A new attempt to steal data from Mac users is a bot called DevilRobber. The original version ran embedded in versions of Graphic Converter, but this one only pretends to be PixelMator, and contains none of the legitimate PixelMator code.

This new variant tries to steal and generate Bitcoins as the original did, but it also tries to steal passwords from 1Password (my favorite password utility) and grab system log files and Terminal command history files.

MacFixit has a more complete post here. Please protect yourself by only downloading software from legitimate sources… this and the previous version of DevilRobber are distributed as pirated software. If you download software from reputable sites, such as Download.com or MacUpdate.com, or from the Mac App store, you won’t run the risk of being infected with this trojan.

If you’re concerned about malware on the Mac, I use and recommend Intego Virusbarrier and Little Snitch to protect yourself.

Related posts:

1. “Apple Security Center” malware targets Macs When you’re using your web browser, whether it be Safari,...
2. Dismantling the Trojan Horse (or why MacGuard isn’t a concern) The Other World Computing blog has a great post, with...
3. New Security Update provides more malware protection for Snow Leopard Security Update 2011-003 was released a couple of days ago...

Related posts brought to you by Yet Another Related Posts Plugin.

Apple patched a security vulnerability last week with the iOS 4.3.5 release. Certificate validation vulnerabilities were the issue, while 4.3.4 patched PDF vulnerabilities.

4.3.5 applies to the iPad and iPad2, iPod Touch (generation 3 and 4) and the iPhone 3GS and 4 (GSM). The Verizon iPHone4 will upgrade to iOS 4.2.10.

I highly recommend all security updates, and these can be done by connecting your device to your computer and opening iTunes. Check for updates and follow the prompts.

Related posts:

1. New Security Update provides more malware protection for Snow Leopard Security Update 2011-003 was released a couple of days ago...
2. “Drupal Security Update” phishing scam Emails are being received supposedly from Drupal Security drupal_s@yahoo.com as...

Related posts brought to you by Yet Another Related Posts Plugin.

Technolog has a story from June 9 about email purporting to be from UPS regarding an upcoming delivery, which contains a hidden attached file that can infect computers (PCs, ad far as I know) with malware that could put up a fake anti-virus warning. The idea is to get the user to spend $50 or $100 or whatever to get their computer secure.

It’s a scam. Firstly, if you’re a Mac user, it’s not likely that you’re going to get notifications about malware other than from the Mac OS X 10.6.7 (or later) operating system, or from anti-malware software apps you purchase and install.

UPS says that fraud and misrepresentation of it’s services are a “continuing global issue”. They post fraud protection and virus warnings on their site.

UPS provides an address to forward suspicious email to: fraud@ups.com

Among the ways to tell if a UPS email is fraudulent, the company says:

• Design flaws: Distorted or irregularly sized logos
• Poor grammar: Grammatical errors and excessive use of exclamation points
• Misspellings: Not only incorrectly spelled words, but links to websites that may be modifications or variations of the legitimate www.ups.com website address such as www.unitedparcelservices.com
• Sense of urgency: Alarming messaging requesting immediate action
• Unexpected requests: A request attempting to obtain money, financial information or pesonal information in exchange for the delivery of a package
• Communication gaps: An e-mail that does not provide an alternative method for communicating the requested information (telephone, mail or physical locations).

Related posts:

1. What to do if your email and name were exposed? Macworld’s Christopher Breen wrote an article last week with suggestions...
2. VirusBarrier Plus available at the Mac App Store Intego released a new product to scan both Mac and...
3. Apple patch against MacDefender coming soon Apple issued a support document last night stating that it...

Related posts brought to you by Yet Another Related Posts Plugin.

A “pre-notification” from Adobe announced patches for “critical” security flaws in Adobe Acrobat and Adobe Reader for Mac and Windows. The updates are scheduled to be available tomorrow.

Adobe is planning to release updates for Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available on Tuesday, June 14, 2011.

Affected software versions

• Adobe Reader X (10.0.1) and earlier 10.x versions for Windows
• Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh
• Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 8.2.6 and earlier 8.x versions for Windows and Macintosh
• Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.4.3 and earlier 9.x versions for Windows and Macintosh
• Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and Macintosh

Related posts:

1. New Security Update provides more malware protection for Snow Leopard Security Update 2011-003 was released a couple of days ago...

Related posts brought to you by Yet Another Related Posts Plugin.

 Yesterday (06/06/11) Adobe told the world that the Flash Player bug patched in a release the day before is a risk to Gmail users. Hackers have used it to steal login credentials, which would provide access to email and any other data stored in a Google account.

The patch was an emergency fix, as this was potentially a disasterous vulnerability. This security hole IS being used by crooks who are targeting users by tricking them to click a link in an email message. So far it seems that the attack is on Gmail users specifically, but Adobe says that they are not sure if other Web mail services are at risk or not.

Download the new Flash Player NOW!

The Chrome browser was just updated Sunday, with a patched version of Flash built in. Adobe is providing the patch for other browsers here.

Don’t delay, download the patch immediately if you use webmail. Even if you don’t read your email in a web browser, download the patches, please!

Related posts:

1. What to do if your email and name were exposed? Macworld’s Christopher Breen wrote an article last week with suggestions...
2. “Apple Security Center” malware targets Macs When you’re using your web browser, whether it be Safari,...

Related posts brought to you by Yet Another Related Posts Plugin.

Apple released its security update to protect against MacDefender (or Mac Defender) trojan infection, but now there’s Mac Guard, which does not require a password to install.

It shows up on web pages that pretend to scan for malware, and inform users that they must install software to clean their Mac.

If the “Open safe files” checkbox is checked in Safari or other browser’s preferences, Mac Guard will install and show phoney threat warnings, and will open porn sites on your browser.

The whole point of this malware is to get a user to provide credit card numbers to buy non-existant antivirus software.

It’s important to be aware of the threat of phishing emails and of web sites that supposedly scan and find virus or trojans on your Mac (or PC). These can be quite sophisticated, although they are sometimes absurdly crude. In any case, it’s easy to fall into the trap if we’re not well informed. I’ll continue to post on the subject as more info becomes available.

Be safe out there!

Related posts:

1. New Malware Threat – MACDefender Intego posted an article early this morning with details of...
2. “Apple Security Center” malware targets Macs When you’re using your web browser, whether it be Safari,...
3. Crimekit malware threat The recent success reported by Apple in it’s first quarter...

Related posts brought to you by Yet Another Related Posts Plugin.

Security Update 2011-003 was released a couple of days ago to help protect against malware such as the Mac Defender trojan horse, and to help protect against future malware.

Update! as of today (6/1/11), MacDefender developers have circumvented the detection ability of the current definitions. Browse carefully!

More details on how the new security update works can be found in a Macworld.com article found here.

Snow Leopard has had built-in malware protection since the beginning, but it only had two definitions then, and only four more have been added until now. Apple’s beefed it’s built-in File Quarantine protection to detect the A and B variants of Mac Defender.

Daily definition updates are now possible, without users having to use Software Update to manually download them. Users can opt out by unchecking a box in the Security preference pane labeled “Automatically update safe downloads list”. I do NOT recommend doing this.

Snow Leopard can also remove the Mac Defender trojan if it’s found on your system. Apple says that the OS will look for the trojan, and if it’s found, SL will force it to quit, and will remove any persistent files. It will also fix any changes made to your system, and notify you of it’s removal.

The Mac Defender/Protector trojan is malicious and pernicious. (Those are fun words to use in the same sentence!). If you find yourself redirected to a site that looks like this, close the window immediately, and if you have your browser prefs are set to open “safe” files, follow Apple’s instructions for removing the malware that just installed itself, or tried to. Remember, a web site cannot scan your Mac for malware. It’s a scam, and a vicious one.

Related posts:

1. “Apple Security Center” malware targets Macs When you’re using your web browser, whether it be Safari,...
2. Snow Leopard Font Bug addressed Apple released an update to Mac OS X 10.6.7 to...
3. Crimekit malware threat The recent success reported by Apple in it’s first quarter...

Related posts brought to you by Yet Another Related Posts Plugin.

Apple issued a support document last night stating that it was going to issue a patch that will prevent the MacDefender trojan from reaching our Macs.

I expect the patch to be available in the next few days, so please check Software Update (click the Apple menu in the menu bar, it’s the second item) to download the patch as soon as it’s available.

The document also provides a simple method to remove MacDefender if you’ve inadvertently installed it, by opening Activity Monitor (in the Utilities folder, inside the Applications folder) and entering MacDefender in the search field. Then use the Quit Process button to quit each of the processes, then delete the app from your system and removing login items it created. It’s a fairly easy process.

Content of the Apple Support document follows:

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.

This “anti-virus” software is malware (i.e. malicious software).  Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes.

The most common names for this malware are MacDefender, MacProtector and MacSecurity. 

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware. 

In the meantime, the Resolution section below provides step-by-step instructions on how to avoid or manually remove this malware.

Resolution

How to avoid installing this malware

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.

In some cases, your browser may automatically download and launch the installer for this malicious software.  If this happens, cancel the installation process; do not enter your administrator password.  Delete the installer immediately using the steps below.

1. Go into the Downloads folder or your preferred download location.
2. Drag the installer to the Trash. 
3. Empty the Trash.

How to remove this malware

If the malware has been installed, we recommend the following actions:

• Do not provide your credit card information under any circumstances.
• Use the Removal Steps below.

Removal steps

• Move or close the Scan Window
• Go to the Utilities folder in the Applications folder and launch Activity Monitor  
• Choose All Processes from the pop up menu in the upper right corner of the window
• Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
• Click the Quit Process button in the upper left corner of the window and select Quit
• Quit Activity Monitor application
• Open the Applications folder
• Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
• Drag to Trash, and empty Trash

Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.

• Open System Preferences, select Accounts, then Login Items
• Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
• Click the minus button

Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.

Note: Apple provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site. User should exercise caution any time they are asked to enter sensitive personal information online.
 

Related posts:

1. New Malware Threat – MACDefender Intego posted an article early this morning with details of...
2. Protect yourself from MacDefender There’s been a lot of noise on the ‘net about...
3. “Apple Security Center” malware targets Macs When you’re using your web browser, whether it be Safari,...

Related posts brought to you by Yet Another Related Posts Plugin.

When you’re using your web browser, whether it be Safari, Firefox, Chrome or another browser, you may see an “alert” come up on your monitor warning you of a virus or other malware infection. You’re urged to download a virus protection application immediately.

If you look closely, they almost always are Windows specific. They are also always hoaxes, intended to have you download software that will do something malicious… usually steal information so they can steal money, or to use your computer as a spam-bot, spewing spam emails out without your knowledge.

These slime-balls are now targeting Mac users, with attacks through a page titled “Apple security center” that seems to be running a scan of your Mac, and that will list files that are supposed to be infected… files that are not on your Mac at all.

Legitimate malware scanners on your Mac will not ask you to download or pay for upgrades to do it’s work. If you’re asked to provide passwords, or to click on a link to download a solution from a web page – don’t! A legit application (Not a web page!) may ask to have virus definitions updated, but will not ask for payment or your password.

Reality Check!

There is no way any web site can do a virus or malware scan over the Internet. Any site or page that says you are infected can be ignored, and if you’re concerned, download Intego VirusBarrier Express (free, scans and deals with Mac malware only) or Intego VirusBarrier Plus to scan your Mac ($9.99) from the Mac App Store.

If you’re not using Mac OS X 10.6.4 or later, there are other options available, and you can contact me for more info.

If it’s not a web page…

If you see an alert dialogue box on your Mac, NOT on a web page, pay attention. It could come from a malware scanner you’ve installed. Kaspersky, for example, is available as a download from Comcast… Sophos, Intego, Norton all have malware scanners you may have installed. If so, pay attention!

If you’ve never installed any of these applications, the only other real possibility is that Apple’s XProtect, a rudimentary virus scanner that Apple provides can issue a warning if you try to open a file it finds suspicious.

Are Macs at risk?

OS X is not at risk (currently) from viruses and worms, but there are “trojan horse” risks. These require the user to actually install the malware, usually by clicking on a link to download something, more recently by clicking an image (MacDefender) which will download a file that can open and install bad stuff (the technical term) on your machine.

If you set browser preferences to NOT open “safe” files then you’ll be asked if you want to open any files downloaded. That way, should you click on one of these malicious links, and see an unexpected “do you want to open…” dialogue box, simply select “No”.

Related posts:

1. New Malware Threat – MACDefender Intego posted an article early this morning with details of...
2. VirusBarrier Plus available at the Mac App Store Intego released a new product to scan both Mac and...
3. Malware on Macs? I’ve written more about malware and anti-virus software recently than...

Related posts brought to you by Yet Another Related Posts Plugin.

I’ve written more about malware and anti-virus software recently than in the past 10 years. Partly it’s because I feel it necessary to keep my clients and readers up to speed with any potential threats… and partly because the popularity of the Mac platform in business has raised it’s profile dramatically. This popularity certainly increases the likelihood of increased attacks on Mac OS X installations.

Most current malware is directed at making money, rather than the malicious attacks of the past, where hackers just “wanted to have fun”. Now it’s criminals who want your money, or want to use your computer to send out advertising, etc.

Chron.com’s techblog has a very good article posted May 7, by Doug Silverman. Doug includes links and quotes from various sources to provide a very cogent picture of what the current threat level is, and where it may go in the future.

The availability of a point-and-click software development kit for Mac malware – which goes for about $1,000 – is a new development… It uses the same malware engine driving many of the Windows rogue antispyware attacks, and uses the same techniques. These are effective because they exploit the biggest security flaw: Hapless users who agree to install the malware.

Rather than rehash his work, I’d recommend anyone concerned about security on the Mac platform have a look.

Related posts:

1. Crimekit malware threat The recent success reported by Apple in it’s first quarter...
2. New Malware Threat – MACDefender Intego posted an article early this morning with details of...

Related posts brought to you by Yet Another Related Posts Plugin.