Since Lion Sophos is picking up threats.

crockers

MB Enthusiast
Joined
Mar 30, 2007
Messages
7,097
Location
North Wilts
Car
XC60 MY2014 SeLux Nav plus lot and lots of toys...
Since I have upgraded to Lion I have had three warnings from Sophos of threats. Never had one before in all the time I have been running Snow Leopard.
The threats are Mal/Oficia-A and Mal/Phish-A
I was on Apples website when they flashed up.

Has anyone had this happen? What are these? Thought Apple didn't need virus / malware software.

Have just looked them up and they are Windows based virus / malware so not affecting Mac. I will just delete them from Q manager.
 

dulayj

Active Member
Joined
Jun 22, 2011
Messages
539
Location
Near Winchester
Car
A 210/Volvo XC90
All operating software needs protection.Traditionally its been microsoft as the main focus because of the massive interest /number of users.
Apple with increasing usage will not be far behind and will attract increasing attacks.
Trend,Mcafee,nod32 and Norton antivirus /malware have good success rates.
check the web to see if compatible with your operating software.
 
OP
OP
crockers

crockers

MB Enthusiast
Joined
Mar 30, 2007
Messages
7,097
Location
North Wilts
Car
XC60 MY2014 SeLux Nav plus lot and lots of toys...
All operating software needs protection.Traditionally its been microsoft as the main focus because of the massive interest /number of users.
Apple with increasing usage will not be far behind and will attract increasing attacks.
Trend,Mcafee,nod32 and Norton antivirus /malware have good success rates.
check the web to see if compatible with your operating software.

I'm using Sophos on the Mac - just in case.
 

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,792
Location
Uxbridge
Car
G350, Duster, S320, 900ss and a few more
Mal/Oficia-A: This is a "dropper" - i.e. a website designed to put malicious code on your computer. Usually windows based, but not limited to windows anymore. In this case, it's a windows one.

Mal/Phish-A: This is a phishing web page and as such is not windows-only. That said, it's not a virus either... it's a social engineering attack, whereby you go to a site which looks real but in reality is fake and steals the information you give it.

Sounds like the page you were on was quite dodgy, and possibly a fake Apple store designed to steal your cc info or apple account details...

M>
 

ironsheik

Active Member
Joined
Feb 13, 2011
Messages
195
Location
Manchester.
Car
W204 C200CDI SPORT.
Theres a free app in the app store called Virus Barrier.. which scans the whole machine for potential threats... worth a try I guess..
 
OP
OP
crockers

crockers

MB Enthusiast
Joined
Mar 30, 2007
Messages
7,097
Location
North Wilts
Car
XC60 MY2014 SeLux Nav plus lot and lots of toys...
Mal/Oficia-A: This is a "dropper" - i.e. a website designed to put malicious code on your computer. Usually windows based, but not limited to windows anymore. In this case, it's a windows one.

Mal/Phish-A: This is a phishing web page and as such is not windows-only. That said, it's not a virus either... it's a social engineering attack, whereby you go to a site which looks real but in reality is fake and steals the information you give it.

Sounds like the page you were on was quite dodgy, and possibly a fake Apple store designed to steal your cc info or apple account details...

M>

Thanks - I went to Apple (United Kingdom)

Strange but since installing Lion this morning I have had 3 alerts. 18 months on Snow Leopard = 0
 

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,792
Location
Uxbridge
Car
G350, Duster, S320, 900ss and a few more
Thanks - I went to Apple (United Kingdom)

Strange but since installing Lion this morning I have had 3 alerts. 18 months on Snow Leopard = 0

One of my first clients wanted their antivirus management console fixed... the issue was quite simple, they never allowed it to talk to the clients through the firewalls, so it never collected any data...

My manager got a call a week later telling him that I must have done something wrong as since I fixed the management console, they were getting all sorts of alert emails telling them they were infected...

Clearly, must have been my fault :p

Just because you don't get alerts doesn't mean they're not there... conversely, just because you do get alerts, doesn't mean there's a problem. It's a complex world, and gives people like me a job ;)

Finally, to add some paranoia... as more people move to mac computers, it starts making financial sense to "invest" the resources in coding malware and exploits for OsX... so while 5-10 years ago, there really wasn't a point in coding something to attack a mac-user, now it's starting to make sense.

As such, we will see more and more things target OsX... (just the other day I saw a nice piece of scareware pop up on my macbook... I was impressed enough to take a lot of screenshots and click through a few windows... great material for my next presentation!)

M.

EDIT:
Thanks - I went to Apple (United Kingdom)

Strange but since installing Lion this morning I have had 3 alerts. 18 months on Snow Leopard = 0

Apple's website was recently attacked and found to be vulnerable to XSS (cross site scripting, i.e. putting your code on someone else's site so it runs on the clients). As such, it's quite possible you were one of the "victims" of this attack. (this was about a week ago if memory serves me). In which case, the issue would be on apple's servers and not your machine :)
 
Last edited:
OP
OP
crockers

crockers

MB Enthusiast
Joined
Mar 30, 2007
Messages
7,097
Location
North Wilts
Car
XC60 MY2014 SeLux Nav plus lot and lots of toys...
Just had an alert whilst on this site.... hmmm me thinks Sophos is at fault.
 

John

Hardcore MB Enthusiast
SUPPORTER
Joined
Mar 3, 2011
Messages
13,601
Location
UK
Car
Skateboard
It is also possible your Sophos is picking up 'false positives' i.e. code which resembles a virus but which is in fact not.
 

jepho

Active Member
Joined
Apr 14, 2011
Messages
210
Car
W203 C220 CDI Coupe
Just had an alert whilst on this site.... hmmm me thinks Sophos is at fault.

Often the 'solutions' are worse than the virus. OS X is a *nix-like environment and that means you do not have to run as root with a high level of administrative privileges. Sophos, Norton, McAfee, Intego, ClamAV and others are better served by you being afraid and scared of every little thing they wish to report. A little sensible use of your computer will prevent the need for wholesale fear. AV software is only as good as the latest definition in its files. A day-zero attack may take your machine out just because the AV software doesn't yet know about it.

Any potential attack vector is rather unlikely to take a Unix-based system to the ground. I would also suggest that you keep a vanilla (completely clean and unused) account that gets you up and running easily, if you should suffer from some social engineering attack. Keep a current backup and store one backup off-site if you have critical data that must never be destroyed.

Avoid having public facing areas of your computer and remove publicly accessible folders unless you absolutely must share your data with others. Find better means of distributing data. PDF files, CSV files and low resolution jpeg images are my personal choices. Remove all public access to your machine. Exercise care with file handling applications like Dropbox and when using any social networking sites like twitter and facebook for example.

Don't respond to any e-mail messages that appear to have come from unfamiliar addresses. Some people like to preview the first few lines of a message. I don't do that but it may save you from opening something malicious. Set your e-mail rules so that you can keep a very tight watch on what your mail program will accept or delete without question.

Do not click around the web randomly and only go to websites which you know, trust and can vouch for. Never click on anything which asks you for personal details and access privileges to your machine.

If you are obsessional, then you could try reading Apple's own hardening advice which is recommended. The linked example is for Leopard server but it helps you to understand the sort of issues which you should be considering.

As an aside... I do not use any AV software on any of my computers because of the large performance hit and the opportunities which I try hard not to present to miscreants who would help themselves to my computers. :)
 
Last edited:

John

Hardcore MB Enthusiast
SUPPORTER
Joined
Mar 3, 2011
Messages
13,601
Location
UK
Car
Skateboard
A day-zero attack may take your machine out just because the AV software doesn't yet know about it.

Yes, this is where the heuristic capability of your chosen AV software is tested...

As an aside... I do not use any AV software on any of my computers because of the large performance hit and the opportunities which I try hard not to present to miscreants who would help themselves to my computers. :)

I take it you only run Macs?

I would never recommend this on a PC due to the risk from legitimate sites being compromised and passing this on to you.

I've never had a virus personally since 1990, either detected with signatures or heuristically, but within the last year, I have once instance of malware, which I believe came from a drive-by.

I only browse legitimate sites on this (my 'clean machine') and never go off the beaten track.

I don't host email on my machine and have not as yet even been invited to take part in nasty socially-engineered nastyness.
 

jepho

Active Member
Joined
Apr 14, 2011
Messages
210
Car
W203 C220 CDI Coupe
Yes, this is where the heuristic capability of your chosen AV software is tested...



I take it you only run Macs?

I would never recommend this on a PC due to the risk from legitimate sites being compromised and passing this on to you.

I've never had a virus personally since 1990, either detected with signatures or heuristically, but within the last year, I have once instance of malware, which I believe came from a drive-by.

I only browse legitimate sites on this (my 'clean machine') and never go off the beaten track.

I don't host email on my machine and have not as yet even been invited to take part in nasty socially-engineered nastyness.

Yes Macs only; since the passing of Win2k. I was fed up fighting the good fight with Windows and what seemed to me to be a low productivity ratio of hours spent using it when compared to work actually completed. XP was always looking for new drivers and falling over inexplicably and generally... it was getting on my nerves.

I accept that windows PCs have probably improved a great deal since those bad old days but I wont be going back because there are no compelling reasons to do so. In an ideal world we would all be platform agnostic but I had so much work ruined and then there was the time which had to be spent fixing stuff that I would not reconsider introducing that sort of disruption to my workflow again.

e-mail is one of the saving graces of the 'net while being the vector most likely to pull a machine to the ground. I like the idea of not hosting it myself but I have not the courage to pass much of my mail traffic to some other service.
 

ben_e71

New Member
Joined
Jul 12, 2011
Messages
25
Car
1 series
yes this is all good debate but the reality is that I too have loads of sophos flags when browsing the web - this site included for phish-a - which I didn;t get before upgrading to Lion

SO there must be an issue with sophos.

It only used to flag on dodgy scam emails before.
 

jepho

Active Member
Joined
Apr 14, 2011
Messages
210
Car
W203 C220 CDI Coupe
yes this is all good debate but the reality is that I too have loads of sophos flags when browsing the web - this site included for phish-a - which I didn;t get before upgrading to Lion

SO there must be an issue with sophos.

It only used to flag on dodgy scam emails before.

Sophos

"Your data is secure, but can you prove it? If you can’t, your company could face fines, negative press and loss of business. We can help.
We give you what you need to keep your data safe and your business compliant."


I have not seen any more insecurity in OS X 10.7.0 than all of the previous versions and the reality is that it is very likely more secure.
Sophos = company making AV products
Sales & Marketing = Create fear in your user base

It is unsurprising to me that the language used is 'data loss' or 'compliance' from a company with a mission to sell AV software. It is quite possible that the software bleating about threats is a deliberate ploy to encourage users to buy increased levels of so-called protection.
 

balge

Active Member
Joined
Jul 28, 2010
Messages
827
Location
Central England
Car
Mercedes-Benz W124
Aaah bless, has Apple finally got enough users to attract the script-kiddies then?
 

balge

Active Member
Joined
Jul 28, 2010
Messages
827
Location
Central England
Car
Mercedes-Benz W124
So did they finally increase their share of the OS market then? Is it 10% yet? Have they sold a copy of Apple Server ?
:rock:
 

jepho

Active Member
Joined
Apr 14, 2011
Messages
210
Car
W203 C220 CDI Coupe
I think that their latest quarterly report speaks volumes. That is from a company that were as near to bankrupt as makes little difference. Like 'em or loathe 'em, Apple seem to be riding a large wave at the moment. Being a fan of Unix means that I like using their OS and I think their products offer fair value for money. I cannot speak for anyone else and I am not emotionally attached to the machines I use for my work. :)
 

John

Hardcore MB Enthusiast
SUPPORTER
Joined
Mar 3, 2011
Messages
13,601
Location
UK
Car
Skateboard
Have they sold a copy of Apple Server ?
:rock:

I'd never even heard of Apple Server but I did ask one of our Mac operators and he said a previous company he worked at used it - so that's at least one copy sold...

I guess if you were a really small design house using only Macs, it is probably a good idea.

:dk:
 

balge

Active Member
Joined
Jul 28, 2010
Messages
827
Location
Central England
Car
Mercedes-Benz W124
No problem with Unix myself, been playing with a BSD distro recently, even better value! ;)
OS X is certainly better value than W7....hehe DARWIN in action

cheers!
 

Users who are viewing this thread

Top Bottom