toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Mac Trojan attempts to disable OS X anti-malware safeguards

updated 01:40 pm EDT, Wed October 19, 2011

Could open affected Macs to other attacks

A Mac Trojan now in circulation attempts to disable OS X's built-in anti-malware protection, known as XProtect, according to security firm F-Secure. Identified with the label OSX/Flashback.C, the Trojan first decrypts the paths of XProtectUpdater files, then unloads the XProtectUpdater daemon. To finish the job, the malware then overwrites the XProtectUpdater files with a blank character.

Without XProtectUpdater in action, OS X can no longer fetch further updates to its list of definitions, making it possible for subsequent attacks to go unchallenged. F-Secure remarks that it's common for malware to try to disable a computer's defenses. Flashback.C, though, may be the first Mac-oriented malware to intentionally try crippling XProtect. The technology is built into OS X Lion, as well as recent versions of Snow Leopard.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. bdmarsh

    Joined: Dec 1969

    +13

    how is it circulating?

    Would be nice to know how this one is packaged.

  1. eldarkus

    Joined: Dec 1969

    +4

    comment title

    Top notch reporting, as always. How is it being spread?

    it also says "attempts". It either works or it doesn't work. Which is it?

  1. Grendelmon

    Joined: Dec 1969

    +3

    For real reporting, here you go:

    http://www.macrumors.com/2011/10/19/tweaked-trojan-disables-automatic-updating-of-os-x-anti-malware-tools/

  1. Mr. Strat

    Joined: Dec 1969

    0

    FUD time again

    Uh-oh...a company that sells anti-virus software is warning us about a possible infection.

  1. blue80907

    Joined: Dec 1969

    +1

    MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked. If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

  1. bdmarsh

    Joined: Dec 1969

    +3

    ah, fake Flash Installer

    so that is how it is being spread. Fake Flash Installer trojan.

  1. The Vicar

    Joined: Dec 1969

    0

    Possibly old news?

    I just checked, and XProtect's definitions already include this trojan, and the date of the XProtect definitions update is October 11, so apparently Apple has quietly been watching for this for more than a week now.

  1. testudo

    Joined: Dec 1969

    0

    Re: MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked.

    Links? Ads? Oh, are you not reading MacNN in Firefox with AdBlock set up to block all that clutter? Man, you don't know what you're missing.

    If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented