New Mac backdoor Trojan horse discovered
April 19, 2010 by admin
Filed under Security News
Pinhead or HellRTS? What’s in a name?
Mac malware is making the headlines again – this time in the form of a remote access trojan which has been given the name OSX/HellRTS.D by French security firm Intego.
The folks at Intego blogged about the new Mac threat they discovered, which when run on a Mac OS X computer can allow remote hackers to gain access.
Users of Sophos Anti-Virus for Mac are protected, as we detect the malware as OSX/Pinhead-B, but presently it looks like this is not considered a serious threat and we have received no reports of infections from customers.
It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installingt the malicious code on their computers.
As always, be careful about the origin of applications you run on your computer, and keep your protection up-to-date. As many Mac users do not presently run any anti-virus software at all, they could be considered a soft target for more attacks like this in the future.
There’s a lot less malicious software for Mac computers than Windows PCs, but the fact that so many Mac owners don’t take security seriously enough might encourage an increasing amount of crime on their platform going forward.
By Graham Cluley, Sophos
Windows and Mac users urged to update Safari
March 12, 2010 by admin
Filed under Security News
Apple has released version 4.0.5 of its Safari browser, fixing a number of issues with its browser for Windows and Mac OS X including – most importantly – a grand total of 16 security vulnerabilities.
If you dilly-dally over updating your computer, it’s possible that hackers could exploit the security bugs – including some that could mean that simply visiting a webpage with a maliciously crafted image could lead to malicious code being automatically run on your computer.
Interestingly, one of the bugs (CVE-2009-2285) fixed in Safari 4.0.5 was announced and patched in Mac OS X 10.6.2 back in December 2009, and in Mac OS X 10.5 since January, meaning that Windows users of Safari have been vulnerable for over two months to the way their browser handles booby-trapped TIFF images.
But it doesn’t matter whether you own a Mac or PC, if you run Safari the message is clear: It’s time to update your browser and ensure that you are protected against hackers exploiting the security holes detailed in the security advisory on Apple’s website.
Safari users should practise safe computing, and update their systems as soon as possible.
By Graham Cluley, Sophos
