Apple expands malware protection on Mac OS X
In the last update for Mac OS X 10.6.4 Apple has added another entry to its malware list. The system now displays a pop-up warning message if users attempt to launch a downloaded HellRTS (a.k.a. OSX/Pinhead-B) trojan.
Last August, the software vendor added rudimentary malware protection to its latest Snow Leopard operating system. Since then, the two known Mac trojans – RSPlug and iWorkService – trigger warning messages when they are downloaded and opened in Safari, Mail, iChat, Firefox or Thundebird. This seems trivial when compared to Windows systems were the number of malware signatures is generally in the millions, with new ones added every hour.
According to Sophos, HellRTS has been in very limited circulation since April, sometimes disguised as iPhoto. Once installed, the trojan opens a backdoor on the infected computer and waits for incoming connections. According to the XProtect list, HellRTS can be identified by the components rbframework.dylib and RBShell.rbx_0.129.dylib, among others.
Mac OS X does not include a function to scan hard drives, which means that the system will not find an infection in this way. Rather, the attribute
com.apple.quarantine is added to downloaded programs so that they are scanned by XProtect when opened with Launch Services, which prevents contaminants listed in XProtect.plist from being executed.
- Apple releases Mac OS X 10.6.4 update, a report from The H.
- Apple's Snow Leopard OS may include malware protection, a report from The H.