I’m guessing from the continuing high volume of hits on this blog even while I was happily disconnected from the Internet that people are still looking for information on Flashback, , and related malware issues, so here are some more links and resources that have crossed my radar since I re-entered the loop this evening.
- Symantec has reported another Trojan it calls OSX.Sabpab using the CVE-2012-0507 vulnerability. The risk level is described as very low, and it may be linked to a sample that has been around for several weeks. (HT to Philippe Devallois.)
- Kaspersky’s Costin Raiu has published 10 Simple Tips for Boosting The Security Of Your Mac.
- Simon Edwards has a list of free Flashback detection/removal tools here.
- Apple has supplied a couple of updates that are claimed to remove the most common Flashback variants: HT5243, known to its friends and family as Java for Mac OS X 10.6 Update 8, and HT5242, which is for Lion. Paul Ducklin points out for Sophos that the update for Snow Leopard doesn’t automatically disable Java in Safari, though apparently the Lion update does. He also takes Apple to task for inadequacies in its documentation. He was, however, rather more positive in an earlier blog, commending Apple’s breaking a long-time habit by releasing useful information ahead of the updates, while critical of apologists trying to gloss over Apple’s belated Java patch.
- John Leyden reports on how miscommunication between Apple and the security industry resulted in Apple’s trying to get a domain used by DrWeb to track the botnet. However, it’s worth pointing out that Apple has already learned from that mistake and are communicating with security companies about domains they may be using for sinkholing.
- Curiously, Information Week concludes that Mac users are better off trusting in Apple’s updating rather than “relying on antivirus add-ons”. That would be more convincing if Apple’s updates had been a little more timely.
- And, harking back to an earlier thread, Trend Micro’s Ivor Macalintal has reported on Another Tibetan-Themed Malware Email Campaign Targeting Windows and Macs.
David Harley CITP FBCS CISSP