Alert

NEWS - June 02, 2011

Apple to malware authors: Tag, you're It!

Last night the malware authors behind the Mac Guard fake anti-virus changed their methods again to bypass the updates Apple released yesterday afternoon to protect OS X Snow Leopard users.

Apple fired back shortly after 2 p.m. Pacific Daylight Time today with a new update to XProtect. Computers that have Apple update 2011-003 for Snow Leopard now check for updates every 24 hours. [Screenshot]

As the cat-and-mouse game continues it will be interesting to see how the attackers proceed. The major change to bypass Apple's detection yesterday was to use a small downloader program to do the initial infection, then have that program retrieve the actual malware payload.

This approach may be successful as it will be easier for the malware authors to continually make small changes to the downloader program to evade detection while leaving the fake anti-virus program largely unchanged.

Continued : http://nakedsecurity.sophos.com/2011/06/02/apple-to-malware-authors-tag-youre-it/
Discussion is locked
Follow
Reply to: NEWS - June 02, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - June 02, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments

CNET Forums