While Mac users like to brag on and on about how they don’t get viruses and other types of malware on their shiny objects of perfection recent events are proving otherwise, and to the degree that Apple has started to include their own anti-malware scanning engine as part of OS X.

The problem is that as smart as apple might think it is at catching all those nasties flocking to infect those awesome Mac machines the people writing the current crop of Mac oriented malware files are just as smart, as evidenced by their newest tactic to infect Mac machines.

Taking a note out of the old Windows malware writers guide the newest Mac trojan, which is actually just a variation of one already out in the wild, will nuke the built-in XProtectUpdater files.

The trojan, called Trojan-Downloader:OSX/Flashback.C, is delivered through a fake Flash Player installer and once the admin passwords are entered as a part of the install Flashback.C hunts down its prey by decrypting the paths within XPathUpdater and unload the XProtectUpdater daemon. Once that is done it overwrites those files with blank space, which in turns nukes the key files that XProtect needs so it can get regular updates.

The trojan can be removed using malware/ virus scanning software. You can find more information on F-Secure’s page for Flashback.C.

via Ars Technica

Mac trojan now equipped with OS X anti-virus nuking ability is a post from: The Inquisitr

Anyone who didn’t see this coming needs to get a reality check but it seems that the folks at the CA Security Advisor blog have gotten their hands on a really nasty Android trojan.

While there have already been trojans out in the wild that will record your calls time and duration, which is then saved to a local text file, this new one steps up the game by recording the actual audio of the phone call, and then saving it to the SD card.

For all that we rely on our smartphones they could turn out to be our biggest personal security risks, if our general computer history is any indication.

h/t to @edbott on Twitter

New Android trojan gets fancy and actually records your phone calls is a post from: The Inquisitr

The other day John Gruber of Daring Fireball fame and unofficial spokesman for Apple wrote a post full of quotes from other dated posts where the writers were brazen enough to suggest that Mac’s long safe harbor against malware, trojans, and viruses would come to an end one day.

I’ve written much the same thing on more than one occasion but it is always nice when you have some pro’s to back you up as Sophos is today.

In a post by Chester Wisniewski on the Sophos blog he warns that they have come across a JavaScript fake scanner meant to convince Mac users that their computers are infected.

This step is extra important on OS X as users will have to install the malware and enter in their administrative credentials for the privilege of infected themselves.

Even worse, the attackers are poisoning search terms and images related to Mother’s Day. Simply searching Google for seemingly innocent content to honor your mum could end up with a malware infection.

Mac users who happen upon a poisoned search result it will pop up a fake anti-virus scanner written in JavaScript that looks just like the OS X Finder application.

Oh dear me, is that some wolves I hear howling in the distance?

Fact is that the day will come when Macs, iPhones, iPads become equal opportunity targets for malware and all those other nasties out there and no amount of quote stuff into a quasi post by John Gruber will change that.

It’s just a matter of time.

Hey Gruber, You Might Want to Reconsider Crying Wolf is a post from: The Inquisitr

In a move that maybe should have been done years ago Comcast is testing out a new automated service in Denver called Comcast Constant Guard. The idea being that as the IPS they will be able to detect much easier unusual spikes in activities from particular IPs they can warn their customers of possible infections.

The alerts are triggered when computers on their networks are found to be doing activities that are commonly associated with botnet style activity. As well customers will be notified if their IP address is identified as the source of spam on an industry span list.

Customers in Denver are set to begin receiving notifications that their system may be infected with a virus or other malware via a pop-up message in the browser, as part of the new free service, called Comcast Constant Guard. The "Service Notice" will include a link to a Comcast security Web site where customers can follow a set of instructions to remove the malware from their computer.

If customers don’t have antivirus software, they can download McAfee Internet Security Suite for free. Comcast also offers a Comcast Toolbar that includes spyware detection and removal, a pop-up ad blocker, antiphishing software, and antispam protection for e-mail.

The company first started notifying customers about the security issues about a year ago, with support representatives calling customers on the phone, Opperman said.

"We learned that customers love it," he said. "We wanted to reach more people and to automate the process."

Source: cnet News – Comcast pop-ups alert customers to PC infections

The new service will eventually be rolled out to the ret of the country and replace the current practice of contacting the user by phone.

Image: cnet News

Comcast going proactive against PC infections is a post from: The Inquisitr

While the stick yer head segment of Mac users will almost certainly find some reason to spout their typical rhetoric about Mac’s being impervious to viruses, trojans and other such evil goodies that isn’t stopping the malware writers from improving their odds of getting you to install their crap. One of the newest tricks apparently is for the website you are visiting to detect which operating system you are running and then serve you up a nasty package for that OS.

Ivan Macalintal from Trend Micro recently came across a new variant of the DNS changer trojan that checks for which operating system is behind the browser and then will offer up the appropriate Windows or Mac installer.

This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the site with a Mac.

Meanwhile, Symantec warned last week that it had detected several blogs that were advertising free, streaming online copies of movies that were just released in the theaters. The lure is once again a fake video plug-in, followed by either a Mac- or Windows-based version of the DNS Changer Trojan.

Source: Security Fix :: Malware Writers: Will That Be OS X, or W?

Most of these new and more dangerous delivery systems are coming at us via blogs and websites that pander to those looking for video and software that they would normally have to pay for.

The reason for this is that by making the visitor think they need some new type of codec to view some questionable video it makes them more willing to install whatever is offered up to them. This is just taking the whole social engineering up a level or two.

image courtesy of Security Fix

Malware served up based on operating system is a post from: The Inquisitr

Microsoft recently shut down their previous attempt at providing a security software application, OneCare, due to a big *YAWN* in the marketplace. That experience though hasn’t deterred then from trying once more but this time they’ll be going with a simple free anti-virus application.

Currently in private testing under the codename of Morro the software giant has announced it will be providing a trial version, product beta, in the near future; or to use their terminology – “soon”. The reaction from competitors in the field range from Symantec and McAfee saying they don’t see this new product from Microsoft as a threat through to “no comment” from the other security software companies.

Analysts consider Morro to be more of a long tern threat (if it can get any traction) rather than having any near term impact.

Symantec shares fell 1.6 percent in afternoon trading and McAfee fell 1.8 percent, while Microsoft was up 1.1 percent. The Nasdaq composite index was down 1.2 percent.

Investors are closely monitoring the free service, code-named Morro after Brazil’s Morro de Sao Paolo beach, amid concern it could hurt sales of products from Symantec and McAfee, which generate billions of dollars of revenue a year protecting Windows PCs from attacks by hackers.

Source: Yahoo! Tech

I sure hope whatever they come out with is better than the OneCare program about which I am not surprised they closed it down.

Microsoft readies free anti-virus software – Let the jokes commence in 1..2…3…. is a post from: The Inquisitr

Now I have to be careful here on how I phrase this post because we sure wouldn’t want to see a Twitter-Friendfeed real-time angry fanboy rise from the dust and inundate us with all manner of death threats – or worse. So here goes – Apple needs to wake up to its new place in the computing landscape and start to take security seriously and better response to their users.

This is the gist of thoughts of Rich Mogull, founder of security firm Securosis and a self-professed Mac user, in both a post on TidBITS and in an interview by Dan Goodin for The Register.

"Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise be prevented before product releases," writes Rich Mogull, founder of security firm Securosis and a self-described owner of seven Macs. "To address this lack, Apple should integrate secure software development into all internal development efforts."

Source: The Register

In his TidBITS post Rich provides five points that he thinks Apple needs to address when it comes to its products and security.

• Appoint and Empower a Chief Security Officer
• Adopt a Secure Software Development Program
• Establish a Security Response Team
• Manage Vulnerabilities in Included Third Party Software
• Complete the Implementation of Anti-Exploration Technologies

Given that even six month after Sun warned of a vulnerability in the Java virtual machine Apple hasn’t seen fit to patch the hole Rich’s suggestions might be well heeded. Note that both Linux and Microsoft fixed the bug months ago.

Apple and its security issues it doesn’t like to acknowledge is a post from: The Inquisitr

As a way to show its viewer how easily their computers could be a part of a botnet the BBC technology show Click went out and purchased what they called a low value botnet from one of the many underground Internet chatrooms. They then used that network to spam a Gmail and Hotmail account specifically setup up for this investigation.

After successfully leaving thousands of spam emails in those accounts in a matter of hours they turned their attention to performing a distributed denial of service (DDoS) attack on a site provided by security company Prevx. Once they completed all that they wanted to do the show left messages on the infected computers in the botnet that they were infected and then disabled the botnet.

BBC shows what happens when you buy a botnet is a post from: The Inquisitr