ESET Threat Blog

Yesterday, ESET announced the discovery of a new threat against the Apple Mac OS X platform. Today, we have found a new version of the same threat. The new version is similar to the previous version with two important differences. The first addition to this threat is that it now implements persistence on an infected … Read More…

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code … Read More…

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache.
The UI is essentially unchanged, but as usual all of … Read More…

In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it.  
I'll address the second question first.   I think its safe to say the current malware would not be newsworthy if it … Read More…

The recent MacDefender Trojan has been receiving “rebranding” facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the … Read More…

No, I'm not casting aspersions about the acting ability of Ms Jolie.
Yesterday I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers to a report by Trend Micro's Marco Dela Vega that criminals are making use of the fact that Quicktime Player 7.6.6 allows movie … Read More…

The OSX/OpinionSpy/PremierOpinion story has unfolded rather more slowly than we're accustomed to seeing in the world of Windows (where PremierOpinion has been flagged as adware, spyware or "possibly unwanted" for quite a while.
As far as the 7Art screensavers are concerned, the last time I checked, the  screensavers themselves seemed to be clean, and allowing access to … Read More…

I like Macs. Not in an "OS X is God's own Operating System" sort of way, but I've owned/used many Macs, from SE/30s and IICX's to iMacs, eMacs and Macbooks. In fact, at least two of my books were written on the Powerbook which was my workhorse machine in my last couple of years at … Read More…

I was in Cyprus when I first came across the story about this spyware, which I blogged about here and here.
Unfortunately, although Intego reported on some of the screensavers that were associated with its distribution, I was obliged to update the blog and remove the link to that information, as it was removed from the Intego … Read More…

While I was at the EICAR conference earlier this week, I also co-presented (along with Pierre-Marc Bureau and Andrew Lee) a paper on "Security, Perception and Worms in the Apple". During the presentation, I had occasion to recall how in the early 1990s I wrote a report on viruses for my boss at the time at … Read More…