In association with heise online

21 June 2010, 13:19

Apple expands malware protection on Mac OS X

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Snow Leopard In the last update for Mac OS X 10.6.4 Apple has added another entry to its malware list. The system now displays a pop-up warning message if users attempt to launch a downloaded HellRTS (a.k.a. OSX/Pinhead-B) trojan.

Last August, the software vendor added rudimentary malware protection to its latest Snow Leopard operating system. Since then, the two known Mac trojans – RSPlug and iWorkService – trigger warning messages when they are downloaded and opened in Safari, Mail, iChat, Firefox or Thundebird. This seems trivial when compared to Windows systems were the number of malware signatures is generally in the millions, with new ones added every hour.

According to Sophos, HellRTS has been in very limited circulation since April, sometimes disguised as iPhoto. Once installed, the trojan opens a backdoor on the infected computer and waits for incoming connections. According to the XProtect list, HellRTS can be identified by the components rbframework.dylib and RBShell.rbx_0.129.dylib, among others.

Mac OS X does not include a function to scan hard drives, which means that the system will not find an infection in this way. Rather, the attribute is added to downloaded programs so that they are scanned by XProtect when opened with Launch Services, which prevents contaminants listed in XProtect.plist from being executed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit