Educause Security Discussion mailing list archives
Re: Adware/Spyware on Mac/OS X
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Mon, 4 May 2009 21:45:50 -0400
This is the one response of actual malware being found on end-user systems. Things installed via an ssh break are different, as are demonstrations of things on web sites that require automatically and blindly running things downloaded. I'm interested in real malware that propagates itself either via files or via networks. I have not heard of any nor seen any reports posted of such things. Trojans, yes, and usually from unwise downloading of torrents. And yes, backdoors and changes from ssh breaks. I'm not advocating against AV for Macs. I'm trying to find real instances of in-the-wild malware that is spreading itself in some way, and real instances of Mac-based spyware. On May 4, 2009, at 6:11 PM, Mark Borrie wrote:
I haven't looked at the spyware list below so cant comment on how many of these are in the wild. However we have seen a significant increase of Macs infected with Malware over the past six months. In fact we have identified several pieces of previously undetected (unreported?) Mac OSX malware. Ironically we were investigating one such incident the day Apple released the "Macs dont need AV" video. A common response we get when investigating Mac compromises is surprise that the system has been infected with malware. Many users still believe that they are immune simply by using a Mac. The other problem we have is that even if AV is installed the users do not check their scan reports. In one case here this simple task would have alerted the Sys Admin that their Open Directory server was compromised. We treat compromises of Macs differently to Windows. Most Windows break ins are from malware that simply wants to own the hardware. Mac break ins are more often hands on much like break ins in the early days. The potential for data loss seems much higher as those that break in tend to have a good look round. Compromised Macs also tend to get used for underground IRC and other such things so are probably more valuable. AV products will not stop a brute force ssh break in. They will however provide an additional layer of defence for Macs. Mark Gene Spafford wrote:On May 4, 2009, at 12:47 PM, Rowe, Ken wrote:It appears to be a pretty small list (in comparison to MS Windows). See http://macscan.securemac.com/spyware-listBut how many of those are really "in the wild"?-- Mark Borrie Information Security Manager, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-5080
Current thread:
- Re: Adware/Spyware on Mac/OS X, (continued)
- Re: Adware/Spyware on Mac/OS X Eric C. Lukens (May 04)
- Re: Adware/Spyware on Mac/OS X Gargac. Jeff (May 04)
- Re: Adware/Spyware on Mac/OS X Noah Abrahamson (May 04)
- Re: Adware/Spyware on Mac/OS X Morrow Long (May 04)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 04)
- Re: Adware/Spyware on Mac/OS X Spransy, Derek (May 04)
- Re: Adware/Spyware on Mac/OS X King, Ronald A. (May 04)
- Re: Adware/Spyware on Mac/OS X Chris Green (May 04)
- Re: Adware/Spyware on Mac/OS X King, Ronald A. (May 04)
- Re: Adware/Spyware on Mac/OS X Mark Borrie (May 04)
- Re: Adware/Spyware on Mac/OS X Gene Spafford (May 04)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 05)
- Re: Adware/Spyware on Mac/OS X Stanclift, Michael (May 05)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 05)
- Re: Adware/Spyware on Mac/OS X Christopher Jones (May 05)
- Re: Adware/Spyware on Mac/OS X Joel Rosenblatt (May 05)
- Re: Adware/Spyware on Mac/OS X Stanclift, Michael (May 05)
- Re: Adware/Spyware on Mac/OS X Cal Frye (May 05)
- Re: Adware/Spyware on Mac/OS X Russell Fulton (May 06)
- Re: Adware/Spyware on Mac/OS X Morrow Long (May 07)
- Re: Adware/Spyware on Mac/OS X Russell Fulton (May 07)