Variation on Mac trojan disables built-in OS X malware protections

The anti-malware protections that are built into Mac OS X could be at risk thanks to a newer Mac trojan. The trojan in question, Trojan-Downloader:OSX/Flashback.C, was discovered by researchers at F-Secure—it's a variation on the Mac trojan discovered in September that poses as a Flash Player installer, OSX/Flashback.A. The new version still poses as a Flash Player installer, but its creators have kicked things up a notch by instructing it to disable Apple's automatic updating mechanism for its system-wide malware application, meaning that those who fall victim may never receive updates from Apple to remove the trojan.

Apple added some basic malware protections into Mac OS X in 2009 as part of 10.6 Snow Leopard, but the feature became more widely known after the great Mac Defender Scare of 2011. As part of a security update issued in May, Apple not only added the ability to detect the Mac Defender trojan and its variants, the company also made it possible for its software to automatically update its malware definitions on a daily basis. After performing that update, Mac users are generally protected from Mac-targeted attacks as long as that feature, called XProtect, can stay up-to-date.

But now thanks to Flashback.C, that feature is somewhat at risk. According to F-Secure, after users enter their admin passwords into the fake Flash installer, Flashback.C decrypts the paths within XProtectUpdater and proceeds to unload the XProtectUpdater daemon. After that, the malware overwrites the files with an empty space, decimating key files that XProtect needs in order to receive regular updates from Apple.

"Attempting to disable system defenses is a very common tactic for malware—and built-in defenses are naturally going to be the first target on any computing platform," F-Secure wrote on its blog.

http://arstechnica.com/apple/news/2011/10/variation-on-mac-malware-disables-built-in-os-x-malware-protections.ars


" Eeww, PCs suck because Mac's never have problems from viruses or trojans, I don't worry, PC's suck"

To everything turn, turn, turn, there is a season turn, turn, turn.....

have finally cottoned on that Apple is just another corporate behemoth that doesn't give a fig about anything but profits, exactly like MS.

SEE! Someone created a Mac virus that doesn't do anything to anyone...oh, wait, I have a new e-mail message I have to click on that will probably bring down my machine. MAX SUK!

The insufferable mac users aren't so invulnerable.

You have a warped personality if you wish bad things on people because of the brand of computer they own.

Thanks for saying it!

:toast:

I am a Mac user and I am not insufferable. I still love my Mac. Had so many problems with PCs to even list.

as usual

The ONLY reason they weren't targetted much before was because they had such a small market share. This was literally inevitable. They've sold themselves on the belief that Macs are more inherently secure, but that has never been true. They do lack some of the intrinsic vulnerabilities inherent in the way Windork was designed and being based off of Unix, but that makes them no more secure. In fact, compared to an Open Unix/Linux system, it tends to make them LESS secure because they combine a desire to keep users' hands off the OS with Microsoft's dreaded security-through-obscurity model.

This one may not do much...but the days of Macs avoiding attention are coming to an end. Rapidly.