Print 

Author Topic: Warning: Coming soon to a Mac/Apple/Linux device!: Crimeware  (Read 1289 times)

Offline MrMxyzptlk

  • Posts Too Much
  • *****
  • Posts: 9208
  • Never backward,           always forward!
    • My 5th Dimensional Homepage
Lifted from ihotdesk.com
May 2, 2011, 11:41AM


Crimeware Kit Emerges for Mac OS X


by Dennis Fisher

Apple Crimeware kits have become a ubiquitous part of the malware scene in the last few years, but they have mainly been confined to the Windows platform. Now, reports are surfacing that the first such kit targeting Apple's Mac OS X operating system has appeared.

The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that's quite similar to the Zeus construction and has the ability to steal forms from Firefox.

"The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption," Peter Kruse of CSIS said in a blog post.

"The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well. The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye."

In an email exchange, Kruse said that the builder component of the kit runs on Windows machines and the user has the option of specifying that he wants the malware to run on OS X. The builder will then create a Mac binary.

Malware authors and professional attack crews have steered clear of the OS X platform for the most part, for a variety of reasons. One of the main things holding up the development of Mac-specific attack tools, experts say, is the small market share Apple has, particularly in the enterprise. However, that is gradually changing and the attackers are beginning to follow.

In addition to the new crimeware kit, a Mac-specific scareware attack also popped up on Monday, targeting users who searched for some popular terms on Google. The "MACDefender" scareware is appearing in search results for images of Osama bin Laden as well as in other places.

"In it's current incarnation, "MACDefender" shows up in the installed applications list, so can be uninstalled. If you have accidentally installed this, go ahead and uninstall it.  I would not expect this 'uninstall' option to be a good long term protection strategy. I'd suggest that OSX users disable 'Open safe files after downloading', and also invest in a reasonable anti-malware suite. Installing a real anti-malware package is also a good idea," Rob VandenBrink of the SANS Internet Storm Center wrote in an analysis of the scareware.




« Last Edit: June 03, 2011, 03:04:30 PM by MrMxyzptlk »
Mr. Mxy's current Word Corner word is catachresis    

Print