brod | DataProtectionCenter.com

Mac Trojan Disables XProtect Updates

19

Oct

2011

There’s something new brewing in Mac malware development (again). Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple’s built-in OS X anti-malware application. First, Flashback.C decrypts the paths of XProtectUpdater files that are hardcoded in its body: Flashback.C decrypts the path of the plist file of XProtectUpdater Flashback.C […]

Category General Written by F-Secure Antivirus Research Weblog 0 Comments

Mac Trojan Flashback.B Checks for VM

12

Oct

2011

One of our analysts has discovered something interesting while debugging the latest version of Flashback, a Mac trojan that attempts to trick people into believing it’s an Adobe Flash Player update. While comparing the differences between Flashback.A and Flashback.B, he saw this routine: Flashback.B performs a “vmcheck”. If virtualization is detected, the trojan aborts itself. […]

Category General Written by F-Secure Antivirus Research Weblog 0 Comments

Trojan:BASH/QHost.WB

01

Aug

2011

We come across a fake FlashPlayer.pkg installer for Mac: Once installed, the trojan add entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, etc) to the IP address 91.224.160.26, which is located in Netherlands. The server at the IP address displays a fake webpage designed to appear similar to […]

Category General Written by F-Secure Antivirus Research Weblog 0 Comments

The Latest in IT Security

Posts Tagged ‘brod’

Mac Trojan Disables XProtect Updates

Mac Trojan Flashback.B Checks for VM

Trojan:BASH/QHost.WB

Categories

Featured

Archives

Latest Comments

About Us

Contact Us