Posted by: David Harley | February 14, 2012

Flashbacks East of Java and Not-Malware

Just a couple of short items:

1) Intego have reported a variant of OSX/Flashback with a somewhat novel approach to executing without needing the intervention of the Mac user. This variant has two Java vulnerabilities in its toolbag: if it’s able to use one of them, it can install without any input from the user. If Java is up-to-date, this won’t work, so the malware then reverts to social engineering: it asks permission to install using a self-signed certificate passing itself off as having been issued by Apple.  The gang has kept putting pressure on Apple itself with a series of variants and fairly new techniques (for OSX) like disabling XProtect.

2) And one of my occasional articles for Infosecurity Magazine has just gone up: Malware: a Matter of Definition. It follows up on an excellent piece by Kurt Wismer asking some tough questions about what Apple and the AV industry mean when they say there is no iOS malware, and the contentious issue of the fuzzy borders between malware, riskware, PUAs, PUPs, and PUS. If those acronyms don’t mean anything to you, the article will give you a starting point: they may be largely a Windows issue at the moment, but AV’s problems with threats of litigation and other harassment from purveyors of nuisanceware are leaking onto other platforms where raw malware gets a much tougher time.

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: