Feeds

Mac security update leaves users open to ugly Flashback

One threat down, another to go

Using blade systems to cut costs and sharpen efficiencies

Apple has updated the malware protection built into its Mac operating system to flag a recently discovered trojan that hijacks users' machines by masquerading as a benign document. Malware disguised as an Adobe Flash installer, meanwhile, remained unchecked.

The file quarantine, which Apple snuck into a prerelease version of Snow Leopard in 2009, was updated to include a definition for Trojan-Dropper: OSX/Revir.A, which antivirus provider F-Secure disclosed on Friday. According to an update on F-Secure's blog, the malware disguises itself as a PDF file in an attempt to trick users into clicking on it.

“The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background,” stated the F-Secure analysis, which was posted Monday. “As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet.”

By Tuesday morning, Apple had added a definition for Revir.A into the file quarantine feature, our review of a Mac running OS X Lion, aka 10.7, has shown. By our count, it's the 10th definition to be included, although two of them cover malware with the identical label of “OSX.HellRTS.” The definitions are stored in a file called XProtect.plist tucked away in the /System/Library/CoreTypes.bundle/Contents/Resources/ folder.

Apple engineers pushed out the update around the same time that a new trojan was discovered menacing Mac users. According to Mac antivirus provider Intego, the Flashback trojan is built on a sophisticated code base that installs a backdoor on infected machines, and covers its tracks by using encryption when communicating with remote servers.

This isn't the Flash installer you're looking for

“The backdoor is able to download further software, but, for now, we are not seeing this activity,” Intego's analysis stated. “It is also able to update itself, and creates an Sha1 hash of the malware to see if it has changed. If the Sha1 of the software version on the server is different from that installed, this means that an update is necessary.”

With the explosive growth of Macs, iPhones, and iPads, malware purveyors have finally begun targeting Apple products after years of almost exclusive focus on Microsoft users. Earlier this year, an outbreak of fraudulent Mac antivirus products ignited a huge spike in support calls from frantic Mac users who had been tricked into installing a piece of malware called MacDefender. Apple eventually added definitions for it to its file quarantine, as well.

This story to be continued. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.