MAC Defender Rogue Anti-Virus Analysis and Removal

SecureMac Security Bulletin

Due to the easy removal of the currently identified variant of this malware, SecureMac rates this threat as low. This Security Bulletin will be updated if the threat changes.

Updated: May 9th, 2011
Updated: May 4th, 2011
Posted: May 2nd, 2011

Security Risk: Low

UPDATE, May 9th, 2011: SecureMac has discovered a new version of the previously identified MAC Defender malware. The new variant, just like the previous identified “Mac Security” version, is an updated version of the original malware, rebranded as “Mac Protector.”

UPDATE, May 4th, 2011: SecureMac has discovered a new version …

BlackHole RAT 2 Trojan Horse for Mac OS X Discovered

As predicted by the SecureMac team, the new version of BlackHole RAT 2 was officially released on a hacker message board this weekend, with some slight differences from the earlier version analyzed by SecureMac. The trojan horse, once installed, disguises itself as a Java Updater. In addition, the author is now referring to the trojan as Freeze RAT, but it contains much of the same code as BlackHole Rat 2.0a. The new version has a more complicated installation process that requires physical access to the computer, so SecureMac continues to rate this as a low threat.

MacScan 2.8 Now Available by SecureMac

SecureMac is pleased to announce MacScan 2.8, the latest version of its award-winning anti-spyware privacy and security software for Apple’s Mac OS X. This new version of MacScan enhances protection against the latest threats for Mac OS X, adding usability enhancements and bug fixes.

BlackHole RAT

The SecureMac team announced today that a new version of the BlackHole RAT 2.0 Trojan Horse for Mac OS X has been discovered. This new version should be not confused with an older variant from back in February already detected by SecureMac and other anti-malware software.

Apple Releases Mac OS X 10.6.5

Apple has released Mac OS X 10.6.5 in the update includes many security concerns addressed. An outline of the security update 2010-007 can be found here http://support.apple.com/kb/HT4435. Users should install this latest update, access the Software Update from within the System Preferences.

Vulnerability Found in Mac OS X 10.5

Core Security has discovered a vulnerability in Mac OS X 10.5 which could be used by a remote attacker to execute arbitrary code by getting the user to download a PDF document containing a embedded malicious CFF font. The advisory shows a communication timeline with Apple as well.

Sophos Anti-Virus for Mac Home Edition Review

Review: Sophos Anti-Virus for Mac OS X

Posted: November 8th, 2010
Author: Israel Torres

Introduction

Sophos declares the following in their campaign for Sophos Anti-Virus for Mac Home Edition:

Malware myth: Macs can’t get viruses.
SophosLabs have detected over 1,000 threats for Mac OS.

Sophos Anti-Virus for Mac Home Edition runs in the background and scans files for threats whenever your Mac opens them. It comes with an uninstaller (Applications/Remove Sophos) in case you want to remove it after trying it on your system.

I’ll be going through this review step-by-step and cover all the features related to …

Initial Analysis of trojan.osx.boonana.a

The initial infection vector of the Boonana trojan is through a message on social networking sites similar to “Is this you in this video?” which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user’s web browser.

The web browser will then prompt the user to allow content signed by an untrusted certificate to run.

When the user accepts the certificate, the applet loads.

Once the applet is loaded, it displays a fake YouTube interface to simulate a “video” by displaying a …

Boonana Trojan Horse trojan.osx.boonana.a

Visit the Boonana advisory page for more details about the Trojan horse trojan.osx.boonana.a including initial analysis and removal instructions or download Boonana Trojan Horse Removal Tool directly.

Apple Updates Java for Mac OS X 10.5 & 10.6

Apple has updated Java for Mac OS X 10.5 and 10.6 addressing several security issues. Users are advised to download the latest update via Software Update in System Preferences or download directly from the Apple Download page.

PGP 10 WDE for Mac OS X

5.12.10 News
PGP Whole Disk Encryption (WDE) ensures your entire hard disk is encrypted and only accessible by you. Read the whole review of PGP Whole Disk Encryption for Mac OS X.

Trojan Horse Alert: HellRaiser (aka OSX/HellRTS.D)

Trojan Horse Alert: Intego recently alerted users to the presence of a new variant of the HellRaiser Trojan Horse, which they identify as OSX/HellRTS.D. SecureMac has analyzed this new variant and it is detected in the latest MacScan spyware definitions update (Spyware Definitions Version 2010006) as HellRaiser Trojan Horse 4.2. MacScan has detected previous variants of this trojan horse since 2005.

HellRaiser is a trojan horse that allows complete control of a computer by a remote attacker, giving the attacker the ability to transfer files to and from the infected computer, pop up chat messages on the infected system, display pictures, speak messages, and even remotely restart or shut down the infected machine.

The attacker can search through the files on the infected computer, choosing exactly what they want to steal, view the contents of the clipboard, or even watch the user’s actions on the infected computer.

In order to become infected, a user must run the server component of the trojan horse, which can be disguised as an innocent file. The attacker then uses the client component of the trojan horse to take control of the infected system.

Read more about HellRaiser Trojan Horse aka OSX/HellRTS.D

Security Update for Leopard & Snow Leopard

Mac OS X Security Update – Apple posts new security update (2010-003) for Leopard and Snow Leopard. Users may update via the Software Updates System Preferences or by accessing Apple’s download site directly.

This security update addresses ATS (Apple Type Services) handling of embedded fonts. Accessing documents containing malicicously crafted embedded fonts may lead to arbitrary code execution. Charlie Miller is credited for discovery of this threat.

Mac OS X 10.6.3 Software Update Released

Apple has released Mac OS X 10.6.3, in this release it includes over a dozen security fixes. Users are advised to upgrade to the latest version of Mac OS X by accessing the Software Update in the System Preferences or by accessing Apple’s download page directly. http://support.apple.com/downloads/

Mac OS X Security Update

Mac OS X security update (2010-001) has been posted by Apple fixing several security issues including a Adobe Flash. Other security fixes include CoreAudio, cupsd printing scheduler, issues with DMGs,TIFFs, SSL and TSL. To update your system access the software update icon within the System Preferences and check for updates.

More information at Apple KB Article.

SecureMac Celebrates 10 Year Anniversary!

SecureMac is celebrating 10 years of success. This year marks the Macintosh security company’s ten-year anniversary. Over the past decade, SecureMac has expanded its role as the premier source for Macintosh security news, released its award-winning anti-spyware and privacy program MacScan, and two free trojan removal tools for the most dangerous threats against OS X. SecureMac continues to lead the drive to educate users about the security threats for OS X, and looks forward to more years of continued success.

Snow Leopard Security

Snow Leopard has over 1000 new additions, one of which being reported is XProtect, Apple’s step in the direction towards security. When the user launches an installer the file is checked for malicious software currently only iServices Trojan horse and DNSChanger Trojan horse and the user is prompted with a warning. This is limited in scope and misses the vast majority of malware for Mac OS X. Read more the register.

MacScan Anti-Spyware & Privacy for Mac OS X

MacScan anti-spyware and privacy for Mac OS X has released new spyware definitions to protect against the latest malware for Mac OS X. Definitions can be downloaded from within MacScan. Download 30 day demo of MacScan for free

OSX/Jahlav-C = DNSChanger Trojan Horse

DNSChanger Trojan Horse (aka RSPlug Trojan) is running wild lately with multiple variants surfacing rapidly and being distributed through more mainstream sites including gamer and technical download sites as well as pornographic and search engine optimized pages resulting in high rankings in search results.

Learn more about the symptoms of DNSChanger Trojan Horse infected computers or scan your computer for spyware with MacScan or remove DNSChanger Trojan Horse (RSPlug) with DNSChanger Trojan Horse Removal Tool for free.

iPhone 3.0 OS Now Available

Apple has released iPhone 3.0 OS now available for installation. Users who are able to upgrade their operating system for their iphones are suggested to do so as it addresses about 40 security issues. To download and install the latest version simply connect your iPhone to your computer and launch iTunes, from the iTunes’ iPhone interface section for Version an Update option will be available.