Yesterday, ESET announced the discovery of a new threat against the Apple Mac OS X platform. Today, we have found a new version of the same threat. The new version is similar to the previous version with two important differences. The first addition to this threat is that it now implements persistence on an infected
We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code
The MacDefender malware has morphed again, now taking the guise of "MacShield." As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all
In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it. I'll address the second question first. I think its safe to say the current malware would not be newsworthy if
The recent MacDefender Trojan has been receiving “rebranding” facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the
...criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads...the volume of reports picked up our ThreatSense.Net® telemetry suggests the likelihood of significant prevalence, though by no means an epidemic right now...
Further information on OSX/OpinionSpy
I like Macs. Not in an "OS X is God's own Operating System" sort of way, but I've owned/used many Macs, from SE/30s and IICX's to iMacs, eMacs and Macbooks. In fact, at least two of my books were written on the Powerbook which was my workhorse machine in my last couple of years at
I was in Cyprus when I first came across the story about this spyware, which I blogged about here and here. Unfortunately, although Intego reported on some of the screensavers that were associated with its distribution, I was obliged to update the blog and remove the link to that information, as it was removed from the
While I was at the EICAR conference earlier this week, I also co-presented (along with Pierre-Marc Bureau and Andrew Lee) a paper on "Security, Perception and Worms in the Apple"... so along with the new paper, I've made available again the paper on Macs and malware that I presented at Virus Bulletin in 1997.
If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest. @Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or
[Update: it appears that the information I had earlier was incorrect or out-of-date, and there has been loss of life. There's also a report from TechHerald suggesting early exploitation of the incident for SEO poisoning leading to fake AV. However, a quick scan currently (Monday evening) shows news items from such known malefactors as the
Inevitably, CanSecWest 2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR ) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone. For details and extensive comment see: http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/ http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/
Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.”
Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves. ;-) "Touching (or Bumping) Base" addresses a mixed bag of issues: Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products"
[Update: The Register's John Leyden has also commented on the issue at http://www.theregister.co.uk/2010/02/16/apple_bans_iphone_hackers/] There's been a burst of interest in the last day or so in the blocking of certain Apple IDs from the iTunes App Store. Some bloggers have suggested that this might be a precursor to a massive blocking of jailbroken phones from accessing
As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users. Dancho’s post, which has lots of other links, is at: http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460 David Harley CISSP FBCS CITP Director of Malware Intelligence ESET
These are a few questions relating to ESET's antivirus scanner for OS X, which is currently in beta, that I was asked in response to a post at Mac Virus. (If you want to take the beta out for a spin, you can still download it at http://beta.eset.com/macosx.) As these questions are very ESET-specific, I
No, I'm not talking about a newly-discovered and virulent OS X upconversion of SevenDust or AutoStart 9805. Mac Virus is a site founded by Susan Lesch in the 1990s, when pre-OS X Mac-specific malware was still a serious issue – AutoStart in particular caused significant damage back then – and cross-platform macro viruses were also a major