Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

malware posts

Filed under: Security, Snow Leopard

Malware detection coming in Snow Leopard?

We usually look at news updates and blog posts from antivirus vendor Intego with a bit of a gimlet eye, since the company has been known to spread a little bit of that good old FUD when it comes to the everyday risk of malware faced by most Mac users (that is to say, pretty much none). Today, however, the Intego blog pointed out an unheralded feature of the forthcoming Mac OS X 10.6 Snow Leopard update: some basic malware checking built into the operating system, reported by users of the beta version.

As the post notes (and sites such as The Register and ZDnet corroborate), when a problematic DMG is downloaded or mounted -- containing one of two known malware components -- the Finder throws the alert pictured above, warning the user not to install the software in question and to throw away the disk image. While this is a nice touch for the two security risks in question, The Register notes that the filter appears to only catch files downloaded through some of the more common apps (Mail.app, Entourage, Safari, Firefox and iChat among them) but not files copied over from removable media. It doesn't cover the wider gamut of threats out there, nor would it detect or block Windows malware that a Mac user could unwittingly transmit; for all of those scenarios, a true AV app (paid or free) is what the doctor ordered.

You can keep up with all the latest Snow Leopard news via our category page.

Filed under: Analysis / Opinion, Software

Better safe than sorry? Trend Micro Smart Surfing for Mac

Earlier this week, PC security app vendor Trend Micro announced a new product aimed at Mac users. Smart Surfing for Mac (US$69.95 per user per year) provides antivirus, anti-spyware, anti-rootkit, and web threat protection, and also has a two-way firewall built in.

This, of course, brings up the old debate for Mac users. On the one hand, our 10% of the personal computing market is virtually free of the virus and malware attacks that plague the Windows world. On the other hand, should you be concerned enough to consider purchasing protection that might be overkill?

Some of the features of Smart Surfing for Mac could be very useful for users who might otherwise be in danger of certain nefarious schemes. For example, it blocks visits to dangerous websites and has anti-phishing capabilities. While I know enough to check the real URL of links in emails by simply hovering my cursor above them, there are a frightening number of people who don't do this and who are at real risk of phishing scams. Parents might like Smart Surfing for Mac for their kids, as it restricts access by content categories, controls IM access, and also lets you block certain websites.

Are products like Smart Surfing for Mac expensive overkill, or are they cheap insurance against the remote chance of actually getting hit with a Mac virus, malware, or a scam? Let's hear your opinion in the comments section!

Filed under: Enterprise, Security, Found Footage

Sophos video shows Mac trojan caught in the act


Apple Mac malware: Caught on camera from Sophos Labs on Vimeo.

It's not every day that you can watch Mac malware in action, but the team at Sophos Labs has put together the demonstration video above; it shows a malicious installer downloaded from a site pretending to serve up an HD video player, which actually carries the RSPlug-F trojan. Even though Mac users would still have to provide admin credentials to install the application (unlike Windows users, who might catch the Zlob malware just by visiting the webpage), it would be perfectly natural to go ahead and authenticate after downloading an installer... but not a good idea in this case. The fake site and bogus application are appearing in two versions, one billed as MacCinema and another trying to steal the goodwill of a legitimate Windows app called HDTV Player (the real app is from blazevideo.com).

RSPlug-F does try to change your DNS settings to point at bad-guy controlled servers, which could conceivably result in you being redirected to malicious or phony sites; however, if your ISP is on the ball, those bogus DNS servers are already blocked. The only way to catch this bit of malware is via the installer, but it's easy to see how an innocent Mac user might be fooled by the convincing-seeming download site.

[H/T Ars Technica Infinite Loop]

Filed under: Security

Intego: Adobe CS4 crack app has variant of iServices trojan

The folks over at Intego let the world know about a new trojan making the rounds along with copies of an application designed to crack Adobe Creative Suite 4. They consider the risk "serious."

If you don't download software using peer-to-peer tools like BitTorrent, then you're perfectly safe. You can stop reading this story, if you like. If you're one of the 5,000 people who recently downloaded and installed the serial crack, then you have a bad day ahead of you.

The malware, after asking for your administrator password, installs an executable with a random name in /var/tmp, a folder that isn't deleted when the computer restarts.

The randomly-named program will install itself in /usr/bin/DivX, create a startup item in /System/Library/StartupItems/DivX, and if it has root privileges, save a hash of your password in the file /var/root/.DivX.

The software then listens on a random TCP port and awaits instructions from its evil overlords. With an infected computer's root password, those in control of the software will be able to execute commands on the infected computer, including deleting files and performing malicious network tasks.

Late last week, pirated copies of iWork '09 were infected with similar malware.

Intego VirusBarrier X4 and X5, as you might imagine, protect you against the Trojan. Either looking for (and removing) the files mentioned above or using a virus removal utility is recommended.

Also recommended: Not downloading pirated software (and their associated tools) on peer-to-peer networks. If you do choose to get your software that way, you have nobody to blame but yourself if your system gets infected.

Filed under: Software, Security

New Mac OS X malware - OSX_LAMZEV.A

Computer security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of infected Macs. This is the second report of Mac OS X malware this week.

This is not a virus, and users must actually launch the app for it to install its payload. Once running, the app also asks which firewall port it can use. Trend Micro reports that "Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems."

Many Mac OS X-based malware seems to be similar in nature, requiring users to actually launch the installer and give it permission to install the payload. Unlike Windows-based malware, you shouldn't need to install any anti-malware apps to annoy you and slow down your Mac. Just make sure to follow the basic rules of Internet safety -- don't install applications that aren't legitimate or visit Web sites that you don't trust.

For more details, be sure to visit the Trend Micro Virus Encyclopedia.

Filed under: Security

New variant of RSPlug trojan making the rounds


Our friends at Intego sent out an alert this morning, warning users about a new variant of the RSPlug trojan horse, found on several adult websites. The risk to users is classified as "medium."

RSPlug trojans, themselves a form of DNSChanger, change local DNS settings to redirect to phishing sites for banks, PayPal, and eBay. All these trojans must be downloaded at the user's request, and an administrator password has to be supplied.

When visiting certain sites, the user is alerted that there is a "Video ActiveX Object Error" and is told that their "Browser cannot play this video file." The alert instructs the user to download the "missing Video ActiveX Object." If the user clicks OK, a disk image called "cleanlive.dmg" downloads (which may change in the future). Depending on the user's browser settings, this disk image may mount and installation may automatically start.

Intego VirusBarrier X5 users are, as you might imagine, already protected. Updating your virus definitions today will improve detection.

And, as always, be careful where you put your mouse online.

Filed under: Security

'MacGuard' double-plus ungood, avoid

The fine folks at Intego sent out a warning this morning about MacGuard, a bogus piece of software that claims to clean up your system and remove adware, spyware, and trojans. It doesn't.

According to the warning, MacGuard is simply a clone of a Windows app called WiniGuard. The company releasing the software, Innovagest 2000 SL, may be using the credit card numbers they harvest during the purchase process for "nefarious purposes."

WiniGuard "hijacks the user's desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program," according to Sunbelt Malware Research Labs.

While our fine readers wouldn't get suckered into such a scheme, parents, grandparents, aunts and uncles might not be so educated. If you know someone with a Mac who might fall for this, do them a favor and forward them this warning.

The MacGuard website is at macguard.net.

Filed under: Odds and ends, Security

Macworld explains how not to get bitten by malware

We recently mentioned the new OS X malware that's floating around the (nether side) of the net these days. Over at Macworld, Rob Griffiths has an extensive article discussing the ways you can tell if a piece of downloaded software is fishy. The tips range from the obvious (only download from trusted sources) to the arcane (diving into packages to examine the installer components). The overall strategy is to examine the software carefully and look for tell-tale signs that it's not legitimate.

In any case, it should give you a good set of strategies to use when evaluating a questionable download.

Tip of the Day

Holding the Command key (aka the Apple key) and pressing Tab will cycle through your open applications. It's easier to Cmd-Tab if you are Copy (Cmd-C) and Pasting (Cmd-V) to and from various applications.


Follow us on Twitter!
 TUAW [Cafepress]

Featured Galleries

DNC Macs
Macworld 2008 Keynote
Macworld 2008 Build-up
Google Earth for iPhone
Podcaster
Storyist 2.0
AT&T Navigator Road Test
Bento for iPhone 1.0
Scrabble for iPhone
Tom Bihn Checkpoint Flyer Briefcase
Apple Vanity Plates
Apple booth Macworld 07
WorldVoice Radio
Quickoffice for iPhone 1.1.1
Daylite 3.9 Review
DiscPainter
Mariner Calc for iPhone
2009CupertinoBus
Crash Bandicoot Nitro Kart 3D
MLB.com At Bat 2009
Macworld Expo 2007 show floor

 

More Apple Analysis

AOL Radio TUAW on Stitcher