Warning: New Mac OS X Spyware - OSX/OpinionSpy

[cwa107]

Sad news today:

Intego Security Memo - OSX/OpinionSpy Spyware Installed by Freely Distributed Mac Applications

Looks like this is actually being bundled in with legit OS X software as downloaded from several resources like MacUpdate, Softpedia and VersionTracker. No specific products are named, but apparently the payload is downloaded and installed during the program installation process.

Now, it does request administrator credentials to be installed, so experienced users should be undeterred, but we need to get the word out on this one.

 

[DarkestRitual]

I read that earlier, and then I was like, "wait... it's just another malware piece posing as a codec. Doh."

lol. So yes, continue to use common sense and all will be well.

 

[cwa107]

This is a bit more significant as it's being distributed through a number of different popular download sites. It's also bundled in with completely legal (i.e. non-pirated) screensavers and a functional video converter. I would consider it a non-issue, but it's no longer safe to point people to Apple's third party download site, MacUpdate, Softpedia, and VersionTracker, which are normally pretty good sources. This software is distributed by all of them.

There is no warning for the user, other than giving them a misleading statement about joining a market research survey (which should tip most seasoned users off), but nonetheless, it represents a much greater threat than those that were bundled with pirated Apple software and porn sites.

 

[chscag]

It does more than pose itself as a codec. According to the writeup by Intego, you can actually download this malware along with legitimate software from sites such as Mac Update and SoftPedia plus you don't know you've downloaded it. That's what makes this type of malware dangerous.

Having said that, we have to remember the folks who put out the security warning are also one of the largest sellers of AV and anti-spyware protection for the Mac. I noticed their basic package for the Mac is $49.95 for one year of definitions and protection.

Regards.

 

[DarkestRitual]

Yea, I figured most users could display some semblance of common sense, but I guess that is too much to ask these days. It's not the 90s anymore, people on computers aren't all the geeky scientific type anymore.

 

[harryb2448]

It requires installation as an application 'PremierOpinion' and reasonable precautions will prevent its installation. One wonders how much innocent information is purveyed by AV software dealers in their $49.95 p.a.?

The Mac Security Blog Preliminary List of Applications that Install OSX/OpinionSpy Spyware

Thanks cwa107 for the heads-up on this. No doubt the trumpets will start blaring about a Mac OS X virus. One question ~ does anyone actually use the list of applications referred to in the above link?

 

[McBie]

Hmmmm. so far only Intego is touting about it, but vigilance is the key word.

As a suggestion, I believe it is time to consider changing the name of the sticky on " The official Mac Antivirus and Firewall FAQ " to something that is suitable for the new era.

I consider this malware nothing more than a feeler to sense the water, and to be honest, the concept is nothing spectacular ... it is all plain simple stuff.
The fact how it goes about installing itself is the interesting part ... and believe me, it works. ( for the lack of a better word -_- )

Cheers ... McBie

 

[the8thark]

Having said that, we have to remember the folks who put out the security warning are also one of the largest sellers of AV and anti-spyware protection for the Mac. I noticed their basic package for the Mac is $49.95 for one year of definitions and protection.

Seems someone's trying to get more sales.

 

[EndlessMac]

It doesn't matter whether a person is using Mac or Windows. The biggest problem is some people are not aware of what they are doing. Even if you have an anti-virus program, it doesn't mean that you can safely do whatever you want because it's better to not get infected in the first place and not all viruses have known cures as of yet.

Part of the reason why viruses are so widespread on Windows is because people don't practice safe habits. Before I switched to Mac I've only had about 1-2 Windows viruses found on my Windows computer over a span of about 20 years. I didn't install them but was able to find them beforehand.

Since many people don't practice good safe computer habits, I still recommend anti-virus for Windows users. Although that sometimes creates the problem because people falsely think they are immune to all viruses and other problems because they have an anti-virus software installed. I think if more people feared viruses they wouldn't be installing so much random junk from the internet or from their friends. Just because your friend has installed it doesn't me that he/she isn't infected with something without knowing it.

 

[technologist]

Several developments:

1. Intego briefly released a list of products that include this malware. It consisted of

• Screensavers from some no-name Chinese company
• A no-name flash-to-mp3 converter

That's it.

2. MacUpdate and Versiontracker pulled the listings for these apps as soon as the list was made public.

3. Intego promptly removed said list from its site this morning, while updating the warning

So, yeah. Better run out and buy a copy of whatever Intego's selling right friggin' now! It's the only way to be safe!

 

[baggss]

I thought the exact same thing. Small number of Apps with the issue so leys hype it and sell some software!

 

[bobtomay]

Thanks tech - I was looking all over for some list of the supposed software this thing infects.

Reading their little paper makes you wanna run to the hills and pull evey machine you have off the net. At this point, sorry, but I have to wonder if Intego didn't hire the chinese company that put the thing in their own software.

 

[harryb2448]

Ahh well this is a long time marketing ploy of AV software companies.

http://reviews.cnet.com/8301-13727_7-10331147-263.html?tag=mfiredir