Apple updates malware definition list to defend against PDF trojan
Apple has added another entry to its XProtect malware signature list in to defend against a new Mac trojan that masquerades itself as a PDF file. When opened by a user, the malware (OSX/Revir.A) exploits holes in PDF viewers to download and install backdoor software (OSX/Imuler.A); however, once opened, users will only see the document which contains Chinese-language text. According to the security researchers at F-Secure who discovered the trojan, as of 25 September, the backdoor's command and control server was not yet operational.
The company added rudimentary malware protection to its Mac OS X operating system starting with version 10.6 Snow Leopard in August 2009. Also known as File Quarantine, XProtect in Mac OS X does not include hard drive scanning functionality, which means that it will not search existing files for infections. Instead, the attribute
com.apple.quarantine is added to downloaded programs so that they are scanned by XProtect when opened with Launch Services, which prevents contaminants listed in XProtect.plist from being executed.
Meanwhile, according to a report from CNET, a new Mac OS X trojan (OSX/flashback.A) has appeared. The latest trojan masquerades as an Adobe Flash Player installer in hopes that of fooling a user into installing it, similar to another piece of Mac malware from early August.