Malware has come to the mac.
Currently, if you search for Adobe Flash Player, the first result is often as sponsored ad which offers a Very Convincing adobe-looking website where your end-user can download “Installer.”
If you click the link it will take your a website trying to pass as something Adobe like “Download Adobe Flash”
Once installed, this bad boy will throw up ads after a while, and generally be the kind of thing you might want to remove.
Website trying to pass as something Adobe like “Download Adobe Flash”
Lets say for example you are a very “click” happy internet user and don’t’ see the details of this site and go ahead and download this software
Notice the url for the website “http://us.download-update.org/lp/adobe-flash/344/” which is not a Adobe site
At this point if you still try to install the software Mac OS X will post you a warning since this app was downloaded with a File quarantine-aware application.
When you open a file received through a quarantine-aware application, OS X warns you where the file came from. You receive an alert asking, “Are you sure you want to open it?” You should click Cancel if you have any doubts about its safety.
Quarantine-aware applications include Safari, Messages, iChat and Mail.
These attributes include date, time, and a record of where the file was downloaded from.
If you have multiple user accounts on your Mac, the user account that downloaded the file is the only user account that can remove the quarantine attribute on a file. All other user accounts can open a quarantined file, but they are still presented with an alert asking “Are you sure you want to open it?” every time they open the file.
In the main screen of the installer here is where you really need to be paying attention, but most users just get click happy and click install.
But if you are paying attention you will read clearly this is not an genuine Adobe product, “The above are 3rd party offers are not associated with Adobe”, but to the unassuming user it looks like a “Flash Player”
Think that is crazy read the EUL for this piece of software here http://www.installmac.com/eula
The installer will even tell you it is about to install something not so nice.
Where does it come from?
Software like the above would be considered “adware” which is software that automatically displays or downloads advertising material (often unwanted) when a user is online
Some adware comes from bad download sites, like Softonic and Download.com. However, these days, the vast majority of adware seems to come from torrents.
Why is the problem getting worse?
Obviously, the people behind all this adware are having success making money from it. Advertisers are spending lots of money to put ads on your computer screen, and often they don’t understand exactly who they’re doing business with or how their online advertising is going to work. Unethical hackers also frequently take advantage of advertising networks, using tricks to put ads in front of users’ eyes in such a way that they get paid for it.
How to Avoid
A lot of unwelcome software ends up on your computer in part because of something you did or did not do.
Here’s how to avoid unwanted spyware or adware:
Be selective about what you download to your computer. Make sure you really need a program before downloading it. And if you’ve never heard of the software maker, read its website carefully to learn more about the people behind the technology, as well as the technology itself.
Read licensing agreements.
It can seem daunting to read these agreements, but to play it safe, don’t just scroll to the bottom and click the “I accept” button when installing freeware. Instead, read each agreement carefully and look for language pertaining to any information-gathering activity, which could mean that you’ll get spyware or adware along with your freebie.
Read the EUL for the above piece of software here http://www.installmac.com/eula
Watch out for anti-spyware scams.
The Web is rife with “anti-spyware” tools that do little or nothing to prevent spyware. Some even make it worse. Purveyors of these tools often provide free scans, which almost invariably identify hundreds of spyware programs on your computer. They then immediately ask you to buy their bogus product.
Beware of clickable advertisements.
Try to avoid programs–especially freeware–that flash clickable ads. These ads should be a red flag. If you click the ads, it’s possible someone is watching how you respond to them.
Other ways to protect yourself
First of all if you are a Sewelltech customer who is on our Watchman Monitoring service and Sewelltech Managed Software Updates service you will automatically be protected.
What is Watchman Monitoring Service
Watchman Monitoring is a Software as a Service (SaaS) offering which monitors the health of Mac and Linux computers (Windows support coming in Late 2014). Watchman Monitoring Service provides Sewelltech’s Apple Certified Technicians hourly reports on over 100 health issues such as disk I/O errors, backup functionality, and RAID status.
The question becomes – is Watchman Monitoring anti-malware? Well, yes and no. We only run hourly, so we’re not going to warn immediately, but that’s Ok. No single malware detection software can find all threats. Watchman Monitoring helps out by providing an additional layer of malware checking to your existing solution.
Sewelltech Managed Software Updates
Simply put, Sewelltech Managed Software Updates allows Sewelltech’s Apple Certified Technicians to deliver software updates safely to a group of Macintosh computers without either having to install updates on each machine individually, or allowing users to have administrative access to their machine, then relying on the user to install all the necessary updates on their own.
With ever increasing threats of Malware possibly affecting Mac OS X through internet sources like Adobe Flash, Java, and other sources, Apple has taken the steps to safe guard OS X by releasing a “blacklist” of vulnerable versions of these plugins as well as other sources of malicious software. This has proven to be both a good thing and a bad thing. The good is that malicious threats are stopped before they can spread quickly, but it also renders software that is required in day to day business operations inoperable.
When a new package is released, Sewelltech’s Apple Certified Technicians download and test the new package to ensure that it is safe to install. Once we are satisfied that the new update or software package is good, we release the update to all users subscribed to our service.