Unix and macOS malware

Earlier this week, Dr. Web reported the discovery of a Mac OS X botnet Flashback (Flashfake). According to their information, the estimated size of this botnet is more than 500, 000 infected Mac machines.

The IT security world in 2011 can be summed up in a single word – explosive!

The following statistics were compiled in November using data collected from computers running Kaspersky Lab products

The following statistics were compiled in October using data collected from computers running Kaspersky Lab products: 161,003,697 network attacks were blocked.

In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv.

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with “Firing the roast – Java is heating up again”. We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, it is striking that it has been very uncommon to see Java backdoors, Trojans and spyware. But that lack of Java malware variety is beginning to change. At the same time, aside from the recent, well-known BEAST Java implementation, it is striking that it has been very uncommon to see Java backdoors, bots, Trojans and spyware. But that lack of Java malware variety is beginning to change. My colleague Roman Unucheck identified a new Java bot with some interesting characteristics that we named “Backdoor.Java.Racac”.

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

A few days ago I published a blog post regarding the reverse engineering of the Mac OSX Rogue AV registration routine.

The Virus Lab recently came across a very interesting sample – a downloader containing two drivers and which downloads fake antivirus programs developed for both PC and Mac platforms

My colleagues Fabio Assolini and Vicente Diaz wrote two blog posts recently regarding the Rogue AVs for MAC OSX. After executing it on a test machine, and playing with it, I noticed there was some hidden information in the About Window

When my colleague Fabio wrote about a Rogueware campaign targeting MAC users, I investigated a bit into the origin of these campaigns. It was interesting how different researchers were getting those samples through searching images on Google. However, different searches always arrive at the same result, leading to the question: How many search terms have been poisoned?

In this Q&A session with Ryan Naraine, Kaspersky Lab malware researcher David Jacoby dispels the myth surrounding Linux as a malware-free platform and makes the case that misconfigurations and other security problems on Linux contributes to the malware epidemic on Microsoft’s Windows operating system.

Apple has released MacOS X 10.6.7 with several bugfixes and security-patches. This patch bundle also includes a silent update to Apple‘s built-in Xprotect anti-virus functionality.

With Apple fans waiting for the release of the Greenpois0n jailbreaking tool, the cybercriminals are exploiting the fuss with “Greenpois0n” trojans.