Posted by: oldmacbloggit | September 29, 2011

iTriffids…

Chester Wisniewski ponders the suggestion that the Kelihos takedown and the disabling of the cz.cc domain means that OS X users are now safe from MacDefender and its ilk. He’s sceptical, pointing out more obvious and practical reasons for the current absence of MacDefender. He’s right, of course. There are no final solutions in this game.

Cybercriminals are like Triffids, or Jurassic Park carnivores: they keep probing till they find a break in the fence, and they’ll keep using it.

I hear from DH that there are reports of multiple variants of the OSX/Flashback Trojan. That’s unsurprising. An approach that doesn’t require an admin password to install has obvious advantages, and changing the binary to hamper detection is trivial, as earlier Mac malware has demonstrated.

Mend the fence to block that way in, and sooner or later they’ll probe elsewhere.  Because we’re still talking about a relatively small population of potential victims, it may be a while before we see the results of that probing, but there are sufficient volumes and varieties of Mac malware to convince me that there is no single chokepoint at which you can block all future attacks.

Old Mac

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 40 other followers

%d bloggers like this: