Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Mac’ Category




    The mass appeal of Apple products is undeniable. Every product or software release is often anticipated and greeted with much fanfare. Its latest release, the OS X Mountain Lion, is no exception. Although the software has yet to be released, there have already been articles written about its features. One of the more-touted features of Mountain Lion is Gatekeeper, a whitelisting approach that helps users from downloading bad apps. This feature restricts whether applications can run based solely on where they ...




    After tricking users into viewing ads through a Facebook scam, cybercriminals are again capitalizing on Steve Jobs's death through malicious spam. We were able to find spam that contain the text, "Steve Jobs Alive" or "Steve Jobs Not Dead." Another Steve Jobs-related spam we saw was written in Portuguese, which includes a short text about his death: The text in the message above roughly translates to the following: Subject: Creator of Steve Jobs of Apple's Mac, iPod and iPad dies Steve Jobs, died of cancer ...




    The current wave of Mac OS X FAKEAV infections follows a three-step process. To those familiar with Windows-based FAKEAV variants, the pattern in this infection chain will be quite familiar. Displays a "scanning page" from poisoned Google searches. Prompts the user to download a .ZIP file that contains a .PKG installer. This installer installs a downloader. The downloader downloads another .ZIP file that contains the actual FAKEAV .APP file. In step 2, the downloaded installer package (.PKG file) contains two notable files: The downloader binary A .PNG file The downloader binary is responsible for ...




    For some years now, FAKEAV variants have been plaguing Windows-based systems. Recently, this malware type has entered the Mac OS X scene. As with Windows-based FAKEAV variants, poisoned search terms are the most common infection Mac FAKEAV vectors. Take, for example, the following poisoned search result: Accessing the website while using a Mac will directly lead the user to the following page:




    The recently reported malware attacks against Mac users prompted Apple to release a security update. We did initial analyses of both the FAKEAV for Macs as well as the latest Apple security update in our previous blog entry. I've extracted the version of XProtect.plist (Apple's pattern file) to dig deeper into what's inside it. The Property List (.PLIST) file type is an .XML file that uses Apple's plist document type definition (DTD). .PLIST file types are standard parts of Apple's ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice