Washington Apple Pi

A Community of Apple iPad, iPhone and Mac Users

The End of .Mac, Trojans and Scams

© 2008 Lawrence I. Charters

Washington Apple Pi Journal, reprint information

Four things have occurred over the past several weeks to make life a bit more dangerous for Macintosh owners. Two of the things are positive, and two most decidedly negative.

The positive things: on July 11, 2008, at 8 a.m., the new iPhone 3G went on sale. Somewhat sleeker, twice as fast, and with hundreds of revolutionary applications offered through a new App Store, it promises to make the powerful pocket computer that thinks it is a phone even more powerful. The first version of the iPhone sparked a million sales in 74 days; the new version reached that mark in just three days.

Along with the coming of the new iPhone came the end of something old: Apple's .Mac service. Technically, .Mac didn’t go away; it was changed, in order to take advantage of the new iPhone software, and renamed  MobileMe, showing a continuing Apple penchant for silly online services names. (Anybody remember iTools? How about eWorld?) MobileMe offers a number of new and innovative features, but it also discontinued some features offered by .Mac. These changes resulted in widely publicized service outages and delays in the days leading up to the introduction of the iPhone 3G. On the whole, however, MobileMe seems like a positive development, offering vastly improved synchronization services and much more online storage for current .Mac and future MobileMe subscribers.

.Mac scam letter

This E-mail looks pretty good: it has the proper color scheme, the language is reasonably Apple-like, and there are none of the usual scam-message typos. Click on the image to get a full-size view.

But not all developments have been positive. In June 2008, Sophos, a vendor of anti-virus software, announced the discovery of a Mac Trojan horse. The OSX/Hovdy-A Trojan is a small program that, when downloaded onto a Mac OS X machine, attempts to steal passwords, disable the firewall, and disable other security settings. The good news is that, because this is a Trojan horse rather than a computer virus, it cannot spread on its own. So unless you copy the program from somewhere and, after copying it, launch the Trojan and authorize it to run on your computer, you don't need to be concerned.

The bad news is that there is a scam out there designed to trick Mac users into doing just that. And what makes this scam so clever is that it plays on user frustrations with recent .Mac service disruptions, and subscriber uncertainty about the change from .Mac to MobileMe. Hackers have started issuing forged .Mac customer service messages, telling users of "billing problems" with their .Mac accounts. The messages look pretty much like you would expect an Apple .Mac message to look, with the same artwork, and much of the same language. Many users will assume the fake billing problem is "another symptom" of the changes in service, and rush to correct the non-existent problem. Only the site linked in the E-mail message is not owned by Apple, and has nothing to do with .Mac; the site is designed to steal passwords, account information, and Social Security numbers.

.Mac scam server

By hovering your mouse pointer over the embedded link in the E-mail, you can see that the link does not send you to Apple but, rather, to a server registered in Yugoslavia (.yu); the expected store.apple.com is stuck at the end to make it look like the server address. Click on the image to get a full-size view.

.Mac scam server 2

In this second example, the server is www.satc.net -- definitely not an Apple address. Again, the expected store.apple.com address is stuck at the end to make it look like an Apple server address. Click on the image to get a full-size view.

One variant goes beyond such common schemes, however, and attempts to trick the user into downloading the new Mac Trojan. Described as an update, presumably the Trojan will then cheerfully hack into Mac OS X and, as Sophos suggested in their press release, steal passwords, disable the firewall, and modify security settings.

Be warned. The world is a dangerous place, and uncivil people are targeting your Mac.