Chester Wisniewski ponders the suggestion that the Kelihos takedown and the disabling of the cz.cc domain means that OS X users are now safe from MacDefender and its ilk. He’s sceptical, pointing out more obvious and practical reasons for the current absence of MacDefender. He’s right, of course. There are no final solutions in this game.
Cybercriminals are like Triffids, or Jurassic Park carnivores: they keep probing till they find a break in the fence, and they’ll keep using it.
I hear from DH that there are reports of multiple variants of the OSX/Flashback Trojan. That’s unsurprising. An approach that doesn’t require an admin password to install has obvious advantages, and changing the binary to hamper detection is trivial, as earlier Mac malware has demonstrated.
Mend the fence to block that way in, and sooner or later they’ll probe elsewhere. Because we’re still talking about a relatively small population of potential victims, it may be a while before we see the results of that probing, but there are sufficient volumes and varieties of Mac malware to convince me that there is no single chokepoint at which you can block all future attacks.