Skip to content

Posts tagged ‘virus’

29
May

The State of Mac Malware

There’s been a lot of buzz recently about the sudden increase in Mac-specific malware cropping up so far this year. First people raved about the fairly tame and unthreatening BlackHole RAT trojan, then Mac users had to watch out for a slightly more crafty but avoidable MACDefender trojan, and now there’s news of a more advanced malware kit (Weyland-Yutani Bot) that has the ability to steal data entered into Firefox (Safari and Chrome currently unaffected, but expected to follow soon). AppleCare has reportedly been receiving a significant number of calls about the MACDefender trojan, and has issued a support document on how to deal with it.

Clearly some change is in the air, but exactly how does it affect normal Mac users? I for one actively look for Mac-based malware (eg. MACDefender), and have never stumbled across it by accident. Maybe I need to surf on the ‘dark side’ of the web more often. I just wanted to give my take on recent events and the state of Mac malware, and why I don’t think there’s any reason to be too worried just yet.

Read moreRead more

27
Feb

New Mac OS X Backdoor Trojan (BlackHole RAT) in Development [Updated]

A ‘trojan’ targeting Mac OS X users, dubbed BlackHole RAT, appears to be in development. It’s a variant of a well-known series of malware called Remote Access Tools (RAT) that primarily targeted Windows. It should be noted that on its own, the trojan does not exploit OSX, instead relying on the user to unknowingly ‘install’ it. This is often done under the guise of pirated software, video plugins on porn sites, or from other non-reputable software sources. Although the details are not entirely clear, it appears like your computer needs to be directly accessible from the internet.

This ‘trojan’ (note the intended air quotes) has been blown out of proportion and does not pose a significant level of risk. Macs are not ‘less secure’ because of this tool, as it’s something that could be coded by any 14-year old with a relatively basic knowledge of programming. It’s essentially a normal application whose purpose is to accept connections from its owner, and allow them to perform actions on your computer, etc.

Hit the jump for the full details, a video and download link. Read moreRead more

3
Nov

Sophos Offers Free Mac Anti-virus

Sophos have released a free home edition of their anti-virus for Mac OS X users. This brings automatic on-access detection, and disinfection capabilities that cover Windows viruses/worms/trojans, as well as the few pieces of malware that currently exist for Mac OS X. Sophos claim that their antivirus does not use many resources, and thus does not slow the machine down like some A/Vs do.

They make the following statement which describes the current Mac malware situation fairly well:

Although malware is more common on Windows than it is on Macs, there is a growing concern that, as Mac OS X market-share continues to grow, the operating system will become a more attractive target for cybercriminals.

Even though I would rate the current malware threat to Macs as fairly low, we will undoubtedly start seeing more and more of it as Macs gain market share in the home. Attackers know that companies are getting better and better at protecting against malware, however home users are notoriously bad at protecting their systems and keeping them patched. Surely if you’re a regular visitor of Security Generation, you’re not one of those people ;)

I haven’t tested this yet, and Sophos aren’t the first to arrive on the Mac AV scene. ClamXav is a good free open source alternative, however one benefit of Sophos’ solution is the experience of their research team, and vast database of malware (don’t expect this to remain free forever). Although I personally wouldn’t pay for Mac AV just yet, there are also some good solutions from Kaspersky and Intego’s VirusBarrier.

1
Nov

USB ‘Dead-drops’ in New York City

Alright, so this guy has been going around New York embedding USB devices, known as ‘dead drops’, into walls and other objects in public spaces. The idea behind it is to provide an offline place for people to exchange files. While in principle I find this to be an awesome idea, unfortunately we live in the digital age, and in real terms this is about as safe as trading needles with other addicts in the alleyway.

Initially people will use these legitimately and trade some interesting files, pictures and videos; then it’ll be warez and pr0n, and then the things will become malware-infested USB ‘needles’ sticking out of walls. The malware may or may not be intentional – many people don’t have an antivirus, or don’t update it – but I’m sure some kids will be happy to teach a lesson to those naive enough to plug themselves in.

Apart from malware-infected files that will inevitably end up on there, people will soon start joining in and create their own USB dead drops. Some of these could be USB switchblades, USBsploit, or custom devices intended to perform USB driver exploitation [pdf] (Hi Rafa).

As art installations like these become more technologically interactive, people will have to think twice about the risks that may be involved.

[Update] New dedicated site (About and FAQ).

27
Oct

Mac OS X Java Trojan Horse: OSX/Koobface.A

Antivirus companies have discovered a new Java trojan horse, labeled OSX/Koobface.A (aka. Boonana), which spreads via social networks including Facebook, MySpace and Twitter. The Java applet masquerades as a video or photo gallery plugin, and requests access to the user’s computer.

If Allow is clicked, then the applet will attempt to obtain additional files from remote servers and join the computer to the Koobface botnet. Koobface is also known to try and steal credit card, and other personal information, from the user’s system.

I’d like to stress that this is a fairly non-event, and this kind of malware poses a low level of risk (hence the peaceful-looking blue triangle). It’s pretty clear that you shouldn’t allow websites, plugins and applets that you don’t trust, to access your computer. Just click Deny and that’s the end of it in this case. Snow Leopard does have some built-in anti-malware functionality, although I don’t know if or when it may be updated to detect Koobface. Either way, I wouldn’t run out to buy antivirus software just yet.

Note this trojan is not Mac OS X-specific, and also affects Windows and Linux systems.

Intego have a Security Memo with some additional details.

css.php
Free WordPress Theme
WordPress Themes