toggle

AAPL Stock: 562.29 ( -3.03 )

Mac Trojan attempts to disable OS X anti-malware safeguards

updated 01:40 pm EDT, Wed October 19, 2011

Could open affected Macs to other attacks


A Mac Trojan now in circulation attempts to disable OS X's built-in anti-malware protection, known as XProtect, according to security firm F-Secure. Identified with the label OSX/Flashback.C, the Trojan first decrypts the paths of XProtectUpdater files, then unloads the XProtectUpdater daemon. To finish the job, the malware then overwrites the XProtectUpdater files with a blank character.

Without XProtectUpdater in action, OS X can no longer fetch further updates to its list of definitions, making it possible for subsequent attacks to go unchallenged. F-Secure remarks that it's common for malware to try to disable a computer's defenses. Flashback.C, though, may be the first Mac-oriented malware to intentionally try crippling XProtect. The technology is built into OS X Lion, as well as recent versions of Snow Leopard.


by MacNN Staff

print
email
(8)

TAGS :

 security, Snow Leopard, OS X, Lion

Related Articles

Recent Articles

toggle

Comments

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +13
    10/19, 01:54pm | report spam | Reply |

    how is it circulating?

    Would be nice to know how this one is packaged.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004

    +4
    10/19, 03:09pm | report spam | Reply |

    comment title

    Top notch reporting, as always. How is it being spread?

    it also says "attempts". It either works or it doesn't work. Which is it?

  1. Grendelmon

    Fresh-Faced Recruit

    Joined: Dec 2007

    +3
    10/19, 03:37pm | report spam | Reply |

    For real reporting, here you go:

    http://www.macrumors.com/2011/10/19/tweaked-trojan-disables-automatic-updating-of-os-x-anti-malware-tools/

  1. Mr. Strat

    Fresh-Faced Recruit

    Joined: Jan 2002

    0
    10/19, 03:41pm | report spam | Reply |

    FUD time again

    Uh-oh...a company that sells anti-virus software is warning us about a possible infection.

  1. blue80907

    Fresh-Faced Recruit

    Joined: Mar 2005

    +1
    10/19, 04:58pm | report spam | Reply |

    MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked. If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

  1. bdmarsh

    Fresh-Faced Recruit

    Joined: Feb 2006

    +3
    10/19, 05:23pm | report spam | Reply |

    ah, fake Flash Installer

    so that is how it is being spread. Fake Flash Installer trojan.

  1. The Vicar

    Fresh-Faced Recruit

    Joined: Jul 2009

    0
    10/19, 10:48pm | report spam | Reply |

    Possibly old news?

    I just checked, and XProtect's definitions already include this trojan, and the date of the XProtect definitions update is October 11, so apparently Apple has quietly been watching for this for more than a week now.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    10/20, 02:27pm | report spam | Reply |

    Re: MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked.

    Links? Ads? Oh, are you not reading MacNN in Firefox with AdBlock set up to block all that clutter? Man, you don't know what you're missing.

    If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News