Previous 1 2 3 4 5 6 Next 86 Replies Latest reply: May 22, 2011 4:57 PM by R C-R Go to original post
  • R C-R Level 6 (17,385 points)

    Rayced wrote:

    So posting about the tools and methods used by a security team that was published now is a speculation over a single case study that is not even made with an initial report of the configuration for the machine used in the test?

    You posted nothing specific about any case at all. You mentioned the names of some security specialists, the name of a monitoring tool you represented as the standard, & some vague references to a few types of malware exploits. You have demonstrated no specific knowledge of this malware, of any attempts to analyse it by anyone, or of the security features built into OS X.


    Your position is that since you know nothing about this malware, you advise returning the Mac to factory condition. You don't mention anything about how to do that or how to to avoid reinstalling the malware when returning the Mac to a useable state.


    You have done nothing but speculate.

  • Rayced Level 1 (15 points)

    You lied more than once. That's enough.

  • Tropicoco Level 1 (145 points)

    Please come to your senses, this is not supposed to be for what you guys are doing here. I am getting more notifications than spam and there is nothing that have being said in days that anyone can benefit from.

    You know what they say: If you don't have any smart thing to contribute with... I am tired of this drama, let it die already.

  • Rayced Level 1 (15 points)

    Question: does exist any analysis of the traffic (ie sniffing packets) made by the trojan horse while sitting on a system for a while and free to go online? Because till now all I've read is how to respond to the incident in case the trojan was just installed and its traffic was blocked by Little Snitch (application level firewall).


    It's a either a yes or no the answer and has nothing to do with me singing the anthem of my country.

  • babowa Level 7 (29,155 points)

    Rayced wrote:


    You lied more than once. That's enough.


    That is a personal attack. This may be appropriate in your country, but it is not appropriate here. It is also in violation of the ToU:


    1. Stay on topic. Apple Support Communities is here to help people use Apple products and technologies more effectively. Unless otherwise noted, do not add Submissions about nontechnical topics, including:
      1. Speculations or rumors about unannounced products.
      2. Discussions of Apple policies or procedures or speculation on Apple decisions.
    2. Be polite. Everyone should feel comfortable reading Submissions and participating in discussions. Apple will not tolerate flames or other inappropriate statements, material, or links. Most often, a "flame" is simply a statement that is taunting and thus arbitrarily inflammatory. However, this also includes those which are libelous, defamatory, indecent, harmful, harassing, intimidating, threatening, hateful, objectionable, discriminatory, abusive, vulgar, obscene, pornographic, sexually explicit, or offensive in a sexual, racial, cultural, or ethnic context.
    3. Post constructive comments and questions. Unless otherwise noted, your Submission should either be a technical support question or a technical support answer. Constructive feedback about product features is welcome as well. If your Submission contains the phrase “I’m sorry for the rant, but…” you are likely in violation of this policy.
    4. Do not post polls or petitions or links to same.
    5. Test your answer. When possible, make sure your Submission works on your own computer before you post it.


    Unless you have a constructive comment or solution which works on your computer, please refrain from further flames and other inappropriate replies such as accusing a regular contributor of trolling or your post(s) will be reported.

  • WZZZ Level 6 (12,810 points)

    Don't you have any other bones to go chew on, somewhere else?

  • Rayced Level 1 (15 points)

    Talking about the ToC… Sorry ToU.

    I bounce my question cause it's getting covered up by things not pertinent, hoping is not such an "abuse" (like revealing informations that an user didn't put public on the board):


    does exist any analysis of the traffic (ie sniffing packets) made by the trojan horse while sitting on a system for a while and free to go online? Because till now all I've read is how to respond to the incident in case the trojan was just installed and its traffic was blocked by Little Snitch (application level firewall).

  • WZZZ Level 6 (12,810 points)

    OMG, I give up! Go here.

  • ronaldz Level 1 (5 points) has a good set of removal intructions  key words  remove mac defender


    Virus Barrier seems to be a good freeware application for this type of problem


    CNET had a good balanced article on this topic 19 May 11 " How bad is the Mac Malware Scare?"

  • R C-R Level 6 (17,385 points)

    The CNET article quotes something worth thinking about:


    "The news stories were making it worse because it makes Mac users worried and they are more convinced that the fake antivirus warning is real," Intego spokesman James said in an interview today. "It's a self perpetuating process."


    That process includes some well meaning but uninformed Mac users that overstate the threat this trojan poses to users. It is called "scareware" for a reason: it can't do anything malicious unless users are scared enough to be tricked into installing it, which requires authenticating with an admin ID & password.


    Even if you do that, it is installed as a user process with no direct access or ability to alter system domain files. Quitting it using Activity Monitor, moving the app to the trash, & emptying it will stop it from executing anything. Even if you don't remove the login item after doing that, at worst you will see an error notification the next time you log into that account.

  • Rayced Level 1 (15 points)

    Sure. Keep it and if you dump it don't use the secure trash empty function.

    And if you had that trojan running for a while on your Mac, don't worry: just erase (no secure trashing is needed) that app and that's it, you're gonna be fine.


    Have you tried this on your system R C-R?

    Otherwise is a speculation.

  • R C-R Level 6 (17,385 points)

    As far as I can tell, everything you imply this trojan could do is pure speculation, based on absolutely no experience with it, and almost completely ignores the several analyses of its various forms done by A-V companies or by any other source, much less how they suggest removing it.


    This isn't a particularly sophisticated attack. It's installer scripts are straightforward -- if they were not, would not run them. They don't try to compromise the OS itself. Neither they nor the app contain anything capable of hiding or preserving code in drive sectors the file system thinks are free. Even if they managed that, there is nothing installed that would survive a normal erase left to somehow access those hidden sectors to somehow bring the code back or execute it.


    The app is the entire payload. It runs as a user process & has no direct access to system level files or the file system. It certainly can't reboot the Mac or even run itself from a user login item during a safe boot.


    If you have any real evidence that the trojan can do any of these things you imply it can do, please present it. Otherwise, do everyone a favor & support the removal techniques that have been shown to work.

Previous 1 2 3 4 5 6 Next