On mySimon: Caddyshack Trivia Game
BNET Business Network:
BNET
TechRepublic
ZDNet

August 25th, 2009

Apple adds malware blocker in Snow Leopard

Posted by Ryan Naraine @ 11:51 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Malware, Patch Watch

Tags: Apple Macintosh, Malware, Apple Inc., Spyware, Adware & Malware, Cyberthreats, Apple Mac OS X, Apple Mac OS, Desktops, Viruses And Worms, Security

Apple’s commercials may give the impression that Macs are virus-free (.mov) but the company isn’t taking any chances with the newest Mac OS X refresh.

Apple has quietly added a new Snow Leopard feature to scan software downloads for malware, a no-brainer move that coincides with a noticeable spike in malicious files embedded in pirated copies of Mac-specific software.

[SEE: iBotnet: Researchers find signs of zombie Macs ]

The malware blocker, first spotted by the folks at Intego, appears to be scanning installation packages for signs of known Mac malware.

In the screenshot below, the anti-virus flagged a malicious filed called “OSX.RSPlug.A,” which is a DNS changer Trojan horse that runs on Mac OS X and changes the DNS settings on the compromised computer.

[ SEE: Mac OS X Malware found in pirated Apple iWork 09 ]

It is not yet clear how Apple is handling the package scans for signs of malicious software.

I have confirmed that Apple is not using the open-source ClamAV engine to handle these scans so it’s likely the company has entered into an agreement with a commercial anti-virus company.

This isn’t the first official acknowledgment from Apple that the Mac operating system may be susceptible to malware.  This Web page on Mac OS X security actually recommends the use of third-party anti-virus software to get “additional protection.”

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 134 Talkback(s)
Thanks! and...
ain't that the truth! happy I have noticed a tighter, posting policy around here lately, and it has definitely improved the di... (Read the rest)
Posted by: JCitizen Posted on: 09/07/09  (Edited: 09/07/09 @ 11:45) You are currently: a Guest | | Terms of Use
Why is Apple such an M$ $hill?  NonZealot | 08/25/09
No malware targeting OS X...really?  ths40 | 08/25/09
First NonZ really roped you in...:P  James Quinn | 08/25/09
Margarine safe than happy, I always say...  mgp3 | 08/25/09
Did you read?  martin23 | 08/25/09
hmm...  Badgered | 08/25/09
Pot calling the kettle...  bmonsterman | 08/25/09
hook, line and sinker..... (nt)  Badgered | 08/25/09
Well there shouldn't be...  storm14k | 08/25/09
Malware?  Eleutherios | 08/25/09
Virus and Usage  Zem Black | 08/26/09
marketshare myth  shanee25 | 08/27/09
How do you know you are safe?  joblak@... | 09/03/09
RE: Apple adds malware blocker in Snow Leopard  DannyO_0x98 | 08/25/09
There are always a few False Positives  brendan@... | 08/25/09
Scanners  Jkirk3279 | 08/25/09
Alot of companys  jdbukis@... | 08/25/09
Yeah, but are any of those companies named Apple?  NonZealot | 08/26/09
There is NO Malware...  arminw | 08/26/09
FAIL - here's the first:  de-void | 08/26/09
Really?  Jkirk3279 | 08/28/09
correction  shanee25 | 08/27/09
RE: Apple adds malware blocker in Snow Leopard  Loverock Davidson | 08/25/09
There was a time this was true....  James Quinn | 08/25/09
I'm confused...  Badgered | 08/25/09
Simple....  James Quinn | 08/25/09
Silly Jim... When will you learn..?  Wolfie2K3 | 08/25/09
True its the current trend but trends tend to change.  James Quinn | 08/25/09
jim....  Badgered | 08/25/09
That's not what he said...  Metronome49 | 08/26/09
re: not what he said  Badgered | 08/26/09
@badgered  Metronome49 | 08/26/09
@Metronome49  Badgered | 08/26/09
And those would be?  DeusExMachina | 08/26/09
re: And those would be?  rtk | 08/26/09
Princess Leia  DeusExMachina | 08/28/09
 DeusExMachina | 08/28/09
Good, we're making progress  rtk | 08/28/09
Helen of Troy  DeusExMachina | 08/28/09
Not a single Mac damaged???  derekgore | 08/26/09
Good post derekgore!..(nt)  JCitizen | 08/27/09
Market Share  kc117mx | 08/25/09
MS isn't just getting on the anti-malware bandwagon...  PollyProteus | 08/25/09
Nope, you're making leaps of logic off of a cliff  Metronome49 | 08/26/09
re: Leaps of logic  Badgered | 08/26/09
If I remember right  Loverock Davidson | 08/25/09
Yeah and MS the 800 lb gorilla if there has every been  James Quinn | 08/25/09
You DO know that MS has been repeatedly lambasted for ...  de-void | 08/25/09
I'm thinking a fair lawyer could have easily gotten MS  James Quinn | 08/25/09
Talk to Penfield Jackson  rtk | 08/26/09
The DOJ/Anti-Trust people care...  PollyProteus | 08/25/09
So...  maskman01 | 08/25/09
Actually, this was IBM's fault  jorjitop | 08/25/09
FINALLY a grain of truth!  kaninelupus | 08/26/09
Your own trap  DeusExMachina | 08/26/09
"Ahead of the curve" would be the incorrect term here  GuidingLight | 08/25/09
Actually I am referring to the fact hat I have yet  James Quinn | 08/25/09
Realy?  jdbukis@... | 08/25/09
Oh good grief - everyone of my...  JCitizen | 08/25/09
And how long did it take...  kaninelupus | 08/26/09
Psssst  rag@... | 08/26/09
Here's a question  PlayFair | 08/25/09
OS X can't be infected with malware  NonZealot | 08/25/09
Silent Victims  PlayFair | 08/25/09
Yes you are missing something....  James Quinn | 08/25/09
Ermmm ... here's one:  de-void | 08/25/09
I was already aware of these claims...  James Quinn | 08/25/09
Where do you think most Windows malware comes from?  de-void | 08/26/09
I'm disappointed in you, Jim  wolf_z | 08/26/09
Pagan Jim  derekgore | 08/26/09
the sad part is, it's not humor  rtk | 08/25/09
So who was hit by this?  James Quinn | 08/25/09
Jim - If Sophos are reporting it ...  de-void | 08/26/09
The admin password myth  joblak@... | 09/03/09
I can't recall  UsernameRequired | 08/25/09
You didn't get it  NonZealot | 08/25/09
OK, so there's ONE! Let's Say You're in a Country . . .  joeldm | 08/25/09
Windows users would just use their cars...  Sleeper Service | 08/26/09
Apple adds malware blocker in Snow Leopard  jjharriss | 08/26/09
This is preventive care  Metronome49 | 08/26/09
faulty logic  rtk | 08/26/09
Meh... no  Metronome49 | 08/27/09
Hahaha, that one was good NZ  Metronome49 | 08/26/09
Activity Monitor  davebarnes | 08/25/09
@davebarnes  PlayFair | 08/25/09
Not to mention the several UNIX utilities available via terminal  DeusExMachina | 08/26/09
Re: here's a question  Rick_from_BC | 08/25/09
Here's an Answer !  Jkirk3279 | 08/28/09
@James Quinn  PlayFair | 08/25/09
Does windows not use MAC anymore?  Rick_K | 08/25/09
Rick, two completely different zip codes...  mgp3 | 08/25/09
Again I was aware of this.....  James Quinn | 08/25/09
Money to be made  chromeronin | 08/25/09
Re: Apple malware?  kc117mx | 08/25/09
Yeah...  Eleutherios | 08/25/09
I would think a malware blocker..  JCitizen | 08/26/09
Application vectors  DeusExMachina | 08/26/09
Thank you very much DeusExMachine..  JCitizen | 08/27/09
For the record  DeusExMachina | 08/28/09
Much appreciated!...  JCitizen | 08/29/09
RE: Apple adds malware blocker in Snow Leopard  chromeronin | 08/25/09
Precisely...  JCitizen | 08/26/09
RE: Apple adds malware blocker in Snow Leopard  chromeronin | 08/25/09
Uh, no  bdegrande | 08/25/09
Virus denier  tonymcs@... | 08/25/09
List?  Eleutherios | 08/25/09
or limewire, or ect., ect.....(nt)  JCitizen | 08/26/09
Here's one right off the bat  kaninelupus | 08/26/09
You're not reading  Metronome49 | 08/26/09
I sincerely hope they did hire a third party for this  baileysc | 08/25/09
If...  Eleutherios | 08/25/09
Just giving them a taste....  kaninelupus | 08/26/09
None? No Virii/Trojans, on Macs?  derekgore | 08/26/09
RE: Apple adds malware blocker in Snow Leopard  ewelch | 08/25/09
Well lets just keep it that way...  JCitizen | 08/26/09
I'm more curious to know if Adobe CS4 suite will work with 10.6  HypnoToad72 | 08/25/09
Nothing is 100% secure from maliciousness ....  BlazingEagle | 08/26/09
RE: Apple adds malware blocker in Snow Leopard  debohun | 08/26/09
You might like this article  NonZealot | 08/26/09
Apple adds App blocker in Snow Leopard  ericesque | 08/26/09
RE: Apple adds malware blocker in Snow Leopard  paul.egan@... | 08/26/09
Whats Up With Apple and Endangered Jungle Cats?  roonster | 08/26/09
Poor Apple - It was Just a Matter of Time  jpr75_z | 08/26/09
Smugness...  Jkirk3279 | 08/28/09
nothing new about advising 'extra protection'  shanee25 | 08/27/09
Nothing new????????  derekgore | 08/31/09
Windows users only read this!  derekgore | 09/01/09
Excellent posts!...(nt)  JCitizen | 09/02/09
JCitizen, were you referring to mine?  derekgore | 09/05/09
Yes!!!!...  JCitizen | 09/05/09
No Problem!  derekgore | 09/06/09
Thanks for the communication...  JCitizen | 09/06/09
You're welcome!  derekgore | 09/07/09
Thanks! and...  JCitizen | 09/07/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline