Q1 Mac Threats RoundUp

The first quarter of this year has gone so fast but for Mac threats everything just started. Let's take a review on Q1 notable threats, the overall perspective on malware categories and OS X reported vulnerabilities and fixes.

Q1 Notable Threats

Trojan.OSX.DNSChanger

Description: This is a malicious Trojan that uses social engineering technique to entice users to manually install the program. It arrives to users as a disguised video codec and associates itself with shared and downloadable videos. During installation, this Trojan modifies users’ DNS IP address to point to its own malicious servers. Infected user will suddenly experience unusual results in its entire web browsing activity.

This trojan is currently seen in-the-wild.

RogueAntiSpyware.OSX.MacSweeper

Description: MacSweeper is a rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It usually arrives to users as an pop-up advertisements, where it redirect users to download the file.

This is the first rogue application for Mac OS X.

RogueAntiSpyware.OSX.Imunizator

Description: Imunizator is a re-branded version of MacSweeper. It is an exact copy of MacSweeper except for its new name.

Application.OSX.LogKext

Description: LogKext is a free and powerful kernel base Keylogger in Mac OS X. This keylogger has a full stealth capabilities and it is controlled by a command-line client called logKextClient. A new version was recently released in public.

Percentage per Malware Categories

OS X Vulnerabilities

March OSX News Makers

March 18 - Apple Released Its Gigantic Update.

• Security Update 2008-002 fixes 95 security vulnerabilities found in different components of Mac OS X operating system.
  
• Safari 3.1 fixes 13 security vulnerabilities found in Safari for Mac (10) and Windows (3).

March 20 - "iMunizator" The 2nd Rogue In Mac

• iMunizator a rebranded version of MacSweeper.
• It was first seen in Apple Discussions web site, where someone asked this question "What is iMunizator?"
• Difference between the two:
• iMunizatorSetup.dmg file size is 1.49Mb while MacSweeper 1.52Mb.
  
• iMunizator company is iMunizator.com while MacSweeper is KiVVi Software.
  
• iMunizator executable file size is 407,036 bytes while MacSweeper 407,468 bytes.
  
• iMunizator resource folder does not contain TODO.txt.
• If Last time, MacSweeper is sharing NS server with Cleanator (a known rogue program in windows) this time iMunizator.com neighbor is AntiSpywaredeluxe.com [67.205.72.9] which is also a rogue program in Windows. iMunizator.com network information below:
  

March 27 - Mac OS X Hacked in 2 Minutes Read [CNET News]

• CanSecWest PWN2OWN 2008 contest targets Linux, Vista and OSX.
  

• VAIO VGN-TZ37CN running Ubuntu 7.10
  
• Fujitsu U810 running Vista Ultimate SP1
  
• MacBook Air running OSX 10.5.2

• March 26 (1st Day) when the contest started. However, nobody was able to hacked any of these three operating systems in a limited resources and confined local network connection.
  
• March 27 (2nd Day) when the attackers were given internet connection.
  
• March 28 (3rd Day) when the attackers were allowed to use popular software to exploit.
  
• The results are as follows:
  

• On the 2nd day, Mac OS X was successfully hacked in 2 minutes using a zero-day exploit in Safari.
  
• On the 3rd day, Vista was successfully hacked after 7 hours using zero-day exploit in Adobe Flash.
• Linux stays intact and won against hackers.