mac-talks.com

Mac users are being urged to "wake up" and realize that malware is a growing problem for Mac OS X.

Think your Mac’s safe now that you’ve removed that Flashback infection? Think again. New research conducted by security specialists Sophos has revealed a “disturbingly high level” of Macs are currently carrying malware, though much of it is designed to attack Windows machines.

Of the 100,000 Macs that Sophos analyzed, one in five was found to be carrying Windows malware, while one in 36 was carrying malware designed for and dangerous to Mac OS X.Sophos used a snapshot of 100,000 Macs running its free antivirus software and found that one in five machines was carrying one or more instances of Windows malware. While the malware cannot have any affect of Mac OS X, it can be spread, and it can affect your system if you choose to run Windows inside your Mac.

2.7% of those machines were found to be carrying Mac OS X malware. That doesn’t sound like a lot, until you realize it’s accounts for one in 36 machines, which is alarming. Graham Cluley, senior technology consultant at Sophos, is urging Mac users to “wake up” and realize that malware is a growing problem for the Mac:

Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered. Mac users need a wake-up call about the growing malware problem.

The Flashback infection, which has been in the news a lot recently after it was found to be infecting more than 600,000 Macs, is at the top of the charts when it comes to Mac malware threats:

1. OSX/Flshplyr 75.1% 2. OSX/FakeAV 17.8% 3. OSX/RSPlug 5.5% 4. OSX/Jahlav 1.2% 5. Other 0.4%

So how do you pick up these infections? Well, you can get them from infected USB sticks, email attachments, files you download from the web, or from what Sophos describes as a “drive-by installation,” whereby the malware is installed onto a Mac without its user’s knowledge.

Cluley explains that Mac users are seen as a “soft target” because of the common misconception that Macs are immune to malware, and that they don’t need antivirus software:

Cybercriminals view Macs as a soft target, because their owners don’t typically run anti-virus software and are thought to have a higher level of disposable income than the typical Windows user. Mac users must protect their computers now or risk making the malware problem on Macs as big as the problem on PCs.

The top Windows malware discovered on Macs includes:

1. Mal/Bredo 12.2% 2. Mal/Phish 7.4% 3. Mal/FakeAV 3.8% 4. Troj/ObfJS 3.6% 5. Mal/ASFDldr 3.3% 6. Troj/Invo 3.0% 7. Troj/Wimad 2.6% 8. Mal/Iframe 1.5% 9. Mal/JavaGen 1.4% 10. Other 61.2%

Some of this malware dates back to 2007, and Sophos insists that much of it wouldn’t be around if users had installed an antivirus product sooner. ”The simple fact is that you can scan your Mac for infection from your armchair,” Cluley said. “The test is painless and free; you just download an anti-virus product and allow it to check your computer and protect it against infections in the future.”

I know what I’ll be doing this evening.

[via The Next Web]

From 9to5Toys.com:

MacUpdate has Little Snitch for half off – $14.99 – today only.

Little Snitch alerts you to outgoing network connections.

A firewall protects your computer against unwanted guests from the Internet. But who protects your private data from being sent out? Little Snitch does!

As soon as you’re connected to the Internet, applications can potentially send whatever information they want to wherever they want.

Sometimes they do this for good reason, on your explicit request. But often they don’t. Little Snitch allows you to intercept these unwanted connection attempts, and lets you decide how to proceed.

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Remember, we’re also giving Toast 11 Platinum along with 8 other quality Mac Applications for $49 as part of the Superbundle deal..

Dropbox announced a new feature today that will let you easily share a link directly to your content stored in the service. Just click the new “Get link” icon next to files in your Dropbox online or in the iOS app—or right click, and then select “Get link” for files in Finder. The content will be accessible from new gallery pages.

Anyone with the link gets access to a snazzy page where they can view (but not edit) your stuff. Our gallery pages give your photos, videos, and even docs the gorgeous, full-browser view they deserve. This means that people who follow your link can see pictures, look at presentations, and watch home videos without having to download and open them separately.

As of yesterday, security company Symantec released a statement claiming there were still 140,000 Macs infected from the recent Flashback malware outbreak that originally infected an estimated 600,000 Mac users. That was despite Apple issuing a Java security update to remove the malware. Today, security researchers from Kaspersky said during a press conference (via Ars Technica) they estimate infections have dropped to 30,000, while warning more “mass-malware” on OS X is on the way:

“Market share brings attacker motivation… Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

Kaspersky also clarified that much of the Flashback infections were spread through trusted WordPress sites that have been hijacked rather than through malicious downloaded files as many assume. Ars explained:

It’s worth noting that Kaspersky says the latest Flashback infection was spread via hijacked WordPress sites thanks to a vulnerability in the blog software. This means that trusted blogs visited by Mac users could have been used to spread the infection, debunking the myth that infections only happen by visiting shady websites or opening unidentified files.

Not surprisingly Kaspersky is recommending security software as a necessity for Mac users going forward. The security firm did note that the introduction of Apple’s new Gatekeeper utility in Mountain Lion this summer, which allows tighter control over the sources of downloaded content, will provide added security to users. Apple hasn’t yet responded to Kaspersky’s statements.

Related articles

• Flashback malware still on 140,000 Macs, despite Apple’s fix (9to5mac.com)

Just another reason why you should avoid installing Microsoft software on your Mac.

With the Flashback trojan now threatened by extinction thanks to Apple’s new removal tool, it’s time to turn our attention to another threat. A vulnerability in Microsoft Office is allowing the “Backdoor.OSX.SabPub.a” trojan to infect systems running Mac OS X and use a Java exploit to avoid detection from anti-malware products

Once on your system, the trojan can feed back screenshots of your system and execute commands.

Kaspersky’s Costin Raiu says the trojan is already a month old, and it connects to a remote server based in California to receive its instructions. It uses a Java exploit by the name of “Exploit.Java.CVE-2012-0507.bf” in an effort to avoid detection from anti-malware products.

While it’s currently unclear how exactly this trojan is infecting Macs, Raiu says that some reports suggest the trojan is spread via emails that include links to the malware, in addition to infected Office documents. He also states that the trojan is in its “active stage,” and confirmed that it was able to take control of a “goat” machine operating by Kaspersky before searching for documents.

Raiu believes the exploit may be part of the same Pro-Tibetan campaign that spawned malware like “LuckyCat,” which also used infected documents to control machines:

The timing of the discovery of this backdoor is interesting because in March, several reports pointed to Pro-Tibetan targeted attacks against Mac OS X users. The malware does not appear to be similar to the one used in these attacks, though it is possible that it was part of the same or other similar campaigns.

Kaspersky promises that it will continue its research into this malware and recommends that Mac users take the usual precautions to ensure that their machine is safe. That includes keeping your machine and its software up to date, not installing software you didn’t specifically download, and using a good security solution.

[via The Register]

The Flash Player 11.3 beta brings improved support for the Mac App Store, support for older graphics cards, and more.

Installing Flash Player on a Mac is a surefire way to ensuring all of your processing power and RAM is maxed out on a frequent basis. Whether you’re watching a video on YouTube or playing a simple puzzle game, the second Flash begins to load your system becomes an unstable mess.

Unfortunately, a lot of sites still insist on using Flash content, so you’re forced to install it or put up with a half-baked worldwide web. But it’s good to know Adobe is still hard at work on improving the experience. The company has just released the first Flash Player 11.3 beta for Mac OS X, which features all sorts of enhancements and tweaks.

Flash Player 11.3, version 11.3.300.214, brings a new backgrounder updater to the Mac, which means you’ll no longer have to download updates manually.  Adobe also claims that it has “relaxed” the driver gating hardware acceleration to 2006, which could mean older graphics cards and chipsets, like the Intel GMA 950, will now support hardware acceleration.

There are also improvements to mouse control, the introduction of texture streaming, and improved support for the Mac App Store.

For developers, there are a number of enhancements to Adobe AIR Mobile, including screen DPI support for the new iPad’s Retina display, ADT support for the new 144×144 icons added in AIR 3.3, and more.

The beta requires Mac OS X 10.6.8 or later, and it’s compatible with Safari 5, Firefox 4 and above, and all versions of Google Chrome and Opera 11. You can download it from MacUpdate.

[via Electronista]

Forget confusing Terminal commands; Flashback Checker is the quickest and easiest way to detect the Flashback trojan.

The infamous Flashback trojan has now infected more than 600,000 Macs worldwide. Apple has issues two Java updates in an effort to patch the vulnerability in Mac OS X, but unfortunately for some, it was just too late.

We’ve already published instructions on how to see if you’re Mac’s infected by using Terminal commands, but there is an easier way. FlashbackChecker is a simple piece of software that will quickly tell you whether or not your Mac is infected.

All you need to do is download the FlashbackChecker from Github, unzip the package, and open the application. Then click the “Check for Flashback Infection” button and let the software do its thing.

It literally takes seconds to find out whether your Mac’s at risk. If you’re see the “No Signs of infection were found” message, then there’s no need to worry.

But if you’re one of the unlucky ones who gets a “Potential Issue found” message, you can do something about it by using F-Secure’s guide to removing Flashback malware.

[via OS X Daily]

Earlier this week, Apple released a Java security update, 2012-001, to patch the Flashback vulnerability that a security company claims affected 600,000 Macs.

Late this evening, we are getting reports from readers that a new version of the Java update is becoming available via Software Update.

.

The latest update, Java for OS X 2012-002, supersedes the -001 update Apple released earlier this week, and indeed the KB article linked from the -002 update is still the -001 version (below).

Update: Apple sent a note out to its Java Community, below, with the ‘why’ (small issue they are the same but for a few symlinks and version numbers.)

Thanks Jessie!

Java developers,

Today we re-shipped our Java 1.6.0_31 for OS X Lion today to address a critical issue we found in Xcode and the Application Loader tool. This new “Java for OS X 2012-002″ package is effectively identical to “Java for OS X 2012-001″, with the exception of a few symlinks and version numbers.

For the sake of expediency, we have re-rolled the automatic update as our standard full combo updater, with the hope that most users have not yet been presented with 2012-001. We considered creating a delta update for users who already installed 001, but that would have made the process of getting these fixes to you take longer.

We apologize for the inconvenience, and would like to offer our thanks to the developers who caught this issue and reported it to us as quickly as they did. This issue only impacts Lion users, so Snow Leopard users have nothing to reinstall.

Over the next few days, we will catch up with producing updated release notes, tech notes, and developer packages with the revised 002 version numbers.

Manual download links:
Java for OS X 2012-002: <http://support.apple.com/kb/DL1515>
Java for Mac OS X 10.6 Update 7: <http://support.apple.com/kb/DL1516>

Mac OS X hides files in many ways. One way, a holdover from its Unix legacy, is with dot-files. In other words, if a file is named with a period before the file name (.Hiddenfile), that file will not show up in the Finder. One way to show these files is with a Terminal command like this:

defaults write com.apple.Finder AppleShowAllFiles YES

This works all well and fine, but requires a second trip to the Terminal to reverse it (by changing the YES to NO, natch). Today, we’re going to tip you off to an app that does something similar, yet without the need to hop into Terminal.

InvisibliX is a little free utility app that can be downloaded from the developer’s website. On launch, it will ask you to accept or reject it’s BSD licence (you can disable it if you like), so go ahead and accept. Once you do so, a Drop window will appear. You can drag any file into this window and see it’s name, kind and whether it is hidden or locked, like a glorified Get Info command.

The real power here, though is in the menus. Choosing “Browse Hidden Files” from the File menu will bring up a standard open dialog, though with one major difference: all the files Mac OS X hides by default will be visible in that dialog box. Pretty slick, right? But wait, there’s more. Choose “Toggle Finder Invisible Files” in the File menu and all the files that are hidden will become visible in the Finder. Nice!

To reverse it, simply choose the same menu item again. No longer will you be a slave to remembering the Terminal command, or looking it up like I do every single time you want to find a hidden configuration file on your Mac. The app requires at least OS X 10.5 and an Intel Mac.

Find a sweet tip for Mac OS X? Got a troubleshooting issue? Post it in the comments below!

Last week, we showed you how to make Spotlight work faster with a little reindexing trick in System Preferences. Today, we’ll do the same thing, only we’ll use some Terminal magic to make it happen.

As we mentioned then, sometimes the indexing database that Spotlight uses to keep track of where your files are gets corrupted, misplaced, or left on an old hard drive somewhere. Whatever the reason, though, we’re assuming you need to manually re-update. Here’s how.

Launch Terminal, and type or paste the following command:

sudo mdutil -E /

This basically asks for temporary super user status, which is why Terminal may ask you for your password (it may not if you’ve used a sudo command recently or are already logged in as a super user or root. The command asks the unix tool mdutil to reindex the spotlight database for everything on the computer, including external drives, mounted disk images, etc. To re-index only for a specific drive, use the /Volumes path. For example, for an external drive named “MiniMe,” the command would look like this:

sudo mdutil -E /Volumes/MiniMe/

Spotlight will begin to re-index on the spot, so things might get a bit slower, especially if you are using an older Mac and re-indexing the entire filesystem.

[Source:OS X Daily]
[image source: HD Wallpaper]