When it is always said that Mac operating system is hard to be attacked by viruses, any rare attack would make the news sensational. F-Secure recently found one such trojan which could stop all the defenses in the Mac OS X Lion. Yesterday F-Secure said that they found a mutated version of the Trojan which was aiming to incapacitate the Anti-malware function of the Mac OS X Lion and make the mac vulnerable to any future virus and malware attacks.
The analysis found that Trojan-Downloader:OSX/Flashback.C could disable the automatic updater component of the XProtect [XProtect is the built-in anti-malware program that Mac OS X Lion comes with] and one such similar file in the past was seen with “A” code in the end instead of “C” and that component acted as a flash player installer. The disabling of the automatic updates would later stop the updating of the XProtect and so the attack vulnerability increases as the program won’t be able to identify a component as a safe file or a risky one.
In their blog post, F-Secure said –
“Attempting to disable system defences is a very common tactic for malware – and built-in defences are naturally going to be the first target on any computing platform,”
Flashback.C works by decrypting the .plist file and binary paths of XProtectUpdater hardcoded in its body. The malware then drops the XProtectUpdater daemon, enabling the malware to overwrite both files with a specified character.
To keep the Mac OS X Lion, F-Secure suggests the Mac users to run the virus and malware scans for the particular file named Flashback.C and remove it, if found or it could cause potential threats later on. Apart from the scanning, it is also advised to check about the updates for the Mac OS X Lion security.
Here are a few alternative Antivirus programs for Mac, for those who want to stay safer –
- Sophos Antivirus for Mac
- Norton Antivirus for Mac
- ClamXav Antivirus for Mac – [Review]
- VirusBarrier Antivirus for Mac
- Avast Antivirus for Mac
- iAntivirus for Mac