Intego Discovers New Mac OS X Threat, Apple Rolls Back Security Software Recommendations
According to Intego, company best known for their VirusBarrier X5 Mac security solution, a new threat for the Mac OS X has been detected in the wild. The threat, which has been identified as an RSPlug Trojan variant, has the potential of infecting Mackies that attempt to watch videos online. In related news, after the internet came alight with the Apple security software recommendations, the Cupertino based company has resorted to taking them down from their support page.
The security threat that Intego has discovered is very similar to the other threats we’ve seen lately, such as the Lamezev.A Trojan, and the SX/Jahlav-A Trojan, mainly in the way the spread of this malware is carried out. If you surf the web in search of pornographic material (isn’t that what the internet is for?), you may run into a web page that pretends to host some incredibly arousing video footage, but before you can do so you need to download a codec or Active X object. Once you get to this point you have only two options: either download the malware onto your machine, or close the browser altogether (since you will not be able to get rid of that annoying notification otherwise).
Intego explains: “This new version, however, has some interesting differences with the previous versions. The samples Intego has seen, named FlashPlayer.v3.348.dmg and FlashPlayer.v..dmg, contain code that refers to Intego. The actual malware code is encoded (using a standard routine called uuencode), and when it is decoded, a line of code is present saying: “begin 666 Intego”. This tells the system to create a file with read and write permissions (the 666 is a shortcut for Unix permissions, not anything to do with the “number of the beast”), and to create a file, containing the malicious code, named “Intego”. Intego wants to point out that the company obviously has nothing to do with the creation of this malware, and that the choice of this file name is a provocation from the creator of this malware.”
In related news, the Mac OS X security software recommendations we reported upon a little while back, are no longer hosted by Apple. As it turns out those recommendations were posted online since last year, just that in a somewhat different form and on another web page. After the intense media attention, Apple has come out and said that its Mac OS X has built in security features meant to protect users from online threats, and is as safe as it always was. Even though the recommendations may not have been new, this does not change the fact that Apple itself advised Mackies to install and run security software solutions on their Mac OS X.
The point that Apple tried to make with those recommendations is this: it is a good idea to use some form of security software on your Mac, just that Apple will not openly back just one manufacturer or just one product. Using just one security solution would not be a sound idea simply because someone with malicious intent would have less of a hard job; using several security solutions on the same machine is also not a good idea as it may lead to system slowdowns and compatibility issues. The idea is that one Mac user should employ a certain security solution; another user should use another security solution, and so on – with diversity comes and added level of security, as opposed to everyone using the same product (or everyone not using anything at all).
According to Graham Cluley from Sophos, there are several facts that one must keep in mind when it comes to Mac OS security: Apple’s market share is on the up and up, making it an attractive target for malware spreaders; some of the Windows security threats one can encounter online have the potential to infect Macs as well; Mackies have not been taking the issue of security as seriously as Windows users, even though they can just as easily be tricked into downloading malware onto their machines; last but not least, the number of security threats that target the Mac OS are only expected to rise in the future (just as Apple sales and the number of people that start using Macs).
The security threat that Intego has discovered is very similar to the other threats we’ve seen lately, such as the Lamezev.A Trojan, and the SX/Jahlav-A Trojan, mainly in the way the spread of this malware is carried out. If you surf the web in search of pornographic material (isn’t that what the internet is for?), you may run into a web page that pretends to host some incredibly arousing video footage, but before you can do so you need to download a codec or Active X object. Once you get to this point you have only two options: either download the malware onto your machine, or close the browser altogether (since you will not be able to get rid of that annoying notification otherwise).
Intego explains: “This new version, however, has some interesting differences with the previous versions. The samples Intego has seen, named FlashPlayer.v3.348.dmg and FlashPlayer.v..dmg, contain code that refers to Intego. The actual malware code is encoded (using a standard routine called uuencode), and when it is decoded, a line of code is present saying: “begin 666 Intego”. This tells the system to create a file with read and write permissions (the 666 is a shortcut for Unix permissions, not anything to do with the “number of the beast”), and to create a file, containing the malicious code, named “Intego”. Intego wants to point out that the company obviously has nothing to do with the creation of this malware, and that the choice of this file name is a provocation from the creator of this malware.”
In related news, the Mac OS X security software recommendations we reported upon a little while back, are no longer hosted by Apple. As it turns out those recommendations were posted online since last year, just that in a somewhat different form and on another web page. After the intense media attention, Apple has come out and said that its Mac OS X has built in security features meant to protect users from online threats, and is as safe as it always was. Even though the recommendations may not have been new, this does not change the fact that Apple itself advised Mackies to install and run security software solutions on their Mac OS X.
The point that Apple tried to make with those recommendations is this: it is a good idea to use some form of security software on your Mac, just that Apple will not openly back just one manufacturer or just one product. Using just one security solution would not be a sound idea simply because someone with malicious intent would have less of a hard job; using several security solutions on the same machine is also not a good idea as it may lead to system slowdowns and compatibility issues. The idea is that one Mac user should employ a certain security solution; another user should use another security solution, and so on – with diversity comes and added level of security, as opposed to everyone using the same product (or everyone not using anything at all).
According to Graham Cluley from Sophos, there are several facts that one must keep in mind when it comes to Mac OS security: Apple’s market share is on the up and up, making it an attractive target for malware spreaders; some of the Windows security threats one can encounter online have the potential to infect Macs as well; Mackies have not been taking the issue of security as seriously as Windows users, even though they can just as easily be tricked into downloading malware onto their machines; last but not least, the number of security threats that target the Mac OS are only expected to rise in the future (just as Apple sales and the number of people that start using Macs).
