XProtect

Following news of the new adware Web plug-in Trojan found to be affecting OS X systems, Apple has released an XProtect malware definitions update to protect anyone who stumbles across it.

The Trojan, called Yontoo, is initially disguised as a media player or download manager plug-in and distributed on underground file-sharing and movie trailer Web sites. When installed it pretends to be a player called Twit Tube but installs the Yontoo plug-in. This plug-in will work in all Web browsers to track your browsing behaviors and then present ads on legitimate Web sites.

Unlike other malware that can hide itself … Read more

Apple's XProtect system (aka File Quarantine) in OS X is a rudimentary anti-malware scanner that will perform a quick check on downloaded files to make sure they do not contain known malware, and will block any versions of Web plug-ins like Java and Flash that have known vulnerabilities.

XProtect runs in the background with no interaction with the user, which is convenient, but it does mean that when it gets updated, users may find themselves unexpectedly unable to access some Web content. Even though quickly updating plug-ins should get you around this inconvenience, it may be useful to know … Read more

When Apple updates its XProtect anti-malware system in OS X with new definitions, it often means a new or updated threat has been found for OS X.

Earlier this morning, Apple issued an update to XProtect, which now includes a new definition for a malware package called "OSX.eicar.com.i," that comes from Eicar.com. This update suggests the new definitions are for a novel malware package, but this is not so with this latest update.

"Eicar" stands for the European Institute for Computer Antivirus Research, which is a group that investigates malware and security … Read more

Early this morning Apple issued an update to its XProtect malware-handling system in OS X that updates the Web plug-in blacklist to include a more recent version of Oracle's Java plug-in. The update now will prevent all versions of the Java Web plug-in before version 1.7.11.22 from running on the system (previously the limit was version 1.7.10.19).

This change was likely made because of a recent security issue in the prior version of the Java 7 runtime that affected JRE 7 Update 10 and earlier. A patch for this was issued by Oracle … Read more

As with many modern operating systems, OS X is relatively difficult to infect with self-propagating malware attacks like viruses or worms, so malware developers have resorted to social engineering and trickery, with Trojan horse programs being the main mode of attack on home computer systems.

A Trojan horse is a piece of maliciously crafted software that is disguised as a legitimate software package, but which when installed by an unsuspecting user will corrupt files, break down system security measures, or send personal information to external servers among other malicious activity.

Malware generally is distributed via underground Web sites, though in … Read more

In the past week or two, OS X users have seen a couple of new malware threats surface that join the recent MacDefender scams in the small collection of malware that has been developed for OS X. These threats are not very prevalent and do not circumvent the security of OS X, but they do try to take advantage of naive users and trick them into believing they are installing legitimate software.

These type of phishing and Trojan horse attempts are nothing new for PC systems, and to tackle them, Apple introduced its XProtect system in OS X Snow Leopard, … Read more

If you monitor the virus definitions from antivirus developers like Sophos, McAfee, or Norton, you will see numerous new definitions for worms, trojans, viruses, and other malware being released daily. However, if you look at all of these, the vast majority of them are for Windows systems. On the rare occasion that one trickles through that targets Mac users, the whole community seems to turn upside down, and ring major warning bells that blow the situation a bit out of proportion.

Everyone is responsible for this, but given the rarity of malware on Mac systems it is news to the … Read more

Apple's latest security update implements new malware definitions for Apple's XProtect feature to notify users if they have downloaded or installed the latest malware scams that target OS X users. In addition to locating and removing these threats, Apple has implemented a method to keep the malware definitions updated on a daily basis so users do not have to keep installing security updates to address these threats. While users can wait a day to have the system update the malware definitions, there are a couple of other options people can do to force an update to the malware … Read more