointed out here, this is such a minimal and easily removable “threat” that it’s a joke.
Yo er phone repair man, mind if I look around?

Friday, November 24, 2006 - 12:54 pm · Reply

Julio,

Agreed. This just looks like another form of trojan.

Are there any good countermeasures besides user awareness?

Few people would allow uninvited strangers into their homes, esp. ones offering to install or fix something. Why let unknown software into your Mac?
theloniousMac

Friday, November 24, 2006 - 12:54 pm · Reply

Ya know we Mac proponents are very proud of Apple’s security record but we need to face some facts.

While MDN likes to claim that “security through obscurity” is a myth, I beg to differ. There have been and there will continue to be holes in the Mac OS. Mac OS X may be more difficult to exploit than Windows, but not impossible.

And Apple… well I’m still fuming at their willingness to buy off on the no virus hype. Instead Apple should simply say, “While we are proud of the Mac’s security record to date, we still advise all Mac users to take prudent measures with regard to computer security.”

Sooner or later we’re going to get hit with something and it’s going to come from some place we trust, like Apple.

We should be careful, not smug. Constantly touting the 150,000 viruses for Windows and none for the Mac stat is asking for trouble. If I were a virus writer, at this point I’d be working on it.
DJ

Friday, November 24, 2006 - 1:05 pm · Reply

I just wish ONE person who does viruses and stuff would step up to the plate and just explain: “Why I do this dorky thing”.

It would be a whole lot easier to understand is all.
macromancer

Friday, November 24, 2006 - 2:14 pm · Reply

I just created a proof of concept technique for destroying all files on my hard drive

I opened my hard drive, dragged all my files to the trash, and clicked Empty Trash.

Pay me money or else.