Scammers plunder gullible iPad owners' backdoors Malware scammers are trying to trick early iPad buyers into installing backdoor software on Windows machines, according to a security firm. The miscreants are punting emails claiming that the bigphone needs an iTunes update for "best performance, newer features and security", to be installed via their PC. Malicious links …
So, does the fact that scammers are targeting <1m people with Windows-specific malware mean that they should be falling over themselves to target the vastly greater user base for OS X?
If yes, why isn't it happening? (I know ~3 trojans exist for OS X, but there should be many orders of magnitude more)
If no, why not? (because it's obviously not due to market-share...)
then I realised that only the email needs to be tailored towards iPhad buyers -- since hte email is the easy part then that's not exactly hard to do. To target OSX (or BSD or Linux) would take a good deal more effort -- even if it were as easy to write exploits for as Windows (which I doubt).
It's easier to exploit any *nix machine that you might think, with most *nixes it's much easier than doing so on Windows, it's just laziness that stops most people, that and the lack of knowledge of such systems, and the fact that the effort involved doesn't pay as highly as just doing it to Windows. Now, a properly secured *nix machine is one of the toughest nuts to crack, but the reality of the situation is
Let's look at OSX, a UNIX (why God, why!?), operated mainly by types even the BOFH would try to avoid like the plague. Most of these folks don't even know they're using a UNIX system, and therefore only rely on whatever security Apple gives them, which is usually pretty minimal, they also usually run services that are very open and easy to pick at. These are all basically insecure *nix machines open to the net, and breaking into and/or installing software onto an insecure *nix machine is about as easy as it gets.
"Let's look at OSX, a UNIX (why God, why!?), operated mainly by types even the BOFH would try to avoid like the plague. Most of these folks don't even know they're using a UNIX system, and therefore only rely on whatever security Apple gives them, which is usually pretty minimal, they also usually run services that are very open and easy to pick at."
"Very open and easy to pick at" you say? If they're so easy, why don't we ever hear about Mac viruses? Another poster wrote that there are three trojans for OSX. Three. That's as many in total as are released on Windows every day.
"These are all basically insecure *nix machines open to the net, and breaking into and/or installing software onto an insecure *nix machine is about as easy as it gets."
I challenge you to break into an OSX box remotely and let us know how you get on...
OSX machines are cracked constantly at hacker meets and compilations. The only reason there aren't more OSX viruses is user base. The most optimistic figures from Mac blogs like OSX Daily show only about 11 percent share for Apple stuff. That would severely limit the potential size of a botnet when compared to windows devices. It has nothing to do with security or the supposed IQ of OSX users.
'OSX machines are cracked constantly at hacker meets and compilations'... when a security analyst spends several days of research to write a program(bug) to link onto HIS site to exploit on the day. It took him less than 2 minutes on his Macbook to log in and pull up HIS site.
There must be some 300,000 various 'virus' writers in the world with several formed every day. That's enough to fill 3 large stadiums. So in unison, they will ALL say: 'The only reason there aren't many exploits out there is because there's less of an install base, thus less of a target and not worth the trouble.' That is a cop-out.
While Apple waves a red flag as an invite to signal 'here is your chance'. If someone boasted and bragged in front of me and said how great they were, I would try my best in any way, by any reasonable means and (300,000) resources to bring that person down a peg or two.
'The only reason there aren't more OSX viruses is user base.' Cop-out!
I think you'll find, if you put your tiny, leaking brain back in its spongebag for just a second, that quite a few IT techies have shifted to the OSX platform as they spend all day faffing about with busted WIndows kit, they need a machine that simply works when they get home. Much as I love the penguin and all his ilk, the last thing I want to do when I get home is spend 4 hours trying to remember the magic command to get my desktop up and running, I do it all day long. I just want to go home and use something that doesn't make me want to put my fist through the wall when my browser crashes for the want of running a simple flash animation.
I suspect it's because to have bought a Mac, you have to have made some kind of choice, OK, not necessarily the correct choice, but a choice nonetheless. That implies that you are at least vaguely aware of what a computer is/does and therefore somewhat less likely to fall for a ridiculous scam.
As much as the typical Apple customer is missing common sense, I'd still wager that the average 'computer IQ' level, if you will, in Mac users is substantially higher than the average Windows user. Couple that with the fact that market share is still a lot lower than Windows, and I'd guess you're still better off aiming scams at Windows users. The tipping point can't be far away though.
" Since buyers are likely to have a lot of disposable income and not much sense, they make a great target for e-criminals."
People with lots of money tend not to be in the business of giving it away. That's *why* they have lots of money. So no, they're rarely a good target for e-criminals. (Yes, there are exceptions, but that's no excuse for painting everyone with a few pennies to rub together as a moron.)
Just ask the banking industry.
> People with lots of money tend not to be in the business of giving it away.
I think Chanel & Versace would beg to differ here.
I recall someone bragging about how they saw all of the people in First Class running iPads. Nothing says "blow the wad like a sailor on leave" like First Class airline seats.
However, that's not the point so much since the malware pretends it's a software update. It doesn't show up like a sales pitch or a Nigerian scam. It's probably meant to get into the parts of the mark's wallet that usually requires a crowbar and blowtorch.
"that's no excuse for painting everyone with a few pennies to rub together as a moron"
That's why he qualified it with the statement "and not much sense". I know reading a sentence with more than 11 words in it can be a real pain, especially for your rich types who probably don't have much time on your hands in between all the trips you need to make to the safe to stroke your money, but do try and keep up.
Obviously someone didn't get the joke. Do people with a lot of disposable income also lack a sense of humor ?
Also, people with a lot of disposable income aren't the same as people with a lot of money. Disposable income just means that you earn a good bit more than what you are obligated to pay out each week/month/year. It doesn't necessarily mean that you accumulate wealth.
Now go play with your iPad.
Perhaps you missed the point of why Bootcamp is so popular. Or Parallels for that matter. It seems a fair portion of Mac fans tend to run at least one Windows OS somewhere in their chain of computing hardware (remember the PR about tablets/iPads targeting people seeking a 4th or 5th computing device, after their 2 home computers, iPhone, and perhaps iPoD/Touch/Nano/misc Apple hardware).
And as for the other previous comment regarding "rich" people being so by not giving away money....the malware is a backdoor keylogger of sorts. It doesn't ask you to pay $40 to a "full version," it simply sniffs your bank info, CC details, etc. and shuttles them of to some data logging server. No "give me money" needed. That and it is easier to hide a few thousand dollars of bank transfers/charges amongst an account that have more than $6k/mo flowing through it.
The quote in the article didn't say anything about "having a lot of money." It mentions "disposable income." The two concepts are not the same thing. "Having a lot of money" implies that you save what you earn, invest, or have some other means of accumulating wealth that you do not blow on junk. Disposable income refers to the moneys left are weekly/monthly financial obligations are met. It does not mean that you save or accumulate this money. I have a decent amount of disposable income, but I don't necessarily hold on to it...
That's the question a LOT of people are going to want answered, if I don't miss my guess. Of course, a lot of iPad users have been blogging about them, or tweeting about them, etc. ad nauseam. I suppose if you simply searched on google or twitter for "my new ipad" you'd get a lot of addresses right there. But still, there will be questions.
Regarding OS's and market share - possibly the reason that malware authors tend to target windows specifically has something to do with this ...
http://www.w3schools.com/browsers/browsers_os.asp
Without saying anything about relative security, even the least popular MS OS comes out twice as popular as Macs and Linux, with overall market share hovering around 90%. Granted this is just stats from w3schools, but they do seem to reflect what's happening in the world at large.
Just sayin', is all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
