Posted by: David Harley | June 2, 2010

Mac Spyware OSX/OpinionSpy

[Further update: Intego have published a less detailed update at http://blog.intego.com/2010/06/02/further-information-about-the-osxopinionspy-spyware/]

[Updated]

Mac security firm Intego has reported that a spyware application it calls OSX/OpinionSpy is being spread as a program called PremierOpinion. 

According to Intego, the user is required to install the program, which is claimed to be a market research utility, as part of the installation process for a number of screensavers and at least one other application made freely available and obtainable from legitimate sites including as MacUpdate, VersionTracker and Softpedia. Intego originally posted the names of some screensavers and an application that downloaded the spyware app, but that post seems to have been removed, so I’ve removed the information I originally quoted here, at least until I’m able to find out why it was removed. (Thanks to Alex, who pointed out that the link I’ve removed no longer works.)

The programs that download it are not in themselves detected as malicious. However, it sounds to me as if they might be candidates for detection in their own right as malware downloaders, especially as in some instances the user is not aware that the “utility” is required until the “innocent” program is being installed.

David Harley FBCS CITP CISSP
Mac Virus

Advertisements

Responses

  1. […] – 7Art Screensavers You may recall that I was slightly confused when Intego published and then “unpublished” a list of screensavers published by 7Art […]

  2. How is this MalWare? When the software is install the user is presented with a EULA that states information will be gathered and sent back to the company. Symantec has looked at this and has determined it is not MalWare. It’s sneaky software that may collect more info that one would think is necessary, but it’s a stretch to call it spyware.

    • That depends on your definition of malware. In fact, some products detect this as adware. Nonetheless, in my book, a deceptive EULA is grounds for describing a program as malicious. However, I’ll reserve final judgement on that till I’ve seen a sample.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: