New Mac OS X malware disables Apple's malware protection

New Mac OS X malware disables Apple's malware protection

Summary: Security researchers from F-Secure have spotted a Mac OS X malware that disables Snow Leopard's XProtect.plist antivirus signatures updates.

SHARE:

Security researchers from F-Secure have spotted a Mac OS X malware that disables Snow Leopard's XProtect.plist antivirus signatures updates.

More from F-Secure:

Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application.

Apple added a built-in antivirus scanner in Snow Leopard in August, 2009. Back then, the feature only scanned for two trojans.

Topics: Software, Apple, Hardware, Malware, Operating Systems, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

68 comments
Log in or register to join the discussion
  • RE: New Mac OS X malware disables Apple's malware protection

    Really? How long till Mac users need a full fledged anti-virus product?
    xpect
    • never

      @xpect
      these "warnings" from the av-peddlers have been around since mac os x is around. trojans as well. still, no viruses after more than a decade. these scare tactics "messages" from the windows av companies desperately trying to sell into the growing mac market are getting old.
      bannedfromzdnetagainandagain
      • RE: New Mac OS X malware disables Apple's malware protection

        @bannedfromzdnetagainandagain You know, except there aren't really any viruses for Windows anymore either. Most malware is socially engineered nowadays.
        Aerowind
      • RE: New Mac OS X malware disables Apple's malware protection

        @bannedfromzdnetagainandagain [i]trojans as well. still, no [b]viruses[/b] after more than a decade.[/i]

        Yep because we all know Viruses are the only danger to a Mac. Trojans... nah... As long as it isn't a Virus, you're good to go!
        Badgered
      • RE: New Mac OS X malware disables Apple's malware protection

        @bannedfromzdnetagainandagain
        I think we are talking about trojans here and not viruses. Viruses aren't really the problem of the day unless you woke up from a 10 year coma or something, but anyway trojans are just as dangerous as they will suck out your private info for use to steal your identity and what not. I would recommend you get you an AV package and get some piece of mind.
        OhTheHumanity
      • @aerowind

        you mean except for that nasty little bluetooth exploit in Windows 7 a few months ago. You know, the one where your machine could get pwned and you never know it by anyone within bluetooth range. Yep. Take your laptop to a Starbucks and get pwned while drinking your latte.
        baggins_z
      • What was the name of the exploit?

        @baggins_z: [i]you mean except for that nasty little bluetooth exploit in Windows 7 a few months ago.[/i]

        I know there was a vulnerability but I'm not aware of any exploit.
        ye
      • RE: New Mac OS X malware disables Apple's malware protection

        @bannedfromzdnetagainandagain So despite every shred of evidence, despite the fact that Apple has released and maintained an anti-malware solution for the Mac OS you still refuse to acknowledge that there are any Mac malware issues. Despite everything you are still keeping your head in the sand. Got it.
        athynz
      • That was the most lame excuse I've seen today

        @bannedfromzdnetagainandagain

        trying to cover for Apple

        You shouldn't try making an excuse if you're really not going to put your heart into it. It's insulting.
        William Farrell
      • RE: New Mac OS X malware disables Apple's malware protection

        @bannedfromzdnetagainandagain

        You are not well informed. My brother is requred to use a MAC for business purposes because some of the best AV (Audio Video) software runs on MAC. He had many, many problems with his system a few months ago and I suggested he investigate AV (Anti Virus) software for the MAC and run a scan. He did, and found that his MAC was infected. The software cleaned up the issues and he is now a happy camper.

        Next time comment on subject you are educated to comment on. Regards
        toomuchtime
      • RE: New Mac OS X malware disables Apple's malware protection

        @Badgered LOL :D Thanks for the laugh and a half.
        MrElectrifyer
      • That would be a problem if...

        @baggins_z if most windows machines had bluetooth but I would bet it is less than half and honestly far lower than that.
        slickjim
    • RE: New Mac OS X malware disables Apple's malware protection

      @xpect Forever, until/unless they go back to big-endian PPC!
      Starman35
    • RE: New Mac OS X malware disables Apple's malware protection

      @xpect <br><br>From the F-Secure page "To complete its installation/infection, Flashback.C requires the user to key in the administrator password." <br><br>As with any OS that allows the user to install programs, it's only as secure as the person operating it!
      cbennett111
      • RE: New Mac OS X malware disables Apple's malware protection

        @cbennett111

        Yup.. I have literally seen people click on something or download something and the computer warn it is not safe and they click OK anyway.
        bobiroc
      • RE: New Mac OS X malware disables Apple's malware protection

        @cbennett111 None of our OS X users have their administrator password, because all programs run just fine without it. You only need the password if something needs to be installed on the Mac. Therefore I think we all are pretty much immune to this particular piece of trash as well as others like it.
        arminw
      • RE: New Mac OS X malware disables Apple's malware protection

        [i]Yup.. I have literally seen people click on something or download something and the computer warn it is not safe and they click OK anyway.[/i]

        Well @bobiroc, isn't that what UAC is all about? Clicking ok on the nanny screen and downloading it anyway?
        ScorpioBlue
      • RE: New Mac OS X malware disables Apple's malware protection

        @arminw

        So, that's no different than how Windows users in enterprise settings are set up on their PCs (i.e. user account isn't the administrator account, & they don't have access to the admin password), & therefore they're just as secure...
        spdragoo@...
    • RE: New Mac OS X malware disables Apple's malware protection

      @xpect We *have* Sophos and ClamXAV, both very good. That said, I have only ever detected win-virus examples in the wild.
      Brahyih
    • RE: New Mac OS X malware disables Apple's malware protection

      @xpect

      I expect F-secure will be ready and willing to sell a solution.
      bannedagain