New Mac OS X Trojan distributed via BitTorrent file-sharing sites

gc
A new Mac OS X Trojan has been discovered on BitTorrent sites. The threat, dubbed OSX.DevilRobber or OSX.Miner, has appeared within legitimate copies of GraphicConverter v7.4, Flux v3.2.5 and CorelPainter v12, which the virus writer has modified and posted on the file-sharing websites. The Trojan is installed on your computer when the parent application’s installer is run.

The threat appears to be quite sophisticated, adopting a multi-pronged approach to harvesting personal details from your computer, including stored information from encryption software and Safari, and sends this to a remote server. In addition, the Trojan utilizes your Graphics processor (GPU) to perform calculations required to undertake bitcoin mining, hence the name. If it discovers a bitcoin wallet it will save that, too.

bitcoin

If your Mac becomes infected by this Trojan then the first thing you may notice is a sluggishness as it performs the bitcoin permutations required for ‘mining’. Check for the presence of a folder in your login user area called ~/Library/mdsa1331/ and a launch agent file in ~/Library/LaunchAgents/ that looks unfamiliar. The current version of the trojan creates a startup file, which at first glance appears to have come from Apple, com.apple.legion.plist.

Interestingly, the Trojan script exits if it detects that LittleSnitch, a network analyzing tool, is installed on your Mac. Presumably this is because it will highlight network traffic and raise awareness of the Trojan’s presence in the wild.


As always, we advise extreme caution when downloading software from file-sharing websites as you don’t always get what you expect. Unfortunately in this case you get a lot more than you bargained for!

ProtectMac AntiVirus detects this new Trojan as OSX.DevilRobber.

Security Update 2011-006 Released

Apple has published a security update for Mac OS X to compliment the latest release of Lion 10.7.2. This update also improves the security of Macs running Mac OS X 10.6.8.

There is numerous security fixes included in this update to improve the stability and security of your computer relating to core technologies, networking, file viewing and downloading and in particular Quicktime and the Application Firewall. Full details of the security update can be found on the Apple website
http://support.apple.com/kb/HT5002

Update 26 Oct 2011: The Quicktime fixes are also available for Windows computers.

Mac OS X 10.7.2 update

Apple has released and update to Mac OS X 10.7, which also includes Safari 5.1.1. This update is recommended for all users running OS X Lion and includes general operating fixes that improve the stability and security of your computer. The release also includes support for Apple’s iCloud technology that automatically stores your content and information on iCloud and syncs to all your Apple devices.

The main products and technology affected by this update are:

  • Email, calendars, contacts, Safari bookmarks and reading list are all automatically saved to iCloud and data pushed to all your Apple devices
  • Back to your Mac provides remote access to your Mac from any other Mac.
  • Find my Mac helps locate your Mac computer and display the location on a map, allowing remote locking or wiping of the computers’s content

Further details of the new version of Mac OS X can be found on the Apple
website.

Apple add protection for OSX.Revir and OSX.Flashback

Apple has updated their built-in File Quarantine component, XProtect, with detection for the trojans that were reported late last week and earlier this week. XProtect detects the latest threats as OSX.Revir.A and OSX.FlashBack.A. and gives the user option of opening them (we don’t recommend this), canceling the operation or moving the files to Trash.

alert

XProtect was introduced in Snow Leopard Mac OS X version 10.6

Flash Player Trojan discovered

A backdoor Trojan that pretends to be an Adobe Flash Player plugin has been found on compromised websites. If the Trojan runs on your computer it has the potential for remote hackers to control your Mac and retrieve sensitive information.

Users who visit a compromised website will see a link to a Flash Player Installer and because of the downloaded file extension, Safari will categorize the file as ‘safe’ and automatically run the malicious software on your computer when downloaded.

We recommend that users consider
disabling the ‘Open “Safe” files after downloading’ option in the Safari General preferences to prevent Safari automatically opening downloaded files such as this and other threats like OSX.MacDefender

If users require Flash Player for Mac OS X then we also recommend that they download it directly from the Adobe website. Users should always be extremely careful when downloading any files from the internet and only download files from trusted sites.

ProtectMac AntiVirus detects the Flash Player Trojan as Trojan.Flashback.

New Trojan disguised as a PDF document

A trojan threat that is posing as a PDF document has been discovered. The threat displays a (Chinese) PDF document when run in an attempt to hide from the user that it's an application, connecting to a remote server and further downloading a backdoor trojan, which will allow hackers remote access to your computer.

Whilst the idea of disguising a threat as a PDF document has been seen before on Windows computers, this is the first time that the virus writers have adopted this approach on Mac OS X. At the moment the risk that this threat poses is low, the quality of the code suggests that it is a proof-of-concept that is not yet spreading in the wild.

ProtectMac AntiVirus detects the PDF-style application as
OSX.Revir-1 and the backdoor trojan as OSX.iMuler-1

ProtectMac recommends that users are always extremely careful when downloading any files from the internet and only download from trusted sites. As we've seen with this threat and Microsoft Word files, because a file appears to be a document does not make it harmless.

Security Update 2011-005 Released

Apple has released a security update for Mac OS X 10.6.x and 10.7.x.

The update contains a fix to the Certificate Trust Policy to resolve a security vulnerability whereby an attacker might be able intercept user credentials or other sensitive information.

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

The latest security update can be downloaded via Mac OS X Software Update. Note, after downloading you will be required to restart you computer for the update to take affect.

Further information on Security Update 2011-005 can be found on the Apple website http://support.apple.com/kb/HT1222

ProtectMac AntiVirus Version 1.2 Released

A new version of ProtectMac AntiVirus has been released that is fully compatible with OS X Lion.

Users with the option
Check For Updates enabled (set by default) in the ProtectMac Updating preferences will download and have Version 1.2 installed automatically whenever an update check is next performed on their computer. Or they can download and install it immediately by selecting Check For Updates from the ProtectMac menu bar icon at the top right of their computer screen.

Version 1.2 installer can be downloaded directly from
here for users who need to install afresh on OS X Lion.

Note, ProtectMac AntiVirus Version 1.2 is capable of running on Mac OS X 10.4.7 through to 10.7, OS X Lion.

OS X Lion Now Available

lionApple has released a major upgrade to their flagship operating system, Mac OS X. Unlike previous upgrades, OS X Lion (version 10.7) is only available from the Mac App Store as a 3.49 GB download and at a cost of $29.99. However, pay once and you can download and upgrade Lion on all your personal Macs running Snow Leopard 10.6.

A full description of all the features and capabilities of the new operation system, including how to download and install OS X Lion, can be found on the Apple website http://www.apple.com/macosx/

Requirements:
  • Mac OS X 10.6.6 or later. It is recommend that you upgrade to the latest version of Snow Leopard, version 10.6.8, via Software Update before purchasing and installing OS X Lion
  • Mac computer with an Intel Core 2 Duo, i3, i5, i7 or Xeon processor. To establish your Mac’s processor type click on the Apple icon at the top left of your computer screen and choose ‘About this Mac’ from the menu options.
  • 2GB of memory
  • 7GB of disk space

It is also recommended that users backup important files and data on their computer before upgrading to Mac OS X 10.6.8, purchasing and installing OS X Lion.

*ProtectMac AntiVirus Version 1.2 and later is fully compatible with OS X Lion

Mac OS X 10.6.8 published

The latest version of Mac OS X, 10.6.8, is now available via Software Update. This update is recommended for all users running Snow Leopard and includes general fixes to improve the stability, compatibility and the security of Mac OS X. The release includes fixes that specifically:

  • Resolves an issue that may cause Preview to unexpectedly quit.
  • Improves support for IPv6.
  • Improves VPN reliability.
  • Identifies and removes known variants of MacDefender malware.
  • Corrects timezone data in iCal for Lisbon-Portugal.
  • Adds the ability to use Kerberos authentication to a web proxy server.
  • Fixes an issue when saving documents from Xcode or TextEdit when using an NFS home directory.
  • Fixes an issue when importing certain media files into Final Cut Pro

Full details of the update are described in the following Apple knowledge base article http://support.apple.com/kb/HT4561

Information on security updates within Mac OS X can be found here
http://support.apple.com/kb/HT1222

Note: Mac OS X updates and the security updates can also be downloaded directly from the Apple website
http://support.apple.com/downloads/

Apple recommends that you back up your system before upgrading to 10.6.8.

MacShield variant bypasses Mac OS X detection

After Apple released detection for MacDefender in Mac OS X, the virus writers have posted a new variant of the fake software a few hours later that evades the Apple detection functionality.

Whilst visiting a compromised website users will see a fake virus scan occurring within their web browser, typical of all variants. The JavaScript then downloads an installer package, mdinstall.pkg, which automatically expands and runs an intermediate file (mdDownloader) that downloads a MacDefender variant called MacShield to the Applications folder.

ProtectMac AntiVirus customers are protected against these threats OSX.MacDefender, Trojan-Downloader.OSX.Fav.A

***To prevent downloaded archives and files from being opened automatically it is recommended that you disable the ‘Open “safe”files after downloading’ option in their General Safari preferences.

Safari_prefs

Apple add MacDefender detection to Mac OS X

Apple has released Security Update 2011-003 to detect and remove the MacDefender trojan within Mac OS X. Further information on the security update can be found within the Apple knowledgebase article http://support.apple.com/kb/HT4657

The trojan which has appeared across the internet in recent weeks poses as antivirus software, downloading itself to user’s Macs and installing the fake product in their Applications folder. The fake software then alerts the user to non-existent malware it has detected on their computer and attempts to persuade them to license the software so as to be able to remove the threats.

Mac users can opt out of the malware updates by unchecking the new option “Automatically update safe downloads list” in the General, Security Preferences.

Apple Security


ProtectMac AntiVirus customers are protected against these threats OSX.MacDefender, Trojan-Downloader.OSX.Fav.A

Mac Defender downloader discovered with new variant

A Mac Trojan downloader (Trojan-Downloader.OSX.Fav.A) designed to download and install a variant of MacDefender called MacGuard has been discovered.

The downloader arrives on your computer using the same mechanism that MacDefender and earlier versions of the trojans used. Namely, whilst browsing a compromised website users will see what appears to be a scan of their computer occurring within their web browser. The JavaScript on the website downloads a small zip file to the Applications folder containing the downloader application, avRunner.

u1

The malicious application then runs and downloads a MacDefender variant called MacGuard and installs this into the Applications folder. An item is also added the user's Login Items in System preferences so that MacGuard runs each time on startup. 

Web traffic is hijacked, too, such that users are sent to pornographic and phishing websites to further encourage them to license the fake software to eliminate this additional problem.

ProtectMac AntiVirus customers are protected against these threats OSX.MacDefender, Trojan-Downloader.OSX.Fav.A

How to manually removal MacDefender and any variants
Manual removal instructions

Mac users can prevent downloaded archives and files from being opened automatically by disabling the ‘Open “safe”files after downloading’ option in their General Safari preferences.

Safari_prefs

Apple to release Mac Defender malware check in Mac OS X

Following the discovery of several fake Mac antivirus products on the internet, Apple have decided to add their own detection to Mac OS X http://support.apple.com/kb/HT4650

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.” 

The latest security fix will be available for download via Apple’s Software Update mechanism.

Mac Security, Mac Protector and Mac Guard - Mac Defender fake AntiVirus variants

Variants of the fake Mac AntiVirus software that was discovered earlier this week have appeared on the internet. Calling themselves either Mac Security, Mac Protector, Mac Guard or Apple Web Security, the variants behave in the same way as Mac Defender by pretending to discover viruses on your computer and asking that you purchase the software in order to remove the threats.

One of the main differences between these variants and Mac Defender is that the resultant scanning window that is triggered by the JavaScript code running on the compromised website looks more like a Mac desktop. The script then automatically downloads a Mac Installer meta-package called MacSecurity.mpkg.

macsecurity

ProtectMac AntiVirus customers are protected against these threats OSX.MacDefender, Trojan.OSX.MacDefender

***After removing the trojan with ProtectMac AntiVirus restart your computer.

Fake Mac Defender AntiVirus software

A new threat that pretends to be a legitimate Mac AntiVirus product called MACDefender has been discovered on compromised websites. Typically the threat is found whilst searching for popular topics and images on the internet. Compromised websites contain JavaScript code that runs and displays a Windows-style scan of your computer.

FakeScan2
FakeScan

After closing the alert a zip file named, BestMacAntiVirus2011.mpkg.zip will be downloaded, which extracts a Mac Installer meta-package called MacDefender.mpkg. Unfortunately the only thing that this software is like to remove are your credit card details!

As a general rule it is best not to respond to any prompts that you receive whilst browsing the internet. If you do require antivirus software, or anything for that matter, then it’s best to do the research yourself and choose a well known legitimate company.

ProtectMac AntiVirus customers are protected against this threat
OSX.MacDefender.A.

Note: There is a legitimate Mac antivirus product named MacDefender

Security Update for Safari 5.0.5 and Mac OS X 2011-002

Apple has released a security update for Mac OS X and Safari. These updates contain a fix to the Certificate Trust Policy and Webkit technologies respectively.

The impact of the security vulnerabilities could mean that ’
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

The update is available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later and Mac OS X Server v10.6.5 or later.

Further information on Security Update 2011-002 can be found on the Apple website http://support.apple.com/kb/HT1222

The latest security updates can be downloaded via the Mac OS X Software Update mechanism.

Mac OS X 10.6.7 Now Available

The latest version of Mac OS X, 10.6.7, is now available via Software Update. This update is recommended for all users running Snow Leopard and includes general fixes to improve the stability, compatibility and the security of Mac OS X. The release includes fixes specifically to:

• Improve the reliability of Back to My Mac
• Fix for a file transfer problem to certain SMB servers
• Several minor Mac App Store bugs have been resolved

Full details of the update are described in the following Apple knowledge base article
http://support.apple.com/kb/HT4472

The Mac OS X release also includes a number of security enhancements to several application areas. Full details of the security update can be found here
http://support.apple.com/kb/HT1222

Note: the Mac OS X update and the security update can also be downloaded directly from the Apple website http://support.apple.com/downloads/

Apple recommends that you back up your system before upgrading to 10.6.7.

OSX.MusMinim RAT detected

MusMinum is a Mac version of a Remote Access Tool which has the ability to open up a backdoor on your computer.

In its current state the threat is quite basic and even warns you in flawed English if you become infected.
Furthermore, if the threat is running then it is displayed in the list of processes as "BlackHole" and can often appear on disk in a folder of the same name.

MusMinim

The trojan should pose little risk to Mac users at present, but we are continuing to monitor the situation closely as all indications are that the author is developing a more sophisticated variant.

As the threat is likely to appear as some kind of trojan on the internet, our recommendations as always is to be vigilant when downloading any application from the internet and only visit well-known reputable sites.

ProtectMac AntiVirus Version 1.1.5 Released

A new version of ProtectMac AntiVirus has been published, containing the following enhancements:

  • Scanning of NTFS-formatted disks has been made more reliable.
  • Improved performance of the file-access scanner.
  • Minor changes have been made to the application GUI.

Version 1.1.5 will be downloaded automatically by the background update scheduler. The new version can also be downloaded manually via the ‘Check For Updates’ option in the menu bar icon. Users can view the new version details in the ProtectMac AntiVirus application’s About box.

ProtectMac AntiVirus Version 1.1.4 Released

A new version of ProtectMac AntiVirus has been released, containing the following changes:

  • An initial update check is now performed immediately after running for the first time
  • Improved checking for invalid Device scan locations.
  • Resizing and display of the desktop progress window has been made more reliable.
  • Graphical improvements to the user interface and installer window
  • Updated scanning technology

Version 1.1.4 will be downloaded automatically if users have ‘Checked for Updates’ enabled in the application’s Updating preferences, which is enabled by default. Or the new version can be downloaded manually via the ‘Check For Updates’ option in the menu bar icon. Users can view the version number of ProtectMac AntiVirus in the application’s About box. See
Screenshots

Security Update for Mac OS X 2010-007

Following the release of Mac OS X 10.6.5, Apple has also made available a security update for Mac OS X. This update contains a number of security fixes and is recommend for all Mac OS X users running 10.4 and above.



Further information on the improvements in Security Update 2010-007 can be found here http://support.apple.com/kb/HT1222

The latest security fixes can be downloaded via Apple’s Software Update mechanism.
For users with multiple computers who wish to download the update only once, the update can be found here http://support.apple.com/kb/DL1329

Note, Mac OS X users who have upgraded to Mac 10.6.5 will already have these fixes installed.

Avalanche of Snow Leopard improvements in 10.6.5

Apple have today released their latest version of Mac OS X, 10.6.5.

This update is considerably large, with over 100 bug fixes, enhancements and stability improvements. The release is recommended for all Snow Leopard users and is available via the normal Apple Software Update channel. The update includes the following

  • improve reliability with Microsoft Exchange servers
  • address performance of some image-processing operations in iPhoto and Aperture
  • address stability and performance of graphics applications and games
  • resolve a delay between print jobs
  • address a printing issue for some HP printers connected to an AirPort Extreme
  • resolve an issue when dragging contacts from Address Book to iCal
  • address an issue where dragging an item from a stack causes the Dock to not automatically hide
  • resolve an issue with Wikipedia information not displaying correctly in Dictionary
  • improve performance of MainStage on certain Mac systems
  • resolve spacing issues with OpenType fonts
  • improve reliability with some Bluetooth braille displays
  • resolve a VoiceOver issue when browsing some web sites with Safari 5

If you need to update multiple computers and would prefer to download the relevant update only once then this can be located on the following webpage
http://support.apple.com/downloads/



Full details of the new version are described in the following Apple knowledgebase article http://support.apple.com/kb/HT4250

Information on the security features of the update can be viewed here
http://support.apple.com/kb/HT1222

Note: the security update can also be downloaded separately and contains fixes for 10.4, 10.5 and 10.6 systems
http://support.apple.com/kb/DL1329

Apple recommends that you back up your system before upgrading to 10.6.5.

OSX.Boonana- Koobface variant discovered

A Mac version of the Koobface trojan has been discovered circulating the social network and internet sites targeting Mac users.

Using what's become known as' social engineering' the unwary user is encouraged to click on a link in Facebook, Twitter or Myspace that supposes to contain a video of the user.

The multi-platform Java threat is designed to run not only on Mac OS X, but Windows and Linux, too. If the user is persuaded to authorize the java applet, it has the potential to download a number of cross-platform files as well as an installer, which enables the threat to run automatically on each restart .

Infected computers have the potential to be accessed remotely, setup as host servers to spam users or spread the trojan, and contact a number of remote server sites with the intent of downloading further malicious software.


So, if you see a request to authorize a java applet whilst accessing your favorite social network or internet site, decline!!
Read more

Mac OS X 10.6.4 Now Available

The latest version of Mac OS X, 10.6.4, is now available via Software Update. This update is recommended for all users running Snow Leopard and includes the latest Safari web browser release, version 5.0. It also delivers fixes for several application issues and core hardware problems:

• resolve an issue that causes the keyboard or trackpad to become unresponsive
• resolve an issue that may prevent some Adobe Creative Suite 3 applications from opening
• address issues copying, renaming, or deleting files on SMB file servers
• improve reliability of VPN connections
• resolve a playback issue in DVD Player when using Good Quality deinterlacing
• resolve an issue editing photos with iPhoto or Aperture in full screen view
• improve compatibility with some braille displays

Full details of the update are described in the following Apple knowledge base article
http://support.apple.com/kb/HT4150

The Mac OS X release also includes a number of security updates, amongst which is an update to Apple’s own malware detection for the HellRTS threat - this is a malicious Trojan pretending to be an iPhoto posting on the internet.

Full details of the security update can be found here
http://support.apple.com/kb/HT1222

If you need to update multiple computers and would prefer to download the relevant update only once then this can be located on the following webpage
http://support.apple.com/downloads/#macosx106

Apple recommends that you back up your system before upgrading to 10.6.4.

Premier Opinion, Spyware, Trojan or legitimate software?

With the much-heralded discovery of the latest Mac computer threat, OSX/opinionspy, on a variety of Mac software download sites, the question arises as to whether it is actually Spyware, a Trojan or legitimate software.

Clearly the makers of the 7art screensavers believe it is legitimate software, designed to allow you to download their screensavers freely, based on the understanding that you are participating in a market survey by providing details of your computer usage and online habits.

The integral component of the Premier Opinion software does ask you to accept (and presumably read) their conditions before continuing with the installation - there’s no opt-out choice just for this component.



Admittedly, the software does not attempt to obfuscate itself so it should be quite easy to spot if you have installed it, there is a menu bar icon at the top of your screen and most of the software is located in the Applications folder - there’s also a launchd file in LaunchDaemons.



Arguably, this ‘threat’ could be classified as a Trojan rather than spyware i.e. you thought you were downloading just a screensaver but got more than you bargained for because it’s installed all these other components:

Once you install the screensaver there is a root process called PremierOpinion that does appear to be reasonably active; what exactly it is collecting from your computer and how that information is used will determine how nefarious this application is.

Uninstalling the screensaver does NOT remove the Premier Opinion software, for that you will need to run the Premier Opinion Uninstaller located in the /Application/Premier Opinion folder by default.

So the moral of this story is read the license agreement in installers and be fully aware of what you are signing up to. If in doubt, only download and install software that you actually need from websites that you absolutely trust - are your private details and computer usage profile worth the risk!

Apple go from strength to strength in the first Quarter of 2010

Apple today posted their financial results for its second fiscal quarter of the year, ending in March 2010. Revenue of $13.5 billion and profit of over $3 billion were attributed to sales of 8.75 million iPhones, 10.89 million iPods and almost 3 million Macs shipped in the first 3 months of 2010.

It was the best non-holiday quarter figures ever by Apple, with revenues up almost 50% and profit up 90%. With the recent release of the iPad and
“...more extraordinary products in the pipeline for this year” the future is looking extremely interesting and healthy for the Cupertino-based company.

Read more...
Apple Reports Second Quarter Results

27- inch iMac EFI Firmware Update

If you are fortunate enough to own one of the new 27-inch quad-core iMacs then you’ll be pleased to know that Apple have released a firmware update for Mac OS X 10.6.3 to address a number of issues with high processor usage and display backlighting problems.

As usual the update is available through Software Update and will be downloaded automatically if you have ‘Check for Updates’ selected in your System Preferences.

Mac OS X 10.6.3 and Security Update 2010-003 Released

Apple has released a security update for Snow Leopard and Leopard users. The upgrade covers a single vulnerability in Apple Type Services (ATS) when viewing or downloading documents that contain ‘maliciously crafted embedded fonts’ , which was recently reported in the media and credited to computer security researcher Charlie Miller. An Apple knowledgebase article describes the content of the update in more detail, http://support.apple.com/kb/HT4131

The size of the Leopard update is considerably larger than the Snow Leopard download as it contains previous security patches. As well as being available via Software Updates, the updates can also be manually downloaded via the links below:

Snow Leopard Update (6.5MB)
Leopard Update - Client (218.6MB)
Leopard Update - Server (379.5 MB)

Mac OS X 10.6.3 and Security Update 2010-002 Released

Apple has released a major update for Mac OS X. The upgrade to Snow Leopard, 10.6.3, is available through Software Update and will be downloaded automatically if you have ‘Check for Updates’ selected in your System Preferences.

You can also manually download the Update from
here if you have multiple computers that need updating and only want to download the update once. Be aware that it is 720MB for the update and 784MB for the Combo Update.

Apple recommends that you back up your system before upgrading to 10.6.3.

The update covers general operating system fixes for a wide variety of applications and core technologies, ranging from Time Machine, Mail, iCal to MobileMe, Airport and Directory Services. Further information can be found on the Apple website
About the Mac OS X v10.6.3 Update

In addition, the release includes a significant number of security fixes which are detailed in the following knowledgebase article Security Update 2010-002 Note, the Security Update applies to both 10.5.8 and 10.6

Apple Security Update 2010-01

Apple has released Security Update 2010-01 to fix a number of vulnerabilities in Adobe Flash Player plug-in and to resolve potential problems with Image rendering. The update is available for Mac OS X 10.5.x and Mac OS X 10.6.x and can be downloaded via Software Update on your Mac.

Mac users can read a full description of the Security fixes on the Apple website
http://support.apple.com/kb/HT4004

ProtectMac AntiVirus Version 1.1.2 Released

A new version of ProtectMac AntiVirus has been released. Version 1.12 will be downloaded automatically if you have ‘Checked for Updates’ enabled in the application’s Updating preferences. See Updating Preferences

The new version contains the following changes:

  • Clearing the Recent Finder Scans menu has been made more reliable.
  • VoiceOver support has been enhanced.
  • Improved the editing of the Scheduled Scan time in different time zones.

Customers can check the version of ProtectMac AntiVirus they are running in the Application’s About box.
Read more...

Lose/Lose a game too far?

A Mac OS X arcade-style, shoot’m-up alien game named Lose/Lose has been doing the rounds recently. One of the aims of the author is to supposedly raise questions about the role of these type of video games, whilst using the files on your disk as collateral: every time you kill an alien a random file on your disk is deleted.

At the moment the game can only be downloaded via the author’s website, if you are happy to ignore the big red warning!


KILLING ALIENS IN LOSE/LOSE WILL DELETE FILES ON YOUR HARD DRIVE PERMANANTLY

Although the player is given several warnings about what the game will do, and it may not have been created with malicious intent, the idea of deleting personal files and system files on someone’s Mac to make a point, clearly has an impact on the security and integrity of their system.

So the moral of the story is, if you don’t want to lose your files don’t run the game!


For more information see OSX.LoseGame on the Macintosh Malware page .

ProtectMac AntiVirus Version 1.1.1 Released

A new version of ProtectMac AntiVirus has been released. Version 1.1.1 will be downloaded automatically if you have ‘Checked for Updates’ enabled in the application’s Updating preferences. See Updating Preferences

The new version contains the following changes:

  • a Service to allow Finder Contextual menu scanning on Snow Leopard
  • user interface enhancements
  • an update to the license renewal feature in the application, that verifies a customer’s license key and redirects the user to the Renewal page of the online store at a click of a button
  • ProtectMac menu integrity check on startup.

Customers can check the version of ProtectMac AntiVirus they are running in the Application’s About box.
Read more...

Apple Mac OS X 10.6.1 Update

Apple has released Mac OS X 10.6.1. The first upgrade to Snow Leopard is available through Software Update and will be downloaded automatically if you have ‘Check for Updates’ selected in your System Preferences.

“The 10.6.1 Update is recommended for all users running Mac OS X Snow Leopard version and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.”

There are specific fixes in several areas:

  • compatibility with Sierra Wireless 3G modems
  • a fix to prevent DVD playback from stopping unexpectedly
  • resolution of a problem where automatic account setup in Mail might fail
  • printer compatibility drivers failing to be displayed correctly in the printer browser
  • problems removing items form the Dock
  • unresponsiveness of Motion 4

For detailed information on this update, please visit the Apple support website: 
http://support.apple.com/kb/HT38103

Corresponding security patches have also been release with 10.6.1 and are described in the following knowledgebase article: http://support.apple.com/kb/HT1222

Apple Mac OS X 10.6 Snow Leopard Released

Apple released their long awaited update to Mac OS X today. Mac OS X 10.6, Snow Leopard, goes on sale for just $29 for those upgrading from Snow Leopard.

A plethora of updates to core systems and application have been included in this release. It’s “Better, Faster. Easier”, to quote Apple. To read what’s new in Snow Leopard check out the
Apple website.

And, of course, ProtectMac AntiVirus fully supports this new operating system.
Support Information...

ProtectMac AntiVirus v1.1 Snow Leopard version available

A new version of ProtectMac AntiVirus, version 1.1, is available to compliment the forthcoming release of Mac OS X 10.6 Snow Leopard.

The new version of ProtectMac AntiVirus also includes the following enhancements:

  • Snow Leopard is fully supported in both 32-bit and 64-bit modes.
  • Compatibility with FileVault has been improved.
  • File-access scanning performance has been enhanced.

Users should ensure that they are running ProtectMac AntiVirus version 1.1 or later before upgrading to Snow Leopard. See the Support pages for
more information...

Mac OS X 10.5.8 Released

Apple has released version 10.5.8, probably the last major upgrade of Mac OS X 10.5 before Mac OS X 10.6, Snow Leopard, is available sometime in August or September.

The latest upgrade to Leopard is available through Software Update and will be downloaded automatically if you have ‘Check for Updates’ selected in your System Preferences.

“The 10.5.8 Update is recommended for all users running Mac OS X Leopard version 10.5.7 and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.”

There are specific fixes in several areas:

  • compatibility and reliability issues when joining AirPort networks.
  • an issue that could cause some monitor resolutions to no longer appear in Displays System Preferences.
  • issues that may affect Bluetooth reliability.

This update also upgrades Safari to version 4.0.2.

For detailed information on this update, please visit the Apple support website: 
http://support.apple.com/kb/HT3606

The numerous security patches, ranging from kernel to dock enhancements, are described in the following knowledgebase article:
http://support.apple.com/kb/HT3757

OSX.Jahlav.C Trojan discovered

A variant of the Jahlav family of Trojans has been discovered. OSX.Jahlav.C pretends to be a fix for a missing ActiveX Object, copying itself to your Mac when you run the installer.

For more information see the Macintosh Malware page.

Security Update for iTunes and QuickTime

Apple has released an update to fix a number of security issues within QuickTime and iTunes.

QuickTime version 7.6.2, resolves an exploit whereby hackers creating a movie or graphics file could use this file to execute malicious code on your computer. iTunes version 8.2, fixes a stack buffer overflow problem which again could allow hackers to run code if the user visits a “maliciously crafted website”.

The updates to these applications apply to both Mac and Windows users.

Mac OS X 10.5.7 Released

Apple has released version 10.5.7. The latest upgrade to Mac OS 10.5 Leopard is available through Software Update and will be downloaded automatically if you have Check for Updates selected in your Preferences.

“The Mac OS X 10.5.7 Update is recommended for Mac OS X 10.5 Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.”

Be patient, though, as the upgrade includes changes to many applications and components and has several security fixes, it stands at a hefty 449MB for 10.5.6 users!

Further details of the upgrade can be found on the Apple support page
http://support.apple.com/kb/HT3397 along with a description of the Security Updates http://support.apple.com/kb/HT1222

OSX.RSPlug.F Discovered

A variant of the RSPlug Trojan has been discovered that modifies network configuration on your Mac, changing the DNS Server settings and redirecting the user to malicious websites when browsing the internet.

The Trojan has been posted on various websites as installers for Avid Express Pro.

For more information view the Macintosh Malware page.

OSX.iServices.B Trojan Horse discovered with pirated copies of Adobe PhotoShop CS4

A Trojan Horses, OSX.iServices.B, have been discovered on BitTorrent websites packaged with a copy of Adobe PhotoShop CS4. Along with a commercial copy of Adobe PhotoShop, the downloaded package contains an application to 'crack' the software's serial number protection. Running the Crack application installs the Trojan on your Mac.

The Trojan is a variant of the OSX.iWorkServices.A Trojan that was discovered a few days ago and exhibits similar characteristics once installed, attempting to connect to a remote server, freehostia.com:1024, on the Internet to broadcast its existence and download further malware from the server.

For more information see the
Macintosh Malware page.

OSX.iWorkServices.A Trojan Horse discovered in pirated copies of iWorks 09

A Trojan Horses, OSX.iWorkServices.A, have been discovered on BitTorrent websites inside a copy of iWorks 09 installer. Running the iWork 09 installer installs the Trojan on your Mac. The trojan attempts to connect to a remote server on the Internet, broadcasting its existence and enabling your Mac to download further malware.

For more information see the
Macintosh Malware page.

Mac OS X 10.5.6 Released

Apple have upgraded Leopard to 10.5.6. The latest upgrade is available through Software Update and will be downloaded automatically if you have Check for Updates selected in your Preferences.

“The 10.5.6 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.”

Further details of the upgrade can be found on the Apple support page
http://support.apple.com/kb/HT3194 along with a description of the Security Updates http://support.apple.com/kb/HT3338

A new Mac OS X Trojan Horse has been discovered: OSX.Jahlav.A

OSX.Jahlav.A has many similarities with the RSPlug.A Trojan that was discovered recently, having been written by the same virus writers. The Trojan can be found on several pornographic websites and purports to be a fix for Active X errors when attempting to view online videos. More Information...

OSX.Lamzev.A Trojan discovered

OSX.Lamzev.A, a Trojan Horse that could be used to open up a 'backdoor' on a compromised Mac, has been discovered. More Information...

Mac OS X 10.5.5 Released

Apple have upgraded Leopard to 10.5.5. The latest upgrade is available through Software Update and will be downloaded automatically if you have Check for Updates selected in your Preferences.

“The 10.5.5 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.”

Further details of the upgrade can be found on the Apple support page
http://support.apple.com/kb/HT2405 along with a description of the Security Updates http://support.apple.com/kb/HT1222

Apple Releases Mac OS X 10.5.4 (Leopard) Security Update

This latest release from Apple improves both the stability and security of Leopard in a number of areas. The update and a full description of the changes can be obtained from the Apple website.

Apple Remote Destop Agent vulnerability

An AppleScript Trojan horse (Hovdy.A/Saprilt.A) has been discovered that exploits a vulnerability in ARDAgent , a component of Apple's Remote Desktop technology, which allows unauthorized code to run as root. More Information...