New NetWeird variants added to XProtect
Published March 28th, 2014 at 9:42 PM EDT , modified March 28th, 2014 at 9:42 PM EDT
Yesterday, I wrote about some new NetWeird trojans that were not detected by XProtect. Less than 36 hours later, XProtect has been updated to version 2047, and now blocks those samples.
I have to give it to Apple’s product security crew this time – they sure moved fast! I’m impressed. However, I’m still intensely curious about how things are working behind the scenes at Apple. Since they were so quick to add a signature for these samples, that suggests that they have no questions about the maliciousness of these apps. In that case, though, why weren’t these added a while ago? After all, one of these samples was submitted to VirusTotal in July 2013, eight months ago.
This suggests that Apple is not searching out these samples on their own. They seem to be relying on others to submit samples to them, rather than taking a more active role. I could be wrong, of course, but certainly it would appear that, at a minimum, they’re not devoting sufficient resources to searching out new malware. I can’t imagine this is a choice being made by the security team; most likely, it’s due to policy or resource limitations imposed from higher up. Again, though, that’s purely speculation.
In any event, Mac users are now that much safer, and hopefully we won’t be seeing further NetWeird infections. For now, at least… as we all know, this is a constant battle between good and evil that is never entirely won, by either side.