toggle

AAPL Stock: 441.69 ( + 0.34 )

http://www.macnn.com/articles/11/10/19/could.open.affected.macs.to.other.attacks/

Mac Trojan attempts to disable OS X anti-malware safeguards

updated 01:40 pm EDT, Wed October 19, 2011

 

Could open affected Macs to other attacks


A Mac Trojan now in circulation attempts to disable OS X's built-in anti-malware protection, known as XProtect, according to security firm F-Secure. Identified with the label OSX/Flashback.C, the Trojan first decrypts the paths of XProtectUpdater files, then unloads the XProtectUpdater daemon. To finish the job, the malware then overwrites the XProtectUpdater files with a blank character.

Without XProtectUpdater in action, OS X can no longer fetch further updates to its list of definitions, making it possible for subsequent attacks to go unchallenged. F-Secure remarks that it's common for malware to try to disable a computer's defenses. Flashback.C, though, may be the first Mac-oriented malware to intentionally try crippling XProtect. The technology is built into OS X Lion, as well as recent versions of Snow Leopard.


by MacNN Staff

Post tools:

TAGS :

 security, Snow Leopard, OS X, Lion

Related Articles

Recent Articles

toggle

Comments

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +13
    10/19, 01:54pm | report spam | Reply |

    how is it circulating?

    Would be nice to know how this one is packaged.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004

    +4
    10/19, 03:09pm | report spam | Reply |

    comment title

    Top notch reporting, as always. How is it being spread?

    it also says "attempts". It either works or it doesn't work. Which is it?

  1. Grendelmon

    Forum Regular

    Joined: Dec 2007

    +3
    10/19, 03:37pm | report spam | Reply |

    For real reporting, here you go:

    http://www.macrumors.com/2011/10/19/tweaked-trojan-disables-automatic-updating-of-os-x-anti-malware-tools/

  1. Mr. Strat

    Junior Member

    Joined: Jan 2002

    0
    10/19, 03:41pm | report spam | Reply |

    FUD time again

    Uh-oh...a company that sells anti-virus software is warning us about a possible infection.

  1. blue80907

    Fresh-Faced Recruit

    Joined: Mar 2005

    +1
    10/19, 04:58pm | report spam | Reply |

    MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked. If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +3
    10/19, 05:23pm | report spam | Reply |

    ah, fake Flash Installer

    so that is how it is being spread. Fake Flash Installer trojan.

  1. The Vicar

    Junior Member

    Joined: Jul 2009

    0
    10/19, 10:48pm | report spam | Reply |

    Possibly old news?

    I just checked, and XProtect's definitions already include this trojan, and the date of the XProtect definitions update is October 11, so apparently Apple has quietly been watching for this for more than a week now.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    10/20, 02:27pm | report spam | Reply |

    Re: MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked.

    Links? Ads? Oh, are you not reading MacNN in Firefox with AdBlock set up to block all that clutter? Man, you don't know what you're missing.

    If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News