James Delahunty
20 Jun 2010 23:50
Graham Cluley of the Sophos security firm has written about a hidden change in Mac OS X 10.6.4 that is not mentioned in its release notes. Specifically, Apple included an update to the malware protection built into Mac OS X to protect against a backdoor Trojan the Cupertino-based Mac-maker identifies as "HellRTS".
Sophos has been tracking the same trojan since April as OSX/Pinhead-B. It is distributed by malicious sources as the iPhoto application. The malware can provide a attacker with full access to an infected Mac, allowing for the taking of screenshots, sending spam, reading the clipboard, accessing files and so on.
"Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done," Cluley wrote.
"You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. 'Shh! Don't tell folks that we have to protect against malware on Mac OS X!'"
Building on that point, Cluley recalled a recent twitter entry from a colleague telling of how he had overheard an Apple Store employee tell potential customers that it was impossible for Macs to be infected with viruses.
"There's a lot less malicious software for Mac computers than Windows PCs, of course, but the fact that so many Mac owners don't take security seriously enough, and haven't bothered installing an anti-virus, might mean they are a soft target for hackers in the future," Cluley writes.
To counter the threat of HellRTS - or OSX/Pinhead-B - Apple added signatures to the XProtect.plist file. "Apple's update to detect "HellRTS" more than doubles the size of the XProtect.plist file from 2.4k to 5.1k. There are still a lot of Mac threats it doesn't protect against," Cluley concludes.