Feeds

Apple showers love on Mac malware protection

Feeds Snow Leopard's neglected Xprotect

Intelligent flash storage arrays

For only the second time in 19 months, Apple has updated the signatures used to protect Mac users against malware attacks.

An update released Monday for Mac OS X 10.6, aka, Snow Leopard, adds detection for a trojan known as OSX.OpinionSpy. The malware comes bundled with Mac screensavers and applications available on various websites, according to Marco Preuss , a researcher with antivirus provider Kaspersky Labs. Once installed, OpinionSpy mines personal information entered into Safari, Firefox and elsewhere and sends it to servers controlled by the attackers.

Kaspersky has seen just 13 OpinionSpy infections since the beginning of the year, mainly by users located in India.

OpinionSpy warning delivered by Snow Leopard

The addition brings the total number of malware signatures included in Snow Leopard to four. The malware protection debuted in an OS X beta released in mid 2009 with signatures for just two well-known Mac trojans, known as RSPlug and iServices. Apple later updated the malware protection to detect a backdoor threat known as HellRTC, which was detected in April, according to Mac AV provider Intego.

The protection, which many are calling Xprotect, provides a popup window that warns users that the program they are trying to install “will damage your computer” and should be moved to trash. The warning is provided only when the files are downloaded using Safari, Firefox, Mail, Entourage, iChat and a handful of other applications. According to an analysis from 2009, the window is not activated if the same malicious file has been downloaded using Skype or transferred from a DVD, CD or thumb drive.

It's unclear what the criteria is for adding signatures to Xprotect. Mac security experts say the number of known malware applications that target OS X is probably in the hundreds.

The addition was part of a monster package of Snow Leopard security patches that fixed 56 vulnerabilities, including one that researcher Charlie Miller had hoped to use two weeks ago at the annual Pwn2Own hacker contest. The exploit went unused because another contestant drew a higher lottery number and was able to compromise the Mac dedicated to the competition first.

At least 45 of the bugs Apple fixed on Monday made it possible for attackers to execute malicious code, according to Apple's advisory. ®

Remote control for virtualized desktops

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.