Snow Leopard Malware Blocker Left for Dead
One of the many "stealth" updates in Apple’s Mac OS X 10.6 Snow Leopard release last year was the operating system's first integrated malware blocker. The utility scans downloaded files for malware, which is increasingly becoming an issue on the Mac platform. According to a security blog, however, Apple has not updated the utility's signature database in months.
Threat Post is the blog of Kaspersky Lab bills itself as "the world’s largest privately held anti-malware company." In a post this week
, researcher Ryan Naraine wrote that Apple has not updated the OS X Snow Leopard malware blocker for six months. Naraine says that there are no new anti-malware signature updates to the XProtect.plist file that contained antidotes for OSX.RSPlug.A and OSX.Iservice, two Trojan horses targeting Mac OS X.
Trojans like RSPlug.A are a new class of DNSChanger malware to appear on the Mac, largely through downloads of pirate software. DNSChangers modify the Mac’s DNS server and allow redirects of innocuous web requests, leading users to phishing web sites, or to web pages displaying ads for pornographic web sites. In the first case, users who think they are on legitimate sites may unthinkingly enter a user name and password, a credit card, or an account number. The redirected ads are probably just another way to get people to download porn, which continues to be one of the most lucrative industries on the internet.
Naraine also notes that the currently available version of the blocker is also "rudimentary," only scanning downloads from certain applications like Safari, Firefox, iChat, and Mail. Apple continues to recommend users install a third-party malware blocker as security threats to Macs increase.
image via Wired