
@ O RLY
. . through rose coloured spectacles ?
Scareware wronguns have developed a neat but evil piece of coding trickery designed to dupe prospective marks into believing that Microsoft is endorsing their worthless scamware. A rogue anti-malware product called DefenceLab redirects infected PCs to Microsoft's Support portal, but modifies the HTML content as it returns so …
This post has been deleted by its author
The scammers are getting more clever, they no longer need to infect machines, they simply find ways to fool their marks into bouncing to dicky websites and pulling down the goods, through shite bolt-ons likes Flash, Javascript and dicky JPG and PDF files. The base libraries that read those technologies are usually the same the world over. As Apple makes more market penetration, those fancy metrosexual fanbois and their high-incomes are going to be too rich a prize to resist for the Lads from Lagos!
The Mac has security through blinkers and ear muffs! "La! La! La! I can't get infected! La! La! La! I'm perfectly free from Windows viruses!". Yep, well that still leaves the gaping great plank behind the keyboard and there's no AV for that my friend!
Here's the kicker.
Now how about I tell you I own 5 Apple machines and no Windows kit, but after 25 years IT I am not so arrogant to believe that just 'cos Steve "The Saviour" Jobs says it safe, it is, 'cos it ain't! OK? The Mac has security issues, just like Linux does, just liek BSD does, just like Billy's toy O/S does.
As Apple makes more converts from Windows and Apple seem care less and less about security, I genuinely fear for the safety of my OSX systems. I am investing time in learning to harden Linux, 'cos when that first worm/virus appears and Apple machines are falling that bowling pins, I'll be laughing at the fanbois!
how long it takes a mac or linux user to slip past the hubris detectors and make some smug, semi-honest but utterly worthless comment here...
Quite an interesting story though, I wonder if we'll get any stats at a later date about how many systems are compromised by this.
I'd be interested to know just what percentage of the general public are stupid enough to fall for this.
Wouldn't https offer a bit more protection from this kind of exploit? I know it establishes a secure connection but doesn't it also validate a page? This is a kind of man in the middle attack and verifying the page is unmodified would block this, wouldn't it?
Or isn't there some way that a browser/server could checksum a complete page and report if it had been modified? That wouldn't help if the browser itself was compromised to not do such a thing?
doesn't matter.
the thing is on your box. all hope must be abandoned.
SSL - yes, nice one. except the trojan can easily implant a trusted root certificate, making ANY site showing a signed cert valid.... well.
Anyway, it looks like the trojan REPLACES content on the end user side - so, https won't help here, anyway.
nice try though.