Posted by: oldmacbloggit | September 29, 2011


Chester Wisniewski ponders the suggestion that the Kelihos takedown and the disabling of the domain means that OS X users are now safe from MacDefender and its ilk. He’s sceptical, pointing out more obvious and practical reasons for the current absence of MacDefender. He’s right, of course. There are no final solutions in this game.

Cybercriminals are like Triffids, or Jurassic Park carnivores: they keep probing till they find a break in the fence, and they’ll keep using it.

I hear from DH that there are reports of multiple variants of the OSX/Flashback Trojan. That’s unsurprising. An approach that doesn’t require an admin password to install has obvious advantages, and changing the binary to hamper detection is trivial, as earlier Mac malware has demonstrated.

Mend the fence to block that way in, and sooner or later they’ll probe elsewhere.  Because we’re still talking about a relatively small population of potential victims, it may be a while before we see the results of that probing, but there are sufficient volumes and varieties of Mac malware to convince me that there is no single chokepoint at which you can block all future attacks.

Old Mac

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: