We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

How does your Mac NOT protect you?

Posted on October 25th, 2013 at 11:33 AM EDT

I spend a lot of time telling people about how their Mac protect them from malware. I have even written an entire section on the topic in my Mac Malware Guide. So it may be a bit surprising that I seem to be suddenly turning around and saying the opposite.  That’s not the case, though. The Mac still protects you just as I have said… but it’s also important to keep in mind where the holes in those defenses are. Just as a house isn’t secure if the owner is unaware that the back door is unlocked, neither is a Mac safe if the owner isn’t aware of the holes in its security.
Read the rest of this entry »


What is Gatekeeper?

Posted on March 18th, 2013 at 12:57 PM EDT

With the recent news coverage of the Pintsized malware, which infected high-profile targets like Facebook, Apple and Microsoft, much has been said in passing about Gatekeeper. Specifically, a number of news reports have mentioned how Pintsized was able to get past Gatekeeper. Unfortunately, these reports have mentioned this fact without any real understanding of what it means, and this has left many Mac users concerned. Although there is an important message hidden in that information, it’s not as dire as it sounds in a news blurb. So, what exactly is Gatekeeper, and what do we need to know about it?
Read the rest of this entry »


New variant of Imuler trojan discovered

Posted on September 23rd, 2012 at 5:08 PM EDT

Intego announced the discovery of a new variant of the Imuler trojan on Friday. It is being sent to Tibetan activists via e-mail, much like other recent trojans. The details can be found on their blog, though sensitive eyes should be warned that that page contains some obfuscated profanity found in the e-mail message.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

New variant of Revir/Imuler

Posted on March 15th, 2012 at 4:05 PM EDT

Intego has announced the discovery of a new version of the Revir/Imuler trojan today.  It looks like the trojan is now using the trick of disguising itself as naughty pictures, rather than a PDF file as previous variants did.  However, as per their usual behavior, there is some important information that Intego never mentions in their blog post.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Flashback targets XProtect

Posted on October 20th, 2011 at 9:51 AM EDT

Security firm F-Secure reported yesterday on a new variant of Flashback that targets the built-in malware protection in Mac OS X.  Apparently, this variant deletes and overwrites the XProtectUpdater process, which is responsible for keeping the XProtect malware definitions up-to-date.  This means that, if you get infected, repairing the damage becomes more difficult.  Even if you remove the malware, XProtect will have been crippled, making it easier for you to be infected by other malware in the future.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Apple releases security update for MacDefender

Posted on May 31st, 2011 at 7:22 PM EDT

Apple released Security Update 2011-003 today, addressing the MacDefender issue.  According to Apple’s documentation on this update, there are three basic additions to assist in dealing with the MacDefender outbreak.  Before reading further, it may be worthwhile to read my Mac Virus Guide, to understand some of the fundamental ideas involved, and Apple’s own document on quarantine.

Read the rest of this entry »

1 Comment

Apple responds to MacDefender

Posted on May 24th, 2011 at 9:27 PM EDT

Apple posted their own support document today, titled How to avoid or remove Mac Defender malware, in which they describe how to respond to this malware.  Their removal instructions are essentially identical to what I’ve outlined in Identifying and removing MacDefender trojans, which should be reassuring to those who have followed my guidelines.  Even more reassuring is the fact that the article refers to a soon-to-come software update to help combat MacDefender and its variants.  Whether this will come in the form of another update to Quarantine or whether they plan to develop a different response to this particular threat is something that only time will tell.  Regardless, this promise of action should ease users’ minds, especially in the wake of rumors that Apple support techs have been told not to handle MacDefender issues, though some may criticize Apple for not taking swifter action.

This post is more than 30 days old and has been locked. No further comments are allowed.