Hackers have created a proof-of-concept sample of adware that targets Apple Mac OS X users called “iAdware” by anti-virus firm F-Secure.
Kamil writes for F-Secure:
We recently received a proof-of-concept sample of an adware program. Normally that wouldn’t be worth blogging about, but in this case it’s for Mac OS X. In theory, this program could be silently installed to your User account and hooked to each application you use… and it doesn’t require Administrator rights to do so. We won’t disclose the exact technique used here, it’s a feature not a bug, but let’s just say that installing a System Library shouldn’t be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.
The result: This particular sample successfully launched the Mac’s Web browser when we used any of a number of applications.
This is easier to do than with Windows. After all, it’s a Mac.
“The malware is notable for its rarity rather than its threat value, which remains minimal. There’s hundreds if not thousands of ad-ware packages floating around that are capable of infecting Windows users with intrusive pop-up software that impairs system performance,” John Leyden reports for The Inquirer. “iAdware is the first such application for Macs that we’ve come across.”
Full article here.
[Thanks to MacDailyNews Reader “Dirty Pierre le Punk,” “RadDoc,” and “Fred Mertz” for the heads ups.]
I suspect this “exploit,” if there is indeed one, is only able to operate on those who use admin accounts for everyday use. I doubt it could work against a regular user account.
The problem is, however, that Apple sort of encourages users to use admin accounts, as it is the default on installation of MacOS X. They should make an attempt to educate users, and discourage this practice.
peragrin writes: “The wost case is if it changes it’s own owner to root or admin”
Actually, to do that requires root privileges.
@ theloniousMac: MDN is correct in their position on the security through obscurity myth. Any real security expert will tell you there is no such thing as “security through obscurity.” This has been proven through decades of experience. Anyone who thinks there is security through obscurity is either not well educated on computer security, or blowing smoke.
http://www.digitalmunition.com/dma.html claims to have the iAdware code.
Welcome to the world…..the world of Windows, that is
It’s a little thing really, but some days it bugs the hell out of me.
SIGHT is something your EYES give you.
SITE is a place to go on the web, like MDN webSITE
People do not go to webSIGHTS.
OK I got it off my chest.
HAHAHAHAHA
Pure BS and FUD
Theoloniusmac is wrong. Dead wrong and emac is right. When are we going to learn that blasting our weaknesses from the house tops only gets us killed? for some dumb reason we have decided that if we let “everybody know how and where to hack computers” that somehow you are doing me a favor? that’s the kind of favor I don’t need–dumbass! What I need is for you to apple and only apple or microsoft for that matter. Otherwise keep you big fat mouth closed! Thank you
Security through obscurity is a myth. Acuras are no where near abundant in the wild, but they’re the number one stolen car in a number of geographical areas. The degree to which something is targeted is based on human preference, not its sample size. Macs are a huge target and will continue to be. The small number of malware writers attack computers. Windows is easiest to attack.
If Apple wants to keep the OS relatively secure, they just need to be better than Windows. It’s the same reason burglar alarms, The Club, and other ant-theft devices are used. They are not certainly going to help, but the perpetrator will rather move to the next target because it’s easier.
In other related news, ” F-Secure have created a proof-of-concept sample of adware that targets Apple Mac OS X users called “iAdware” …”
Isn’t that the truth of it? – I thought they’d have too much time on their hands with Windows’ problems to be writing adware for OS X.
“Haven’t you noticed something…
Now that Microsoft says NO to anti-virus companies, there are all kinds of Mac virusses (proof-of-concept) popping up!!!
And the anti-virus companies are the only one that are finding these things.
Don’t you think that THEY are actually behind all these things because they are trying to get a new market…the Mac users.
“
Actually if they are vetting the MacOS for holes, thats not a bad thing. Lets hope that Apple will fix soon.
to Freddy the Pig
What a lovely comment! Makes such a change from the normal irrate comments about spelling and such on forums in general…
I can understand how it bugs someone to see native language abused that way.
However it is nice to see that someone can be sensative to the fact that not all of us are native English speakers/writers and do make mistakes….
cheers to the open mind
Finally, a Mac news web site that has come out with this new Mac OS X adware story. Thank you MacDailyNews. Good work. I bet the lights are still on at the Apple campus thinking up a fix.