X

Apple tackles malware threats with XProtect update

Apple has a rudimentary malware scanner called XProtect, which it has updated to address recent malware threats.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
3 min read

In the past week or two, OS X users have seen a couple of new malware threats surface that join the recent MacDefender scams in the small collection of malware that has been developed for OS X. These threats are not very prevalent and do not circumvent the security of OS X, but they do try to take advantage of naive users and trick them into believing they are installing legitimate software.

These type of phishing and Trojan horse attempts are nothing new for PC systems, and to tackle them, Apple introduced its XProtect system in OS X Snow Leopard, which scans newly downloaded files for known malware. After the recent MacDefender fake antivirus scam, Apple updated its XProtect system to receive automatic malware definition updates on a daily basis, and kept up with the MacDefender variants as they were found.

In response to the new PDF-based backdoor Trojan that was found a few days ago, Apple today has released another update to its XProtect system to address this scam and prevent the malware from being run, and will likely issue another update soon to detect the new fake Adobe Flash installer that was uncovered today. If you happen to stumble across and download the malware, OS X will issue you a warning about the file being potentially harmful to your system, and recommend that you remove it from your system.

XProtect Definitions
When looking at the XProtect definitions file, detection for the recent OSX.Revir.A malware has been added to it.

The updates to the XProtect system happen behind the scenes in OS X, so you will not see an indicator of them happening (such as OS X running Software Update); once installed, they will start working automatically so you will not need to restart your system.

While XProtect updates will help detect malware as it is developed, the scanner only checks files as they are downloaded. As a result, if a system has been affected by malware before XProtect has been updated then the system will not detect it, even with the latest malware definition. As a result, in addition to XProtect you might consider installing a good anti-malware utility like VirusBarrier, Sophos, iAntivirus, or the free ClamXav suite, and keep them updated on your system. You do not need to have them scan files at all times, but you can use them to periodically scan your system (especially your Library and Downloads folders).

Beyond malware scanners, the best way to protect against scams is to be smart and know exactly what you are doing with your system, avoid seedy and underground Web sites, and avoid software unless you know exactly where it came from. OS X itself is fairly secure, so scammers have found that it is far easier to get around security by tricking the user than it is to covertly hack through the system's defenses. If a warning message or window pops up that you are not familiar with, there are a couple of things you can do:

  1. Take a screenshot
    Press Option-Command-3 to take a screenshot, which will be placed on your desktop. You can then crop out the warning message and ask people about it, even if it's a matter of posting it on the Apple discussion boards to see if other Mac users have experienced the issue.

  2. Doubt it
    If the warning message asks you to install or update something, quit out of it and check out the software's Web site to see if an update is actually available. Opt to download the update manually instead of relying on your system to install the update.

A last piece of advice is to never trust your Downloads folder. When browsing the Web, if a malware site has set up some sort of automatic download, then malicious files may be dumped into your Downloads folder without you knowing. Therefore, make a habit of regularly cleaning out your Downloads folder, and if there is an item in there you are not familiar with, lean toward removing it immediately rather than opening it to check it out.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.