PDA

View Full Version : New Malware for Mac



lclev
06-14-2017, 05:21 PM
Supposedly we can now go "shopping" on the dark web for mac specific malware. So what are your thoughts about this: http://www.komando.com/happening-now/404382/mac-malware-now-distributed-for-free-on-the-dark-web?utm_medium=nl&utm_source=notd&utm_content=2017-06-14-article-title

Lisa

pm-r
06-14-2017, 07:04 PM
My God,

Is she still babbling on, on the web…???




- Patrick
======

Randy B. Singer
06-15-2017, 10:51 AM
Supposedly we can now go "shopping" on the dark web for mac specific malware. So what are your thoughts about this: http://www.komando.com/happening-now/404382/mac-malware-now-distributed-for-free-on-the-dark-web?utm_medium=nl&utm_source=notd&utm_content=2017-06-14-article-title


My thoughts are that Kim Kommando isn't a Macintosh user. She is a Windows user without a clue about the Macintosh, printing clickbait.

I recommend that folks not get their Macintosh news and advice from Windows users. Stick to the known and trusted sources for Macintosh news and advice.

You might like:

Macintouch
http://www.macintouch.com

Macworld
http://www.macworld.com/

Appleinsider
http://appleinsider.com/

MacRumors
https://www.macrumors.com/

lclev
06-15-2017, 01:21 PM
Well I asked for opinions - thanks! I sometimes listen to her on Sunday evenings as I am driving back to church. She is good for the newbie user as she will patiently answer their questions. She does give the impression of preferring Apple products. I could be wrong - I am sure I was once or twice. ;D However she does promote antivirus apps for mac for what that is worth.

Randy - thanks for the links. The only one I did not have in my lineup of sites to checkout is Macintouch. I will take a look at it.

Lisa

pm-r
06-15-2017, 04:00 PM
The only one I did not have in my lineup of sites to checkout is Macintouch.


Wow. I thought every Mac tech type user would have visited that site at least several times. But I will admit that newer users might have missed it, but many years ago, it was almost one of the only Mac type sites around.

I don't recall what software I used to access it way back when, but I do recall listening to the modem tones and squeals as it got access to read some of the daily offerings it provided. :D

But I must admit that I haven't visited it nearly as much as I used to, so thanks also for the reminder and nudge.





- Patrick
======

ProTruckDriver
06-16-2017, 10:58 AM
Thank you for the links Randy. I just added Macintouch and Appleinsider to my list. :)

lclev
06-17-2017, 09:50 AM
I think you guys forget - I just got into macs in 2013. I am a Windows convert so I missed all the earlier stuff. That is why I got started on this forum. Bought my a MB Pro and joined this forum less than a month later. I can safely say I have learned a ton of information here. What I love about this forum is the patience and sincere effort to help from the people who contribute. And even when I get something wrong no one gets snarky or mean... There are many many forums that can not say that.

Lisa

chscag
06-17-2017, 07:37 PM
There are many many forums that can not say that.

Brings back memories of the UseNet Windows forums that I visited in my Windows days. You needed a flame retardant suit to post on them. There are still some Mac forums where civility is not the standard especially when discussing political subjects. And yes... there is one particular very popular Mac forum (not mentioning names) that allows political discussions and discussions of just about anything else.

lclev
06-17-2017, 08:34 PM
Brings back memories of the UseNet Windows forums that I visited in my Windows days. You needed a flame retardant suit to post on them. There are still some Mac forums where civility is not the standard especially when discussing political subjects. And yes... there is one particular very popular Mac forum (not mentioning names) that allows political discussions and discussions of just about anything else.

I do know to which you refer.... and I refrain from posting on any of the political threads. It solves nothing and just becomes an exercise in futility.

Lisa

pm-r
06-17-2017, 08:37 PM
And yes... there is one particular very popular Mac forum (not mentioning names) that allows political discussions and discussions of just about anything else.


Actually there are several I can think of that have sunk to such low levels and even also include religion "discussions" i.e. just flaming threads now, or when I last took a peek. Even one of the more famous Canadian Mac sites has now included such threads and associated topics.

It would be nicer if they just split up into separate sites and removed the Mac name and/or any Mac association. At least for normal Mac users.





- Patrick
======

lclev
06-17-2017, 08:54 PM
Patrick - I agree but sadly in this day and age it is becoming more acceptable and the norm to fling insults at anyone who disagrees with their views. The internet has become the favored place to do that as it lends easily to posters feeling anonymous and thus expressing a lot of hateful garbage that they never have to answer for. Oh well, I could go on but it would solve nothing. Just sad.

I do agree that separating the political/religious topics from the Mac topics would be nice - create two different forums. But I have a feeling the political/religious topics create more traffic and that makes the revenue go up.

Lisa

Randy B. Singer
06-17-2017, 09:18 PM
There are many many forums that can not say that.



I'm on about a dozen Macintosh discussions lists, and on all of them the members are extremely friendly and helpful. To my mind, that's how Macintosh users are and always have been. Things got a bit dicey there for a while back a few years ago when there was a huge influx of Windows users to the Macintosh as part of the halo effect from the popularity of first the iPhone and later the iPad, but things quickly settled down.

Discussion groups in the old newsgroups have always tended towards being like the Wild West because they don't engender any sense of community and, being un-moderated, any headcase can join and act out unimpeded.

If you want a recommendation for one or more other discussion lists to hang out on, let me know in private e-mail, and I can recommend one for you. There are lists that cater to newbies, lists that are more into being a social gathering, lists that focus on the hardest questions users have, and lists that have an unusual number of gurus on them. Let me know what you want and I can point you in the right direction.

dtravis7
06-18-2017, 06:51 AM
Well I asked for opinions - thanks! I sometimes listen to her on Sunday evenings as I am driving back to church. She is good for the newbie user as she will patiently answer their questions. She does give the impression of preferring Apple products. I could be wrong - I am sure I was once or twice. ;D However she does promote antivirus apps for mac for what that is worth.


Lisa

Lisa, A friend way back when told me to listen to Kims show. I did for a while and heard her praise Macs and other Apple products many times. Like you said she gives good advice to a lot of very neophyte users and is very patient. I also one time heard her say she was a Christian.

Just more lately though there are too many ads on her site and emails I get from her and she does push using an AV app with Macs.

She is though a very nice person but no one is perfect in knowledge as you know. I know a LOT but sometimes someone knows something I don't know.

Anyway, thought I would let you know what I knew about her.

Cr00zng
06-18-2017, 08:05 AM
Supposedly we can now go "shopping" on the dark web for mac specific malware. So what are your thoughts about this: http://www.komando.com/happening-now/404382/mac-malware-now-distributed-for-free-on-the-dark-web?utm_medium=nl&utm_source=notd&utm_content=2017-06-14-article-title

Lisa
From the perspective of raising awareness about mac specific malware, I appreciate Kim's article. Ransomware-as-a-service had been available for a relatively long time for the Windows OS, it's been a question of time when it'll be offered for Mac-OS. While both the current MacRansom and MacSpy are relatively lame, they will get better with time. The troubling part is that seemingly the mac specific malware is getting to be a financially viable option, hence offering it as a service.

While I take AV companies quarterly threat reports with a grain of salt, the chances are that it does indicate a trend:

26632

Source: https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf

So, yeah, Kim's article has some positives. People should be aware that the mac isn't as immune against malware as it used to be and it changes rapidly nowadays...

chscag
06-18-2017, 12:52 PM
Not to dispute what you wrote above, but I take anything that comes from McAfee with a large grain of salt. They have long been known to tilt statistics in their direction in order to sell more of their AV software. ;D

Cr00zng
06-19-2017, 09:49 AM
Not to dispute what you wrote above, but I take anything that comes from McAfee with a large grain of salt. They have long been known to tilt statistics in their direction in order to sell more of their AV software. ;D

Oh man, I was hoping you would... :) But seriously...

It's not just McAfee, others like Symantec, Kaspersky, etc., do the same. And it isn't just Mac platform, they do the same for Windows and others as well. But even if one would take these report seriously, all it does is proving the ineffectiveness of the AV.

For example, the image in my posting shows ~460K malware for the Mac in Q4/16. For argument sake, let's just do some approximated calculation for 90 days:

New malware released:
Per day: 460,000/90=5,111
Per hour: 5111/24= 213
Per minute: 213/60= 3.5

Let's say that the AV has 99.9% detection rate, very unlikely but go with that. Even then the AV won't detect five new malware per day. And that's just for the Mac, Windows numbers are ~20 times greater...

lclev
06-19-2017, 09:54 PM
I found out something interesting today. We have a young man who is in the national guard/army and he has to go to a website to check on a variety of things including keeping tabs on his men. He has an id with a chip in it that goes into a USB reader to be able to log on.

What I found interesting was the site was unencrypted (no https) so I had to show him how to work around the warnings from chrome that the site was not safe. Even after he put in his card and pin he still had to tell chrome to ignore and to go to the site.

I found that strange unless there is some other encryption going on that I am unaware of???

Lisa

chscag
06-19-2017, 10:07 PM
I also find that strange. The DOD id dongle is supposed to only be used with encrypted sites. I have no idea if the National Guard (each state is a bit different) follows along with the same guidelines that DOD dictates. I suspect though it's as you say that encryption is taking place - maybe thru the dongle.

lclev
06-19-2017, 10:33 PM
I hope so. He says he has always had issues getting logged in. Since he and his wife decided to unplug at home he now needs to use our internet service and a computer - which is fine. I had offered to provide one when he first started working for us but he said he had no use for a computer. He has limited computer skills so I know better than to ask in depth questions. I was just amazed that there was a lack of encryption.

Lisa

Cr00zng
06-20-2017, 10:23 AM
I also find that strange. The DOD id dongle is supposed to only be used with encrypted sites. I have no idea if the National Guard (each state is a bit different) follows along with the same guidelines that DOD dictates. I suspect though it's as you say that encryption is taking place - maybe thru the dongle.

Yes, the dongle and/or Common Access Card does include PKI digital certificates that can be used to encrypt the communication between the workstation and server. I'd be surprised, if it is not used via the middleware on the dongle. The PIN is for accessing the middleware and the PKI keys, after three incorrect entering the PIN, the chip will lock.

State employees of the National Guard and eligible contractors are required to comply with FIPS 201 government mandate. The chances are that it is an extension/sub-domain of the DOD access control.

lclev
06-20-2017, 10:34 AM
Thanks for the information. The co-worker had no idea how it was supposed to work. He thought he had to download and install a driver for the USB card dongle but Windows 10 just installed it using it's drivers. We have it working but it is annoying to have to keep click advanced and telling Chrome to access the site even though it reads it as unencrypted. You would think the site would have encryption too.

Lisa

Cr00zng
06-21-2017, 03:05 PM
Chrome, like any other browsers, is looking for SSL connection in this case that's not there. Should there be? I don't know, one is six and the other is half a dozen in this case. As long as the connection is encrypted by other means, in this case via PKI, it should be just fine. SSL connections have the man-in-the-middle attack that is mitigated by the PKI secured connection. In addition, PKI provides positive ID for the end user that is easier to log, or rather evaluate, than the SSL connection.

The access to the public and private keys on the card must be secured pretty good. Otherwise, one could swipe both of them and steal them, together with the PIN, via the man-in-the-browser attack. I am pretty certain that they are locked down, but I didn't look in to the inner working of the CAC, or Common Access Card...