Feeds

Apple showers love on Mac malware protection

Feeds Snow Leopard's neglected Xprotect

Remote control for virtualized desktops

For only the second time in 19 months, Apple has updated the signatures used to protect Mac users against malware attacks.

An update released Monday for Mac OS X 10.6, aka, Snow Leopard, adds detection for a trojan known as OSX.OpinionSpy. The malware comes bundled with Mac screensavers and applications available on various websites, according to Marco Preuss , a researcher with antivirus provider Kaspersky Labs. Once installed, OpinionSpy mines personal information entered into Safari, Firefox and elsewhere and sends it to servers controlled by the attackers.

Kaspersky has seen just 13 OpinionSpy infections since the beginning of the year, mainly by users located in India.

OpinionSpy warning delivered by Snow Leopard

The addition brings the total number of malware signatures included in Snow Leopard to four. The malware protection debuted in an OS X beta released in mid 2009 with signatures for just two well-known Mac trojans, known as RSPlug and iServices. Apple later updated the malware protection to detect a backdoor threat known as HellRTC, which was detected in April, according to Mac AV provider Intego.

The protection, which many are calling Xprotect, provides a popup window that warns users that the program they are trying to install “will damage your computer” and should be moved to trash. The warning is provided only when the files are downloaded using Safari, Firefox, Mail, Entourage, iChat and a handful of other applications. According to an analysis from 2009, the window is not activated if the same malicious file has been downloaded using Skype or transferred from a DVD, CD or thumb drive.

It's unclear what the criteria is for adding signatures to Xprotect. Mac security experts say the number of known malware applications that target OS X is probably in the hundreds.

The addition was part of a monster package of Snow Leopard security patches that fixed 56 vulnerabilities, including one that researcher Charlie Miller had hoped to use two weeks ago at the annual Pwn2Own hacker contest. The exploit went unused because another contestant drew a higher lottery number and was able to compromise the Mac dedicated to the competition first.

At least 45 of the bugs Apple fixed on Monday made it possible for attackers to execute malicious code, according to Apple's advisory. ®

Security for virtualized datacentres

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.