The Mac Security Blog
A serious worm, that may affect Windows computers, has been getting a great deal of press lately, including a scary segment on the popular TV show 60 Minutes. Many of our customers have been contacting Intego to ask if they are safe. Intego VirusBarrier detects and eradicates the Conficker worm so unwitting Mac users don’t pass it on to Windows-using friends or colleagues, or transfer it to their own Windows installations.
This worm, called Conficker, as well as Downadup and Kido, has infected unknown millions of Windows computers, and is expected to become active on April 1, 2009. For now, researchers are unsure of what the worm may do; it is just sitting on infected computers waiting for instructions. Researchers think it will connect to remote servers and download code and then become virulent.
This worm, which affects Windows computers, has no effect on Mac OS X; at least not yet. Intego’s Virus Monitoring Center is on full alert in case a Mac OS X variant of this worm should appear, but, so far, Mac users are in the clear. However, Mac users who run Windows on their Macs are at the same risk as those running Windows on PCs.
Intego VirusBarrier X4 and X5 with up-to-date virus definitions protect against the Conficker worm and its many variants. For those Mac users who use Windows, Intego VirusBarrier X5 Dual Protection includes solid Windows protection from BitDefender to protect their Windows installation. If a Mac variant of Conficker should surface, Intego will update VirusBarrier’s virus definitions as soon as possible.
Last week, we reported on two zero-day flaws in the latest version of the Firefox web browser. The Mozilla Foundation has released Firefox 3.08, essentially to fix those issues. Described here, the two flaws were rated critical. If you use Firefox, update now to make sure you’re safe.
A number of Mac OS X kernel vulnerabilities have been publicized, according to Information Week. These five vulnerabilities are currently unpatched, and were not shared with Apple before they were published on a hacker web site last week. These vulnerabilities are proof-of-concept flaws that are relatively difficult to exploit, and take advantages of bugs in areas such as a kernel memory leak, and a remote heap overflow. One of the vulnerabilities is “a little under four years old” and affects all versions of Mac OS X from 10.4 on. Intego’s researchers have analyzed the vulnerabilities and are being especially watchful for any malware that may exploit them, but, for now, has not found anything in the wild.
Only two days left to get one-time-only savings on selected Intego software! Through March 31, 2009, and only from the Intego web site, a number of Intego’s single-user programs will be on sale at the incredible price of $19 each (€19, £19 or ¥1919; applicable currency depends on the location of the purchaser). Save up to 60%!
Code to attack the Firefox browser was published on several web sites yesterday, prompting the Mozilla Foundation to announce that they will issue a bug fix as part of the version 3.0.8 release of the browser next week. The vulnerability, described as a XSL Parsing ‘root’ XML Tag Remote Memory Corruption Vulnerability, is considered critical by Firefox developers. As Macworld says, “By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim’s system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years.”
We have reported here about two scareware programs that target the Mac: Macsweepr and iMunizator, both of which are “rogue” security programs that claim to clean malware from your Mac while actually performing some nefarious tasks. The BBC has published an article about scareware, explaining how the evil-doers behind this software manage to ensnare their victims.
Using advanced search engine optimization techniques (tricks that get certain web sites to appear as top results on search engines), and running bogus “scans” on computers, and telling potential victims are infected, they manage to trap enough users to make as much as $10,000 a day. Two groups of “hi-tech criminals” work together: “One group compromises webpages and injects them with popular search terms, the other sells the fake security software.” The former use popular search keywords to try and trap people into visiting websites, which then tell users that their computers are infected.
One researcher “got access to the web-based systems that one group of ‘scareware’ peddlers used to manage their search engine campaigns.
It found that, over a 16-day period, more than 1.8m people were re-directed to the sites pushing the ‘scareware’. Of those visiting the sites 7-12% installed the fake software and 1.79% paid $50 for it.”
This adds up to a lot of money, and, especially, nets users nothing but problems. We’ve said it here before, but it’s worth repeating: computer security is too serious an issue to trust companies who just happen to pop up in your search results. Trust a brand, like Intego, with more than ten years of experience, and who is a specialist in Mac security software.