Apple showers love on Mac malware protection
Feeds Snow Leopard's neglected Xprotect
For only the second time in 19 months, Apple has updated the signatures used to protect Mac users against malware attacks.
An update released Monday for Mac OS X 10.6, aka, Snow Leopard, adds detection for a trojan known as OSX.OpinionSpy. The malware comes bundled with Mac screensavers and applications available on various websites, according to Marco Preuss , a researcher with antivirus provider Kaspersky Labs. Once installed, OpinionSpy mines personal information entered into Safari, Firefox and elsewhere and sends it to servers controlled by the attackers.
Kaspersky has seen just 13 OpinionSpy infections since the beginning of the year, mainly by users located in India.
The addition brings the total number of malware signatures included in Snow Leopard to four. The malware protection debuted in an OS X beta released in mid 2009 with signatures for just two well-known Mac trojans, known as RSPlug and iServices. Apple later updated the malware protection to detect a backdoor threat known as HellRTC, which was detected in April, according to Mac AV provider Intego.
The protection, which many are calling Xprotect, provides a popup window that warns users that the program they are trying to install “will damage your computer” and should be moved to trash. The warning is provided only when the files are downloaded using Safari, Firefox, Mail, Entourage, iChat and a handful of other applications. According to an analysis from 2009, the window is not activated if the same malicious file has been downloaded using Skype or transferred from a DVD, CD or thumb drive.
It's unclear what the criteria is for adding signatures to Xprotect. Mac security experts say the number of known malware applications that target OS X is probably in the hundreds.
The addition was part of a monster package of Snow Leopard security patches that fixed 56 vulnerabilities, including one that researcher Charlie Miller had hoped to use two weeks ago at the annual Pwn2Own hacker contest. The exploit went unused because another contestant drew a higher lottery number and was able to compromise the Mac dedicated to the competition first.
At least 45 of the bugs Apple fixed on Monday made it possible for attackers to execute malicious code, according to Apple's advisory. ®