Apple's Snow Leopard OS may include malware protection
Mac OS X Snow Leopard, Apple's next major operating system upgrade scheduled to be released tomorrow, supposedly includes rudimentary malware protection, warning users that downloaded files may contain trojans. According to reports, the malware detection in the latest beta only checks for two trojans; RSPlug and iServices.
Originally discovered at the end of 2007, the
OSX.RSPlug.A trojan, disguises itself as a video codec and redirects DNS entries to a server controlled by the malware authors. The manipulated DNS entries then redirect browsers to phishing websites for eBay, PayPal and various banks. It also creates a cronjob that checks these settings once a minute and resets them if they have been changed.
At the beginning of 2009, many users downloading and installing copies of iWork 09, Apple's office suite, off of BitTorrent were infected with the
OSX.Trojan.iServices.A, which connects to a remote server, possibly providing attackers remote access to a users system and downloading additional components to the infected Mac.
As with most anti-malware software, Apple can easily update and add further signatures through its built-in automatic update tool included with the OS. In its current form, the malware protection only seems to scan files downloaded from the Safari web browser, or files received via Mail.app or the iChat messaging application. It doesn't appear to be able to scan files on hard drives.
- Mac trojan in video codec used on porn websites, a report from The H.
- Copies of iWork 09 from BitTorrent may contain trojan, a report from The H.