J the Hugget said it was only a matter of time...

Brothers of Briar

Help Support Brothers of Briar:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I'm actually surprised it took as long as it did but now that its here it seems to evolving pretty quickly. It was only a couple weeks ago when reports started surfacing about Mac Defender which used pure social engineering as the exploit, now it's evolved into a drive by install. They also discovered the first "crime kit" for OS X, which makes creating malware a point and click activity... No hacker skills necessary.

It's still in the infantile stage and the attacks are pretty basic but if it continues along this pace expect to see AV evading techniques being employed and them making more use of 0 day exploits as the avenue of infection. They also start employing techniques that make removal very difficult if not impossible buy randomizing the executable names and packages, setting triggers to spawn new processes once one is killed. They are quite ingenious really.

Start making good back ups of your data now and keep your OS media available. Once it gets to that point it's often better to just start with a clean OS installation.
 
Forgot to add Sophos has a free AV solution and I've heard it's pretty good.

I have worked with that company for years and they are probably my favorite endpoint security solutions.
 
jhuggett":5hne7x17 said:
It's still in the infantile stage and the attacks are pretty basic but if it continues along this pace expect to see AV evading techniques being employed and them making more use of 0 day exploits as the avenue of infection. They also start employing techniques that make removal very difficult if not impossible buy randomizing the executable names and packages, setting triggers to spawn new processes once one is killed. They are quite ingenious really.
Click to expand...
You be right again, j:

http://www.appleinsider.com/articles/11/06/01/mac_defender_variant_quickly_thwarts_apples_mac_os_x_security_update.html
 
That's the problem with definition based malware detection. They will have to start using behavior based host intrusion detection techniques as well if they plan on keeping their heads above water. Unfortunately it puts Apple in a tough position as it progresses. They will have to stop supplying end user support for removal and I think that will make a lot of their customers very unhappy. Not so bad for the savvy users as the fix is usually a Google search away but for all the people who were sold on the "it just works" idea it probably won't set too well.
 
Top