toggle

AAPL Stock: 99.02 ( + 1.35 )

Printed from http://www.macnn.com

Mac Trojan attempts to disable OS X anti-malware safeguards

updated 01:40 pm EDT, Wed October 19, 2011

Could open affected Macs to other attacks

A Mac Trojan now in circulation attempts to disable OS X's built-in anti-malware protection, known as XProtect, according to security firm F-Secure. Identified with the label OSX/Flashback.C, the Trojan first decrypts the paths of XProtectUpdater files, then unloads the XProtectUpdater daemon. To finish the job, the malware then overwrites the XProtectUpdater files with a blank character.

Without XProtectUpdater in action, OS X can no longer fetch further updates to its list of definitions, making it possible for subsequent attacks to go unchallenged. F-Secure remarks that it's common for malware to try to disable a computer's defenses. Flashback.C, though, may be the first Mac-oriented malware to intentionally try crippling XProtect. The technology is built into OS X Lion, as well as recent versions of Snow Leopard.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. bdmarsh

    Joined: Dec 1969

    +13

    how is it circulating?

    Would be nice to know how this one is packaged.

  1. eldarkus

    Joined: Dec 1969

    +4

    comment title

    Top notch reporting, as always. How is it being spread?

    it also says "attempts". It either works or it doesn't work. Which is it?

  1. Grendelmon

    Joined: Dec 1969

    +3

    For real reporting, here you go:

    http://www.macrumors.com/2011/10/19/tweaked-trojan-disables-automatic-updating-of-os-x-anti-malware-tools/

  1. Mr. Strat

    Joined: Dec 1969

    0

    FUD time again

    Uh-oh...a company that sells anti-virus software is warning us about a possible infection.

  1. blue80907

    Joined: Dec 1969

    +1

    MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked. If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

  1. bdmarsh

    Joined: Dec 1969

    +3

    ah, fake Flash Installer

    so that is how it is being spread. Fake Flash Installer trojan.

  1. The Vicar

    Joined: Dec 1969

    0

    Possibly old news?

    I just checked, and XProtect's definitions already include this trojan, and the date of the XProtect definitions update is October 11, so apparently Apple has quietly been watching for this for more than a week now.

  1. testudo

    Joined: Dec 1969

    0

    Re: MacNN (NN=no news)

    This site with their stupid java links putting ads EVERY where and their bs and incomplete reporting should be nuked.

    Links? Ads? Oh, are you not reading MacNN in Firefox with AdBlock set up to block all that clutter? Man, you don't know what you're missing.

    If a website asks you to update your flash, go to adobe and download and install it there. You will be safe. Unix is a very secure OS and is only prone to ID 10 T errors (IDIOT), which means EVERYTHING infecting a mac would have to be socially engineered. This may change but not the case now. Just be careful what you install with your admin password and you'll be safe.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

toggle

Most Commented