Saturday, March 29, 2008

The VERY SCARY Second Mac OS X Malware Arrives: Troj/MacSwp-B




"MacSweeper"
from "Imunizator" sounds like slackerware right off the bat. In this case it is nasty spooky SCAREWARE! Run for your life, yawn, zzz.

This slackerware is actually a few weeks old, but since it was discovered by Sophos it has officially become 'malware'. The BIG question: What DAMAGE does this rubbish do to your Mac????

Nothing at all.

Thus I yawn.

So is this actually 'malware'? Well, it is in the sense that it takes advantage of the eternal 'wetware vulnerability' problem, damaging your personal sense of logic, scaring you into thinking you need to pay for this fraudulent crapware or your computer will meet a horrible doom. (And yes everyone, I was the one who invented the term 'crapware'. Seriously! I'm not kidding! - Well, actually a friend pointed out it is an obvious term that anyone could have created. So much for my creativity).

Then what does this thingy actually do? By definition this is SOCIAL ENGINEERING malware. It is a form of PHISHING. This particular method is very old, like well over a decade. Here is how it works:

1) You download the thing because it was offered at a nefarious website you shouldn't have visited. (NOTE: Instead you should have checked VersionTracker or MacUpdate to see if they had ever heard of it and consider it a worthwhile program, which they don't. Then you should have Googled its name to see if there are reports about its reputation).

2) You install and run it. (This is very naughty. Don't do this with anything you have not already verified to be legitimate, having a good reputation).

3) It pretends to scan your Mac's "Universal Binnaries". (Again: Slackerware much?)

4) It then lies to you and says you have privacy violations that require your attention or you'll suffer the consequences. And of course the only way to avoid this terrible fate is to pay for this crapware in order to activate its ability to fix the fake problems.

5) You pay for the crapware. You lose your identity. The crooks use your identity to buy lots of toys and stiff you with the bill. They then sell your identity to others and further stiffing behavior continues until you or your credit card company get the clue and stop payment, invalidating your card. And that's not fun, OK?

Do you need to buy anti-malware to protect you from Troj/MacSwp-B? NO. Clam will do nicely, thank you. Instead you should familiarize yourself with social engineering strategies. You can read about social engineering at:

Wikipedia

Here is the source report of Troj/MacSwp-B:

Sophos

You can read a snide evaluation of Troj/MacSwp-B at:

Mac-Daily News

As MDN sez:
"Do not download, authorize, and install software from unknown, untrusted Websites or any other sources."

Especially, never-ever provide your administrator password when installing or running ANY program unless you know absolutely, totally, fur shur that the software is legitimate. Otherwise you are giving away the farm and the malware rulz your Mac. And that's bad, OK?

Now go watch something
really scary like the latest US political speech on CNN. Yes, mentally-challenged fascist vampires do exist.

Tuesday, March 11, 2008

Version 12.0.1 Security Update for Office 2008


Microsoft today released the version 12.0.1 update for Mac Office 2008. It contains security as well as bug patches. It has repairs for every application in Office 2008. Included are fixes for:


1) "... Vulnerabilities that an attacker can use to overwrite the contents of a computer's memory by using malicious code."

2) Issues that can cause Office 2008 to stop responding or quit.

3) Over 20 bug repairs.

Needless to say, this update is 'CRITICAL'.

You can read more about it HERE and HERE.

You can download it HERE.

You can get toss Office in the dumpster and replace it with the free/donationware NeoOffice HERE. Recommended. It is a thoroughly 'Macified' version of OpenOffice for X11. It has over twenty features that the X11 version does not. It can read and write most Office files. It includes a word processor, spreadsheet and presentation program. It has built-in support for Microsoft's new 'OpenXML' document format found in Office 2007 and Office 2008. It invented the new ISO 26300 OpenDocument universal file standard. It has a new QuickLook plug-in. It has a Spotlight importer. Its HTML code export feature follows international web standards (unlike Office 2008). It can export presentations to Flash format. It still supports Visual Basic for Applications macros (unlike Office 2008). It is also compatible with WordPerfect and Microsoft Works documents. You can compare the rest of its feature set with Office HERE. And yes, it really is free and well worth supporting.

;-Derek

Sunday, March 9, 2008

Office for Mac 'CRITICAL' Security Flaw


The SANS Institute is well known for its IT security training. They typically go a bit overboard trying to FUD Mac users. But if you ignore that rubbish they are a very good source of computer security information. If you are interested they also have a very good Mac security course schedule. I wouldn't mind attending!


This week SANS reported that Microsoft are going to be releasing four security bulletins on March 11, 2008. All the bulletins discuss 'CRITICAL' security flaws. Three are in Microsoft Office and one is in Microsoft Office Web Components. The affected versions of Office and its applications are Office 2000, Office XP, Office 2003, Excel, Office Outlook and Office for Mac. The vulnerability of interest here is the one affecting Office for Mac. You can read more at:

http://www.eweek.com/c/a/Security/Microsoft-Critical-MS-Office-Patches-Coming/
http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx

When I learn specifics about this flaw I will have a follow-up post.

This information was provided in SANS NewsBites Vol. 10 Num. 19. You can obtain a free subscription at:

http://portal.sans.org/
_