Giveaway: Bracketron Case If outdoor adventures are in your future this summer, enter to win a Bracketron Sport Case with Mount Strap from MacNN and keep that iPhone, iPod or other electronic device safe from the elements.      
toggle

AAPL Stock: 454.74 ( + 1.77 )

http://www.macnn.com/articles/11/10/19/could.open.affected.macs.to.other.attacks/

Mac Trojan attempts to disable OS X anti-malware safeguards

updated 01:40 pm EDT, Wed October 19, 2011

 

Could open affected Macs to other attacks


A Mac Trojan now in circulation attempts to disable OS X's built-in anti-malware protection, known as XProtect, according to security firm F-Secure. Identified with the label OSX/Flashback.C, the Trojan first decrypts the paths of XProtectUpdater files, then unloads the XProtectUpdater daemon. To finish the job, the malware then overwrites the XProtectUpdater files with a blank character.

Without XProtectUpdater in action, OS X can no longer fetch further updates to its list of definitions, making it possible for subsequent attacks to go unchallenged. F-Secure remarks that it's common for malware to try to disable a computer's defenses. Flashback.C, though, may be the first Mac-oriented malware to intentionally try crippling XProtect. The technology is built into OS X Lion, as well as recent versions of Snow Leopard.


by MacNN Staff

Post tools:

TAGS :

 security, Snow Leopard, OS X, Lion

Related Articles

Recent Articles

toggle

Comments

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +13
    10/19, 01:54pm | report spam | Reply |

    how is it circulating?

    Would be nice to know how this one is packaged.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004

    +4
    10/19, 03:09pm | report spam | Reply |

    comment title

    Top notch reporting, as always. How is it being spread?

    it also says "attempts". It either works or it doesn't work. Which is it?

  1. Grendelmon

    Forum Regular

    Joined: Dec 2007

    +3
    10/19, 03:37pm | report spam | Reply |

    For real reporting, here you go:

    http://www.macrumors.com/2011/10/19/tweaked-trojan-disables-automatic-updating-of-os-x-anti-malware-tools/

  1. Mr. Strat

    Junior Member

    Joined: Jan 2002

    0
    10/19, 03:41pm | report spam | Reply |

    FUD time again

    Uh-oh...a company that sells anti-virus software is warning us about a possible infection.

  1. blue80907

    Fresh-Faced Recruit

    Joined: Mar 2005

    +1
    10/19, 04:58pm | report spam | Reply |

    MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked. If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +3
    10/19, 05:23pm | report spam | Reply |

    ah, fake Flash Installer

    so that is how it is being spread. Fake Flash Installer trojan.

  1. The Vicar

    Junior Member

    Joined: Jul 2009

    0
    10/19, 10:48pm | report spam | Reply |

    Possibly old news?

    I just checked, and XProtect's definitions already include this trojan, and the date of the XProtect definitions update is October 11, so apparently Apple has quietly been watching for this for more than a week now.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    10/20, 02:27pm | report spam | Reply |

    Re: MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked.

    Links? Ads? Oh, are you not reading MacNN in Firefox with AdBlock set up to block all that clutter? Man, you don't know what you're missing.

    If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

HTC One

It is hard to understate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming declin ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

HighPoint RocketU 1144CM USB 3.0 PCI-E card

Apple was one of the first -- if not the first -- major computer manufacturers to provide then-fledgling USB support at the expense of ...

toggle

Most Commented

 

Popular News