Unix and macOS malware

Research

Is .info the new .cc?

In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv.

Research

Java Malware Reconsidered, or, Java Brews a Fresh Bot of Malware

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with “Firing the roast – Java is heating up again”. We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, it is striking that it has been very uncommon to see Java backdoors, Trojans and spyware. But that lack of Java malware variety is beginning to change. At the same time, aside from the recent, well-known BEAST Java implementation, it is striking that it has been very uncommon to see Java backdoors, bots, Trojans and spyware. But that lack of Java malware variety is beginning to change. My colleague Roman Unucheck identified a new Java bot with some interesting characteristics that we named “Backdoor.Java.Racac”.

Incidents

More fakeAV for MAC. This time it’s massive

When my colleague Fabio wrote about a Rogueware campaign targeting MAC users, I investigated a bit into the origin of these campaigns. It was interesting how different researchers were getting those samples through searching images on Google. However, different searches always arrive at the same result, leading to the question: How many search terms have been poisoned?

Video

New webcast – The Truth about Malware and Linux

In this Q&A session with Ryan Naraine, Kaspersky Lab malware researcher David Jacoby dispels the myth surrounding Linux as a malware-free platform and makes the case that misconfigurations and other security problems on Linux contributes to the malware epidemic on Microsoft’s Windows operating system.

Research

Apple’s silent updates

Apple has released MacOS X 10.6.7 with several bugfixes and security-patches. This patch bundle also includes a silent update to Apple‘s built-in Xprotect anti-virus functionality.

Research

One Leopard, two Trojans

On 28th August, the latest update for MaxOS X was released – Snow Leopard. It differs in one very telling way from previous versions – for the first time in Apple’s long history, the company’s implemented an antivirus scanner.

Reports
Subscribe to our weekly e-mails

The hottest research right in your inbox