Apple's XProtect updates are lagging behind threats
Apple has included detection of the Flashback.B trojan in a current update for its XProtect (File Quarantine) malware protection feature, however the trojan has been known about for over a month. By contrast, when the MacDefender Mac scareware was making the rounds back in June, Apple was very quick to update the signatures for detecting individual variants. XProtect warns users when they try to download a file that is known to be malicious.
However, referring to a report by AV specialists Intego, CNet says that the new XProtect update is unlikely to provide any protection against the far more dangerous Flashback.C variant. According to the report, the trojan has undergone a number of mutations since its initial release.
Rather than exploiting a Mac OS X security hole to intrude into systems, Flashback.C relies on users' gullibility. It masquerades as an Adobe Flash installer and will disable XProtect once it has been installed, after which it downloads further files from a server. The best protection for Mac users continues to be a healthy sense of mistrust, and the refusal to accept Flash installers and alleged video players that are offered on dubious web pages.
(ehe)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
