Unix and macOS malware

The investigation into the Duqu Trojan is into its sixth month, and March brought further progress as we were able to establish which language was used for its Framework code.

Late last week, we found evidence of a possible link between a Mac OS X backdoor trojan and an APT attack known as LuckyCat.

We continued to intercept domain names after setting up the sinkhole server and we are currently still monitoring how big the Flashback/Flashfake Mac Trojan related botnet is.

According to data collected by Kaspersky Lab, almost 700,000 infected users have been counted at the beginning of April and the number could be higher. Although Mac OS X can be a very secure operating systems, there are certain steps which you can take to avoid becoming a victim to this growing number of attacks. Here’s our recommendation on 10 simple tips to boost the security of your Mac.

Earlier this week, Dr. Web reported the discovery of a Mac OS X botnet Flashback (Flashfake). According to their information, the estimated size of this botnet is more than 500, 000 infected Mac machines.

The IT security world in 2011 can be summed up in a single word – explosive!

The following statistics were compiled in November using data collected from computers running Kaspersky Lab products

The following statistics were compiled in October using data collected from computers running Kaspersky Lab products: 161,003,697 network attacks were blocked.

In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv.

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with “Firing the roast – Java is heating up again”. We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, it is striking that it has been very uncommon to see Java backdoors, Trojans and spyware. But that lack of Java malware variety is beginning to change. At the same time, aside from the recent, well-known BEAST Java implementation, it is striking that it has been very uncommon to see Java backdoors, bots, Trojans and spyware. But that lack of Java malware variety is beginning to change. My colleague Roman Unucheck identified a new Java bot with some interesting characteristics that we named “Backdoor.Java.Racac”.

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

A few days ago I published a blog post regarding the reverse engineering of the Mac OSX Rogue AV registration routine.

The Virus Lab recently came across a very interesting sample – a downloader containing two drivers and which downloads fake antivirus programs developed for both PC and Mac platforms

My colleagues Fabio Assolini and Vicente Diaz wrote two blog posts recently regarding the Rogue AVs for MAC OSX. After executing it on a test machine, and playing with it, I noticed there was some hidden information in the About Window