Archive for the ‘Apple’ Category
Thursday, May 10th, 2012
Update includes fixes to FileVault in Lion and Snow Leopard, as well as QuickTime bugs
Apple yesterday patched 36 vulnerabilities in Mac OS X, most of them critical, plugging a hole that revealed passwords used to encrypt folders with an older version of FileVault.
Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in February.
High on the fix list was one specific to Lion that put FileVault passwords in plain text, where they could easily be read — and thus encrypted folders deciphered — if a Mac was stolen or lost. The software consultant who publicly reported the bug attributed it to a programming error on Apple’s part.
“The login process recorded sensitive information in the system log, where other users of the system could read it,” Apple’s advisory stated. Apple also acknowledged that the plain-text passwords may persist in the Mac’s logs after users update to 10.7.4 and urged them to review a support document that walked through steps to eradicate any that are remaining.
Among the other patches were four Snow Leopard-only fixes quashing bugs that could be exploited via malicious image files; another four in QuickTime, Apple’s media player and browser plug-in; and one in FileVault 2, the full-disk encryption technology used by Lion.
The FileVault 2 flaw caused some date to be left unencrypted when a Mac went into “sleep” mode.
Twenty-one of the 36 vulnerabilities were tagged with Apple’s phrase of “arbitrary code execution,” indicating they were critical flaws that, if exploited by attackers, could result in a Mac malware infection.
Eight of the bugs affected only Snow Leopard.
On Lion, Apple also included a number of nonsecurity fixes it categorized as stability and compatibility improvements. Many of them were related to connecting to network services, such as Microsoft’s Active Directory and that company’s Server Message Block (SMB) file-sharing protocol. Both are used by Macs in enterprises to access corporate resources held on servers running Windows.
Snow Leopard’s update, dubbed “Security Update 201-002,” received no feature improvements.
Yesterday’s update may be the last for Snow Leopard, as Apple seems to be on the fast track for OS X 10.8, aka Mountain Lion, which may ship as soon as late June. Apple typically stops serving security updates to the oldest edition in its support rotation when it finalizes a major operating system upgrade.
Last year, OS X 10.5, or Leopard, received its final security update in late June, about a month before Apple launched Lion. Leopard’s versions of iTunes, QuickTime, and Java, however, were updated after June 2011.
As usual, some users reported problems with the update.
On the Lion support forum, complaints ranged from kernel errors and difficulty reaching a Wi-Fi network to numerous reports of bricked MacBook Pros.
No one problem was dominant in those reports, but the MacBook Pro-not-booting thread was heavily trafficked, with more than 1,500 views since its inception Wednesday afternoon.
Mac OS X 10.7.4 and the separate 2012-002 security update for Snow Leopard can be downloaded from Apple’s support site or installed using the operating system’s built-in update service.
Source:Â infoworld.com
Posted in Apple, OS, Security | No Comments »
Tuesday, May 8th, 2012
Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer.
Apple will launch OS X 10.8, aka Mountain Lion, in the next few months, and then will — baring a change in a decade-old habit — stop serving patches to OS X 10.6, or Snow Leopard.
Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play. If the current OS X is dubbed “n,” then “n-2″ support ends at the debut of “n.”
In other words, patches are provided only to the newest OS X and the one immediately preceding it.
Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer.
Apple will launch OS X 10.8, aka Mountain Lion, in the next few months, and then will — baring a change in a decade-old habit — stop serving patches to OS X 10.6, or Snow Leopard.
Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play. If the current OS X is dubbed “n,” then “n-2″ support ends at the debut of “n.”
In other words, patches are provided only to the newest OS X and the one immediately preceding it.
The company has practiced this since OS X’s birth: The second iteration, 10.1 — dubbed Puma — received its final security update in January 2004, three months after the appearance of OS X 10.4, or Panther.
More recently, Apple snuffed out support for OS X 10.5, aka Leopard, when 10.7, or Lion, shipped. The former got its last security update in June 2011, a month before the latter was released.
If Apple continues this policy, Snow Leopard users will stop seeing patches about the time Mountain Lion ships. Apple has not set a hard date for OS X 10.8′s debut, although it has pegged “late summer.”
But Snow Leopard currently accounts for 41.5% of all versions of OS X, according to Web metrics company Net Applications’ latest statistics. Assuming Snow Leopard’s share continues to drop at the average pace of the last six months, it will still power 34.4% of all Macs in August or 32.6% in September.
With earlier editions included, that means 48.4% of all Macs will be without security updates if Apple stops serving Snow Leopard in August. If it continues patching until September, the number sans fixes drops to 45.9%.
Some security professionals see those numbers as too high, and Apple’s support lifespan too short.
“[OS X] 10.6 released in August 2009, which means that any Mac purchased prior to that date and not subsequently upgraded will be running a version which receives no security support [Emphasis in origin],” Robin Stevens, part of the University of Oxford’s network security team, said in a blog post last month.
“[Apple has] been complacent in terms of their attitude to security and support, especially when compared to their chief competitor [Microsoft],” Stevens added. “By comparison, Apple appear to be making minimal effort, and are putting their customers at risk as a result.”
Stevens wanted Apple to commit to a support lifetime of at least five years.
Other experts don’t see Apple’s support practice as the biggest problem, but instead tagged the company’s notorious silence.
 “The average seems to be about three years,” said Andrew Storms, director of security operations for nCircle Security, talking about the length of time Apple provides security updates for a given edition of OS X. “That’s not bad if you compare it to hardware amortization. But really, the bigger issue is that no one really knows. Apple doesn’t communicate how long it will support a version or a roadmap for future releases.”
John Pescatore, a Gartner analyst, agreed, citing Apple’s lack of a roadmap as the biggest sticking point for companies that increasingly must manage Macs alongside Windows PCs. “That’s not enterprise friendly,” he said.
Apple’s opacity stands in contrast to Microsoft, which has long clearly laid out its support lifecycle, and regularly reminds users when an edition of Windows or Office is nearing its end.
“When they decide to release a new OS X, if you’re behind two [versions], you’re DOA or SOL, take your pick,” said Storms. “But we never see those blogs from Apple that we do from Microsoft reminding that you need to upgrade [to keep receiving security updates].”
Pescatore didn’t have a problem with Apple’s support lifecycle, calling it “in the middle” between Microsoft’s 10-year policy for Windows and the constantly-updating cloud services like Google Apps or Microsoft’s Office 365.
More to the point, Apple’s shorter support stretch is how things are quickly leaning, said Pescatore, ticking off the typical two-year turnover of smartphones and businesses taking to the cloud because of continuous updates.
Customers, including IT managers, better get used to it.
“In the real world, IT is going to have less and less control over the OS,” said Pescatore. “IT really doesn’t want to operate that way — they’ll try to fight it — but they’re going to have to learn how. Fighting the trend is going to be impossible.”
Even though the recent Flashback malware campaign has demonstrated that unsupported Leopard Macs were infected at a rate almost double its market share, Pescatore said the move to shorter support lifespans will continue. And customers will adopt. If they can’t, the market will provide solutions — as it has before for Windows — to keep Macs safer.
And most users can upgrade when Apple releases a new operating system, Pescatore and Stevens noted.
While Apple has yet to define the migration path for Snow Leopard users, it has dropped hints that they may be able to upgrade to Mountain Lion: Snow Leopard machines can be boosted to Mountain Lion’s developers preview.
Source:Â computerworld.com
Tags: Mountain Lion, OS X, Snow Leopard
Posted in Anti-Virus, Apple, Mac, Security, Web | No Comments »
Wednesday, April 11th, 2012
Apple plans to release software that will detect and remove Flashback malware infections on the Mac, the company announced Tuesday. In a knowledge base link published late in the day, Apple explained that it’s aware of the infection—which takes advantage of a previously unpatched Java vulnerability—saying that the software was coming, but no specific release date was given.
In addition to the Flashback detection software, Apple said that it’s “working with ISPs worldwide” to disable the botnet’s command and control (C&C) servers. Kaspersky researcher Kurt Baumgartner told Forbes earlier on Tuesday that “Apple is taking appropriate action by working with the larger Internet security community to shut down the Flashfake [also known as Flashback] C2 domains,” and Apple’s latest efforts seem to coincide with Baumgartner’s statement.
“Apple is developing software that will detect and remove the Flashback malware,” Apple wrote. “In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.”
We have been covering the Mac Flashback trojan since 2011, but the malware recently picked up steam. Last week, Russian security firm Dr. Web reported that it had infected more than half a million Macs worldwide. (The aforelinked Forbes report claimed Apple tried to take down Dr. Web’s sinkhole server for Flashback, but it seems most likely that this was an accidental inclusion in Apple’s attempts to take down the botnet’s C&Cs.)
There are already a couple ways to detect and remove a Flashback infection, but they involve some Terminal kung-fu that less experienced users might not feel comfortable with. Apple’s solution will undoubtedly target mainstream users who have heard about Flashback and want to ensure their Macs remain malware-free.
Source:Â arstechnica.com
Tags: Botnet, Flashback
Posted in Anti-Virus, Apple, Mac, Network, Security, Software, Web | No Comments »
Thursday, April 5th, 2012
Russian antivirus company says half the computers infected with malware designed to steal personal information are in the U.S. — with 274 located in Cupertino
More than half a million Macs are infected with the Flashback Trojan, a malware package designed to steal personal information, according to a Russian antivirus company.
The company — Dr. Web — originally reported today that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif.
More than half of the Macs infected are in the United States (57 percent), while another 20 percent are in Canada, Dr. Web said.
The malware was initially found in September 2011 masquerading as a fake Adobe Flash Player plug-in installer, but in the past few months it has evolved to exploiting Java vulnerabilities to target Mac systems. A new variant that surfaced over the weekend appears to be taking advantage of Java vulnerability for which Apple released a patch yesterday.
As CNET blogger Topher Kessler explains, simply visiting a malicious Web site containing Flashback on an OS X system with Java installed will result in one of two installation routes. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.
Once installed, the Flashback will inject code into Web browsers and other applications like Skype to harvest passwords and other information from those program’s users.
Security company F-Secure has published instructions on how to determine whether a Mac is infected with Flashback.
Source:Â CNET
Tags: Botnet, Mac
Posted in Anti-Virus, Apple, Security, Web | No Comments »
Friday, March 30th, 2012
Researchers have uncovered a malware-based espionage campaign that subjects Mac users to the same techniques that have been used for years to surreptitiously siphon confidential data out of Windows machines.
The recently discovered campaign targets Mac-using employees of several pro-Tibetan non-governmental organizations, and employs attacks exploiting already patched vulnerabilities in Microsoft Office and Oracle’s Java framework, Jaime Blasco, a security researcher with AlienVault, told Ars. Over the past two weeks, he has identified two separate backdoor trojans that get installed when users open booby-trapped Word documents or website links included in e-mails sent to them. Once installed, the trojans send the computer, user, and domain name associated with the Mac to a server under the control of the attackers and then await further instructions.
“This particular backdoor has a lot of functionalities,” he said of the most recent trojan he found. Victims, he said, “won’t see almost anything.”
Blasco’s findings, which are documented in blog posts here and here, are among the first to show that Macs are being subjected to the same types of advanced persistent threats (APTs)  that have plagued Windows users for years—not that the shift is particularly unexpected. As companies such as Google increasingly adopt Macs to limit their exposure to Windows-dependent exploits, it was inevitable that the spooks conducting espionage on them would make the switch, too.
“What [attackers] have been installing via APT-style, targeted attack campaigns for Windows, they’re now starting to do for Macs, too,” said Ivan Macalintal, a security researcher at antivirus provider Trend Micro. Macalintal has documented some of the same exploits and trojans Blasco found.
Another researcher who has confirmed the findings is Alexis Dorais-Joncas, Security Intelligence Team Leader at ESET. In his own blog post, he documented the encryption one of the trojans uses to conceal communications between infected Macs and a command and control server. He also described a series of queries sent to a test machine he infected that he believes were manually typed by a live human at the other end of the server. They invoked Unix commands to rummage through Mac folders that typically store browser cookies, passwords, and software downloads.
Commands monitored by ESET researcher Alexis Dorais-Joncas. They appear to
have been manually typed in real time by someone at the other end of a command
and control server. blog.eset.com
“The purpose here clearly is information stealing,” he wrote.
He noted that the backdoor he observed was unable to survive a reboot on Macs that weren’t running with administrator privileges. That’s because the /Library/Audio/Plug-Ins/AudioServer folder used to stash one of the underlying malware files didn’t allow unprivileged users to save data there. A more recent trojan analyzed by AlienVault’s Blasco has overcome that shortcoming, by saving the file in the less-restricted /Users/{User}/Library/LaunchAgents/ folder, ensuring it gets launched each time the user’s account starts.
The backdoors are installed by exploiting critical holes in two pieces of software that are widely used by Mac users. One of the vulnerabilities, a buffer overflow flaw in Microsoft Office for the Mac, was patched in 2009, while the other, an unspecified bug in Java, was fixed in October. The Java exploit is advanced enough that it reads the user agent of the intended victim’s browser, and based on the results unloads a payload that’s unique to machines running either Windows or OS X.
Reports of malware that target Macs have risen steadily over the past 36 months. Most of the reported infections rely on the gullibility of users, tricking them into believing their systems are already compromised and can be disinfected by downloading and installing a piece of rogue antivirus software. Others have exploited software weaknesses to install data-stealing trojans, often requiring little interaction on the part of users. While these reports are more rare, they date back to at least July 2010.
In his blog post, Trend Micro’s Macalintal said the Word exploit he observed “dropped a Gh0stRat payload,” a reference to a huge malware-based spy network uncovered three years ago that infiltrated government and private offices in 103 countries. The Word exploit works by embedding Mac-executable files known as “Mach-Os” into the booby-trapped document file, Macalintal added.
Seth Hardy, a Senior Security Analyst who has been monitoring espionage attacks on pro-Tibetan groups for an organization called Citizen Lab, said it’s too early to know if the recent campaign is related to Gh0stRat. Hardy—whose Citizen Lab was a principal organization for the research and publication of the Tracking Ghostnet and Shadows in the Cloudcyber espionage reports and is based at the Munk School of Global Affairs—went on to say that Macs are likely to play are growing role in future attacks.
“While APT-for-Mac (iAPT?) isn’t exactly new, it does seem like the attackers are catching on that many of these organizations use Macs more than the general public,” he wrote in an e-mail. “It’s also interesting that the attackers are developing multi-platform attacks: we’ve seen the Mac malware bundled with similar Windows malware, and the delivery system will identify the user’s operating system and run the appropriate program.”
Source:Â arstechnica.com
Tags: Mac, malware
Posted in Anti-Virus, Apple, Microsoft, OS, Security | No Comments »
Thursday, November 3rd, 2011
If you plan on running multiple operating systems on your Mac, one route you can take besides a direct installation like Windows in Boot Camp is to use a virtual machine, which installs the OS within OS X so it and its applications will run alongside your OS X applications.
There are several virtualization options for OS X, including VMware Fusion and Parallels Desktop, both of which offer robust solutions for running multiple operating systems that integrate the guest operating system well with the Mac OS. Recently, Parallels released an update to its latest version of Parallels Desktop that, in addition to a round of bug fixes, includes new options for installing and managing operating systems.
In Parallels Desktop 7, the new Wizard interface for setting up virtual machines has a Convenience Store feature for purchasing copies of Windows, in addition to direct links for downloading and installing other popular operating systems such as Ubuntu, Chrome, and Fedora, and even installing OS X Lion using its Recovery HD partition.
 With the latest update, the Parallels Wizard now includes a quick way to access and install the latest Windows 8 developer preview in a virtual machine so you can test out Microsoft’s latest OS. In addition, the update also provides a way to install OS X Lion directly from the Lion installation application that you download from the Mac App Store. While you could previously install Lion from the Mac App Store download, you first needed to open the installer package and access the InstallESD image file directly. Now you just need to select the installer application to install Lion.
While it may seem a bit odd to install Lion within Lion, in some instances it may be a useful thing to do, for example if you wish to test a software package before installing it in your main OS. Sequestering the software on a virtual machine will help you see how it installs and how it may run, and if a problem occurs you can easily remove the virtual machine and set it up again.
The update to Parallels Desktop 7 is available through the Parallels Desktop updater (access this from the Parallels menu within the program), but also can be downloaded from the Parallels Desktop Web site.
Source:Â CNET
Tags: Lion, OS X, Parallels, VMware
Posted in Apple, Microsoft, OS | No Comments »
Thursday, October 27th, 2011
The Linux-based Tsunami backdoor trojan has made its way over to the Mac, according to security firm ESET. The company posted to its blog (hat tip to Macworld) that a Mac-specific variant, OSX/Tsunami.A has made an appearance on the trojan scene, though ESET made no mention of whether it was gaining any traction among users.
ESET’s Robert Lipovsky wrote on Wednesday that the code for OSX/Tsunami.A was ported from the Linux version of the trojan that the company has been tracking since 2002. Hard-coded is a list of IRC servers and channels, which the trojan tries to connect to in order to listen for malicious commands sent from those channels.
Lipovsky published a list of the commands pulled from the Linux variant of Tsunami, but the general gist is that the trojan can open a backdoor to perform DDoS attacks, download files, or execute shell commands. Tsunami has “the ability to essentially take control of the affected machine.”
Security firm Sophos also acknowledged the appearance of the Mac-targeted Tsunami backdoor, but reminded users that there is still “far less malware [in] existence for Mac OS X than for Windows.” Still, the company says the problem is real and that users should protect themselves with anti-malware software. “We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future,” Sophos’ Graham Cluley wrote. “If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying.”
Source:Â arstechnica.com
Tags: Trojan, Tsunami
Posted in Anti-Virus, Apple, Linux, Mac, OS, Security, Server, Web | No Comments »
Tuesday, October 18th, 2011
 If you get information on files and folders in the OS X Finder you will see the access permissions for the items listed at the bottom of the information window.
The items in this list are generally the username of the file’s owner, the primary group associated with the owner, and then an “everyone” group; however, there may be situations where the system will not display a group, and instead will show a persistent “Fetching…” notification.
This situation may happen because the system cannot properly identify the group that is associated with the file. In OS X, permissions work by user and group identification numbers being associated with files in the filesystem index, and when you access the file the system looks up these identification numbers in the system directory (the user and group database). There also may be a situation where a user-specific group (i.e., one that is the same name as the current user account) is being used as the default group for a file.
If a username or group is missing, then the system should display something like “unknown” for the respective permissions, but may also continually search for a match and display “Fetching…” while this is under way.
This mismatching may happen after a system has been upgraded, or if you have restored one from backup or migrated it from another system, and generally lies in how the permissions in the filesystem are stored rather than there being a problem with the system’s directory setup.
If this is happening to you, then your best bet would be to ensure that your account is associated with the proper group, followed by resetting permissions on your home folder, which can be done with the OS X installation DVD or the OS X Lion recovery partition.
In OS X, local user accounts are members of the “staff” group, with system administrator accounts being members of the “admin” group. To make sure that your account is associated with the proper group, when logged in to your account run the following in the Terminal:
sudo dscl . -append /Groups/GROUPNAME GroupMembership `whoami`
Be sure to change the “GROUPNAME” text to the proper group of either “staff” or “admin,” and also note that the “whoami” is encompassed in grave accents (the symbol under the tilde key on U.S. English keyboards) instead of single quotes. When this is done, reset the home folder permissions on your system, the procedure for which will depend on what system you are using:
In OS X Prior to Lion:
- Insert the OS X Installation DVD and reboot with the “C” key held down.
- After selecting your language, choose “Reset Password” from the “Utilities” menu.
- Select your hard drive and then select your user account from the drop-down menu.
- Click the “Reset” button next to “Reset Home Directory Permissions and ACLs.”
- Select “Restart” from the Apple menu to reboot normally.
In OS X Lion:
- Reboot and hold “Command-R” to get to the recovery partition.
- Choose your language and select “Terminal” from the Utilities menu.
- Enter “resetpassword” in the Terminal to open the same password reset utility.
- Continue with step three in the instructions above.
Doing this should make sure that the permissions and user/group associations for files in your home directory are based on usernames and groups that are in the user account. Do keep in mind that this will only affect the files and folders in your home directory and not any of those that you have placed elsewhere, such as on external hard drives or within system directories.
Lastly, in addition to ensuring user accounts are set up properly, use Disk Utility to run a permissions fix routine on the boot drive, which should make certain that system folder permissions are also set up so files and folders can be properly accessed. When performing a permissions fix, do not worry about repeated errors in Disk Utility’s log window. Just run the fix routine once and then quit Disk Utility.
Some people may find that after fixing account and system permissions that their battery lives might also significantly increase and the system becomes more responsive, as it spends less time resolving group conflicts and more freely looks up group associations.
Source:Â CNET
Tags: OS X
Posted in Apple, Mac | No Comments »
Tuesday, September 27th, 2011
 Hot on the heels of last week’s Mac malware posing as a PDF is a new piece of malware posing as something even more insidious: a Flash player installer. Security firm Intego was the first to post about the new malware on its blog, noting that although the company has only received one report so far from a user who downloaded it, the malware does exist in the wild and may trick Mac users who don’t yet have Flash installed.
The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.
Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, “allowing it to inject code into applications the user launched.” The trojan then reports back to a remote server about the user’s MAC address and allows the server to detect whether the Mac in question has been infected or not.
The threat is currently marked as “low,” but Mac users are advised to follow safe security practices—don’t open files or attachments that you don’t remember downloading, and turn off Safari’s setting for opening safe files automatically. It’s also worth noting that Apple now updates its malware definition file on a daily basis, and has already updated it to address the PDF trojan discussed last week. If you haven’t already scoured the Internet for a malicious version of the Flash installer, then it’s likely Apple will have added the new malware to the file by the time you run into it.
Source:Â arstechnica.com
Tags: Flash, Trojan
Posted in Anti-Virus, Apple, Mac, OS, Security, Software, Web | No Comments »
Saturday, September 24th, 2011
Malware continues to be a minimal threat to most Mac users, but that doesn’t mean attackers aren’t constantly trying to come up with new ways to steal information or turn users’ machines into botnet drones. The latter appears to be the case with a new Mac trojan posing as a PDF file, discovered by security researchers at F-Secure.
The malware in question has been identified as Trojan-Dropper:OSX/Revir.A, which installs a backdoor, Backdoor:OSX/Imuler.A, onto the user’s Mac. Currently, however, the backdoor doesn’t communicate with anything. The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Because of this, users who might fall victim to this attack aren’t likely to see many ill effects for the time being, but that could change if the files end up spreading to a wider audience.
As mentioned earlier, this trojan spreads by masking itself as a PDF, which displays a Chinese-language document on the screen in an attempt to hide its background activity. This isn’t a new strategy on the surface, as F-Secure notes, but some deeper digging indicates that it might be stealthier than its Windows counterparts.
“This malware may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a ‘.pdf.exe’ extension and an accompanying PDF icon,” reads the post on F-Secure’s blog. “The sample on our hand does not have an extension or an icon yet. However, there is another possibility. It is slightly different in Mac, where the icon is stored in a separate fork that is not readily visible in the OS. The extension and icon could have been lost when the sample was submitted to us. If this is the case, this malware might be even stealthier than in Windows because the sample can use any extension it desires.”
As for how this trojan is spreading, that’s a bit of a mystery. The researchers noted that they’re not yet sure of the methods it uses to propagate, but they believe the most likely explanation is that it’s circulating via e-mail attachment.
Source:Â arstechnica.com
Tags: Botnet, PDF
Posted in Anti-Virus, Apple, Mac, OS, Security, Software, Web | No Comments »
|
Mikko Hypponen @mikko 
Sorokin Ivan @hexminer 
