Dear Apple: Welcome to team anti-malware

Filed Under: Apple, Malware, OS X

TrojanIt was brought to my attention today that you've now published a knowledge base article explaining how to remove the prolific MacDefender fake security software and it's various iterations.

While I cannot speak on behalf of an entire industry, I think all of us welcome you with open arms to the team tasked with helping the computer using community stay safe online.

I have to admit though, I am a bit confused by your terminology.

You state in your article:

"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus."

In our business phishing has a very specific definition. According to Wikipedia the agreed upon definition of phishing is:

phish·ing /ˈfiSHiNG/
Noun: The fraudulent practice of sending e-mails purporting to be from legitimate companies in order to induce individuals to reveal personal information, such as credit-card numbers, online.

We have observed that most users are being infected through malicious web pages that are turning up in Google Image searches. The malicious web pages display a fake security scanner convincing the victim to load a program that is in fact malware.

While I can see how you might consider this to be a phishing attack, we usually use that term when the attack is purely social and is trying to acquire your credentials. If it involves social engineering and malicious code we call it a Trojan.

Wikipedia defines a Trojan as:

"A Trojan horse, or Trojan, is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system."

It is also a bit strange that you don't recommend people to run an anti-virus program when they have been infected or attacked by malicious code. Perhaps it might be prudent to refer people encountering malware on their Macs to your documentation?

It's great to have you as a partner in our fight against cybercrime, and we hope you continue your commitment to keeping your customers safe online.

Be cautious, question everything and enjoy your internet experience.

Update: As happens, I didn't consider that Wikipedia is a moving target, so choosing them for definitions wasn't the smartest thing I've done. The quotes above were true at the time of writing.

, , , , ,

You might like

12 Responses to Dear Apple: Welcome to team anti-malware

  1. lol, funny that you used Wikipedia references. Be safe people.e safe people.

    • not Shane_Fontenot · 1195 days ago

      Funny because...? No, I'm afraid you can't just post "whatever" information you want and expect it to remain there for more than a few minutes at best. Wikipedia has a surprisingly rigid process to add/edit information now. This isn't 2001 anymore, but thanks for trying.

      • Chester Wisniewski · 1194 days ago

        The Wikipedia article has been changed since I posted this and strangely that never occurred to me...

  2. bkreps · 1195 days ago

    The subtle bite of sarcasm makes this a delightful read.

  3. Tom Ward · 1195 days ago

    Potato - Potato.

    Anti-virus for what? Windows viruses? Surely not malware? How is anti-virus going to help against malware that most users won't install? The sky isn't falling and until you can show me why I need what you sell, I'll go without thanks.

  4. jfutral · 1195 days ago

    OK, let's see. For years Mac OS X has gone well secured, except to the people who make their living on protecting from malware. Not only was there a constant drum beating of "Your time will come, just you wait and see" they also regularly created "proof of concept" recipes to prove their point, never mind that none of this occurred in the wild. It helped heighten the rhetoric and perceived potential threat.

    So now someone out there creates a "trojan" that feeds off this hysteria created by those who make a living protecting people from this kind of threat.

    Hmm. If I were a conspiracy theorist...

    Joe

  5. sunbimr · 1195 days ago

    I guess there are several dictionaries and definitions for phishing.
    The unix base Apple dictionary on a Mac will return the following definition:
    "phishing |ˈfi sh i ng |
    noun
    the activity of defrauding an online account holder of financial information by posing as a legitimate company : [as adj. ] phishing exercises in which criminals create replicas of commercial Web sites."

    Bottom line for me is I'm glad Apple is helping out. Meanwhile back to our normal business of keeping people warned about maiware and bad stuff on our computers.

    • Chester Wisniewski · 1194 days ago

      Your comment sums up my article nicely, without the attempt at being funny. We are genuinely pleased that Apple is taking this very seriously.

  6. Kenneth Berger · 1195 days ago

    Your industry "security software" uses terms you create to scare people. Apple has an eco system that is built on a solid foundation that while not immune to hacking it is not a problem. Apple response to the single significant malware problem for their eco-system is great in that they will eliminate at the OS level.

    If you guys told the truth - i.e. virtually all malware, viruses, and trojans in the wild are not computer problems but Windows problems you would be truthful and it would change the industry. But you won't, you will continue to misrepresent the information to keep the status quo and your business.

    I have used your software and it is good but on my mac's after scanning to check I removed it. On my PC yours and other software save me from issues daily!

  7. Brett · 1195 days ago

    People must be meticulous about researching and validating each item of software that they authorize to run on their systems. The sooner they learn this, the better. All the AV software in the world can't protect them from a zero day Trojan installed as a result of their own casual impulsiveness and ignorance.

  8. doug · 1195 days ago

    I think you protest too much. Yes, this is a Trojan, as it requires the user to install software they believe to be useful but ends up being bad. But the threat of this Trojan is more like a phishing attack in that all it does is try to get your personal information.

    I assume Apple used this term because it is not as scary as Virus, malware, spyware or trojan. It implies that the user could avoid this problem by not getting caught off guard.

    Note: You are about a year late in your welcome. Apple started it's attack on this type of software over a year ago with 10.6 Snow Leopard. this is just an extension of that action.

  9. mark · 1194 days ago

    "A Trojan horse, or Trojan, is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system."

    what does MacDefender destroy?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.