Intego
Latest
Fake Apple billing email is circulating
Not surprisingly, scammers are targeting Apple customers with a fake phishing email asking them to update their account billing information. People who are new to Apple and probably received their first Mac or iOS device during the holiday season are particularly vulnerable to this scam. This group of customers would not be surprised to receive an email from Apple shortly after they signed up for iTunes for the first time. According to Intego, the email has the same silver coloring as Apple's website and includes the Apple logo to make it look authentic. If you click on the link within the email, you'll travel to a website that closely resembles Apple's website. Of course, there's a login on the fake page that'll steal your Apple ID and password if you make the mistake of logging into the site. On the next page, there's a form that'll steal your credit card information if you willingly submit this information to the fake site. The only way to tell that this email is a scam is to look closely at the URL contained in the email. The link in the email says "store.apple.com", but the underlying URL directs you to page named "apple.htm" on a server that does not belong to Apple. Depending on your email client, you only have to put you pointer over the link to see a pop-up box that'll expose this fake web address. A real link to Apple's website will end in "apple.com" and not some random name or number like the one shown above. To be extra cautious, you should avoid clicking on links in an email and go directly to Apple's website by typing in "store.apple.com" into your web browser. Once you've manually logged into your Apple account, you can then update your billing information, if necessary. [Via CNET]
LaCie Little Big Disk Thunderbolt SSD review
Thunderbolt's the newest kid on the connection block, and its greased-lightning transfer rates make for an awfully attractive alternative to USB and FireWire for those who move big chunks of data on the regular. Despite its many advantages, it's still in its infancy, so there are few peripherals supporting the 10Gbps interface. LaCie's Little Big Disk Thunderbolt SSD is among the first to make use of Apple and Intel's new data superhighway, and it pairs a couple of 2.5-inch, 120GB Intel 320 series SSDs in RAID 0 configuration to take full advantage of all that bandwidth. But, such speed comes at a hefty cost: $899.95 when it goes on sale later this month. Is it as quick as they say? Is it worth the money? There's only one way to find out, so let's see how the latest Little Big Disk handles itself, shall we? %Gallery-138735%
Two new Mac malware concerns: Tsunami and DevilRobber
As reported yesterday by Computerworld, there are two malware threats for OS X to concern yourself with (temporarily). The first, Tsunami, isn't much of a threat yet. The other, DevilRobber, may be slowing your Mac down as we speak. Here's more info on each of them. Tsunami Basically a ported version of some rather old Linux malware, Tsunami isn't being seen widely just yet. Still, the trojan appears to be evolving, and has even been updated for Macs in the variant Tsunami.A, as discussed on this ESET Security blog post. What does Tsunami do? The original was a backdoor program, which uses IRC to control your machine and coordinate Distributed Denial of Service attacks. Tsunami.A adds the ability to copy itself, and includes an updated IRC command and control server (which were not active at the time ESET wrote their post). Thus far, Tsunami is merely on the radar and appears to be in active development, but not widely disseminated yet. DevilRobber While Tsunami may be on the horizon, DevilRobber is out there right now, and could be slowing your Mac down. DevilRobber, as Intego reports, isn't just one thing, it's a Trojan horse, a backdoor (allowing control), it can steal data (and surreptitiously mine Bitcoin virtual currency) and it can send personal data to servers (thus making it spyware as well). Sounds nasty, eh? Apparently the malware installs DiabloMiner, which is used in creating Bitcoins. Using this legit software, DevilRobber, aka OSX/Miner-D, can suck up processor cycles and generate the hashes used in Bitcoin's currency. Essentially the malware is using your computer to generate Bitcoins likely without you knowing what is going on. Worse, Sophos senior tech consultant Graham Cluley told Computerworld that DevilRobber can take pictures of your screen, thus stealing sensitive info, and "it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history" -- all of which are bad things. So how big a threat is DevilRobber? Chances are, if you don't download torrents of commercial Mac software, you're fine. Intego's Mac Security Blog has some more info on DevilRobber, but for now it doesn't appear to be widespread. Also, as with Flashback.C, some users are reporting that if you have LittleSnitch installed and enabled the malware will bail. As usual, we suggest you don't illegally download commercial software via Bittorrent and only download from trusted sources (a developer's site is a good bet, and don't forget about the Mac App Store). If you suspect your machine may be infected, schedule a trip to a local Genius Bar or use antivirus software to scan your machine.
iWork '09 trojan infects at least 20,000 machines?
Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.[Via Macworld]
New variant of RSPlug trojan making the rounds
Our friends at Intego sent out an alert this morning, warning users about a new variant of the RSPlug trojan horse, found on several adult websites. The risk to users is classified as "medium." RSPlug trojans, themselves a form of DNSChanger, change local DNS settings to redirect to phishing sites for banks, PayPal, and eBay. All these trojans must be downloaded at the user's request, and an administrator password has to be supplied. When visiting certain sites, the user is alerted that there is a "Video ActiveX Object Error" and is told that their "Browser cannot play this video file." The alert instructs the user to download the "missing Video ActiveX Object." If the user clicks OK, a disk image called "cleanlive.dmg" downloads (which may change in the future). Depending on the user's browser settings, this disk image may mount and installation may automatically start. Intego VirusBarrier X5 users are, as you might imagine, already protected. Updating your virus definitions today will improve detection. And, as always, be careful where you put your mouse online.
'MacGuard' double-plus ungood, avoid
The fine folks at Intego sent out a warning this morning about MacGuard, a bogus piece of software that claims to clean up your system and remove adware, spyware, and trojans. It doesn't. According to the warning, MacGuard is simply a clone of a Windows app called WiniGuard. The company releasing the software, Innovagest 2000 SL, may be using the credit card numbers they harvest during the purchase process for "nefarious purposes." WiniGuard "hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program," according to Sunbelt Malware Research Labs. While our fine readers wouldn't get suckered into such a scheme, parents, grandparents, aunts and uncles might not be so educated. If you know someone with a Mac who might fall for this, do them a favor and forward them this warning. The MacGuard website is at macguard.net.
Watch out for PokerGame trojan
In the wake of the ARDAgent vulnerability discovered yesterday, we all have something new to look out for: OSX.Trojan.PokerStealer is the official name of a trojan horse masquerading as a poker game. The trojan is distributed in a 65K .zip archive. According to security company Intego, running the trojan activates SSH, and transmits the username, password hash, and IP address of the computer to a server. It asks for an administrator's password after displaying a message about a corrupt preference file that needs to be repaired. The "PokerGame" application is 159,843 bytes, and includes the text "Copyright 2008 Andrew" in the version information (visible in Get Info). As always, please remember to use extreme caution when running applications downloaded from the Internet, or received via email. Thanks to Rosaline from Intego for the heads-up.
