Mac OS XTrojan Horse Alert: Intego recently alerted users to the presence of a new variant of the HellRaiser Trojan Horse, which they identify as OSX/HellRTS.D. SecureMac has analyzed this new variant and it is detected in the latest MacScan spyware definitions update (Spyware Definitions Version 2010006) as HellRaiser Trojan Horse 4.2. MacScan has detected previous variants of this trojan horse since 2005.
HellRaiser is a trojan horse that allows complete control of a computer by a remote attacker, giving the attacker the ability to transfer files to and from the infected computer, pop up chat messages on the infected system, display pictures, speak messages, and even remotely restart or shut down the infected machine.
The attacker can search through the files on the infected computer, choosing exactly what they want to steal, view the contents of the clipboard, or even watch the user’s actions on the infected computer.
In order to become infected, a user must run the server component of the trojan horse, which can be disguised as an innocent file. The attacker then uses the client component of the trojan horse to take control of the infected system.
Read more about HellRaiser Trojan Horse aka OSX/HellRTS.D
April 16, 2010 •
2 min read
AppleMac OS X Security Update – Apple posts new security update (2010-003) for Leopard and Snow Leopard. Users may update via the Software Updates System Preferences or by accessing Apple’s download site directly.
This security update addresses ATS (Apple Type Services) handling of embedded fonts. Accessing documents containing malicicously crafted embedded fonts may lead to arbitrary code execution. Charlie Miller is credited for discovery of this threat.
April 14, 2010 •
1 min read
AppleApple has released Mac OS X 10.6.3, in this release it includes over a dozen security fixes. Users are advised to upgrade to the latest version of Mac OS X by accessing the Software Update in the System Preferences or by accessing Apple’s download page directly. http://support.apple.com/downloads/
March 30, 2010 •
1 min read
AppleMac OS X security update (2010-001) has been posted by Apple fixing several security issues including a Adobe Flash. Other security fixes include CoreAudio, cupsd printing scheduler, issues with DMGs,TIFFs, SSL and TSL. To update your system access the software update icon within the System Preferences and check for updates.
More information at Apple KB Article.
January 18, 2010 •
1 min read
AppleSnow Leopard has over 1000 new additions, one of which being reported is XProtect, Apple’s step in the direction towards security. When the user launches an installer the file is checked for malicious software currently only iServices Trojan horse and DNSChanger Trojan horse and the user is prompted with a warning. This is limited in scope and misses the vast majority of malware for Mac OS X. Read more the register.
August 25, 2009 •
1 min read
Mac OS XMacScan anti-spyware and privacy for Mac OS X has released new spyware definitions to protect against the latest malware for Mac OS X. Definitions can be downloaded from within MacScan. Download 30 day demo of MacScan for free
August 23, 2009 •
1 min read
Key LoggerDNSChanger Trojan Horse (aka RSPlug Trojan) is running wild lately with multiple variants surfacing rapidly and being distributed through more mainstream sites including gamer and technical download sites as well as pornographic and search engine optimized pages resulting in high rankings in search results.
Learn more about the symptoms of DNSChanger Trojan Horse infected computers or scan your computer for spyware with MacScan or remove DNSChanger Trojan Horse (RSPlug) with DNSChanger Trojan Horse Removal Tool for free.
June 26, 2009 •
3 min read
AppleApple has released iPhone 3.0 OS now available for installation. Users who are able to upgrade their operating system for their iphones are suggested to do so as it addresses about 40 security issues. To download and install the latest version simply connect your iPhone to your computer and launch iTunes, from the iTunes’ iPhone interface section for Version an Update option will be available.
June 17, 2009 •
1 min read
AppleToday Apple released Java for Mac OS X 10.5 Update 4, which is an update that appears to correct the Java vulnerability reported by SecureMac last month. The update requires OS X 10.5.7 or higher. More information can be found at: http://support.apple.com/kb/HT3581.
June 15, 2009 •
1 min read
Mac OS XThe trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. Other variant and aliases include OSX.RSPlug, OSX/Puper and OSX/Jahlav.
This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free DNSChanger Trojan Horse Removal Tool. Learn more information on avoiding DNSChanger Trojan Horse and removal tips.
June 12, 2009 •
1 min read
AppleSecurity Alert: Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.
June 9, 2009 •
1 min read
Mac OS XSecureMac Advisory
Posted: June 9th, 2009
Security Risk: Critical
Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.
Chris Evans has documented this vulnerability in his advisory on his website http://scary.beasts.org/security/CESA-2009-006.html
Safari 4 is now available for download for both Windows and Macintosh systems. Suggested to …
June 7, 2009 •
1 min read