Intego

Jan 23 2009

The latest Mac Trojan can be avoided by not pirating software

eviliwork 20090122 210137 The latest Mac Trojan can be avoided by not pirating softwareAn Intego Security Alert warns of a new exploit to threaten the tranquility of the Mac universe: OSX.Trojan.iServices.A Trojan Horse.

The new Trojan Horse is currently hidden in pirated copies of Apple’s iWork ’09 available via various BitTorrent tracker sites. While the software is complete and functional, the installer contains a “bonus” called iWorkServices.pkg. This software is installed as a startup item where it has read-write-execute permissions for root: in other words, it has all the powers of a system administrator. This malicious software connects to a remote server over the internet, alerts its maker that it has been installed and gives this person the ability to connect to the affected Mac remotely.

Given that this alert came from Intego, it is no surprise that their software, VirusBarrier X4 and X5, will protect you against this Trojan horse as long as your virus definitions are dated January 22, 2009 or later. Meanwhile, over at SecureMac, they have made a free and handy iWorkServices Trojan Removal Tool that will… well… remove the Trojan for you.

I should mention that the preferred method of dealing with this Trojan is avoidance: go buy iWork ’09 The latest Mac Trojan can be avoided by not pirating software legitimately!!

Note:

By admin • General News, hax0r, News Comments Off • Tags: , , , , , , , , , , , , , , , , ,

Feb 24 2006

Intego warns of another way to compomise a Mac…. metadata

It seems that we can’t go a few days before someone warns of a possible way that a hypothetical someone might conceivably exploit an obscure flaw in Mac OS X. So far none of these warnings has amounted to much save for a bit of paranoia from Mac users and a lot of unwarranted glee from jealous PC users.

It’s been a couple of days since the Safari shell script vulnerability (zero-day exploit) was described, so it must be time for another doomsday scenario to be revealed…The Mac OS X Metadata Exploit…
I received the following from Intego this morning:

Exploit: Mac OS X metadata exploit

Discovered: February 24, 2006

Risk: Critical

Description: Compressed archives can contain resource forks and HFS metadata stored in an invisible “__MACOSX” folder. Data contained in these resource forks and HFS metadata can mask the real type of a file in the archive, causing shell scripts to execute if users double-click such files.

The risk inherent in this exploit is that any compressed archive may contain such resource forks and metadata, and that decompressing an archive and double-clicking a resulting file can execute a shell script contained in the invisible __MACOSX folder.

Safari users who have not turned off auto-execution of “safe� files will download the malicious Zip archive, which will then execute. Even if this option is turned off, the Zip archive will download, and a user may double-click it to decompress it, then double-click its contents, causing the file to execute.

An additional exploit has been discovered, by which a malicious user can hack a web site, and add a script to a page that will generate a zip archive containing executable code. A user merely needs to visit a web page: the script actually creates the zip archive; the file itself does not need to be on the hacked server or any other server.

The ramifications of this are quite serious. While the first example above requires that a user double-click a file twice (if auto-execution of “safe� files is turned off), in the second case, users may go to a website where they expect to download legitimate files (zipped graphics, video, or even applications), and end up with a potentially dangerous executable.

When clicking on a link for a legitimate download, the script generates a zip archive that the user expects to receive. The user then decompresses the archive and expects the resulting file (an image, video or application) to be a graphic or application.

Means of protection: The first way to protect against this exploit is to uncheck the option Open “safe� files after downloading, found in Safari’s General preferences. (This option is on by default, and Mac OS X would be more secure if it were set to off.) But to fully protect against the possibility of accidentally executing code in a file downloaded intentionally, Intego VirusBarrier X and X4, with their virus definitions dated February 23, 2006, offer protection from this type of hidden executable file.

Scared? Don’t be.

This is just a warning of a possibility. We have nothing to fear but anti-virus companies plotting to profit from your fear itself. There have been no reports of anyone actually being infected or harmed by a malicious file leveraging this exploit. Do not be alarmed.
Note:

By admin • General News, News, troubleshooting Comments Off • Tags: , , , , , , , , , , , , , , , , , ,

Jan 11 2005

More than just Apple at Macworld

By far the most anticipated event at any Macworld Expo is the keynote from
Apple, but there are many other products announced, demoed or discounted at
Macworld (or in the geographic of chronological vicinity of Macworld) that are
worthy of mention. Read on for the list…
Here are just a few vendors and the announcements they have
made:

Elgato

  • EyeConnect:
    media streaming software based on Universal Plug and Play Audio/Video standard
    (UPnP AV). EyeConnect enables digital music, video, or photo content, including
    EyeTV recordings, iPhotos, iTunes and movies stored on a Macintosh, to be
    played on a broad variety of UPnP AV certified devices.
  • EyeTV
    Wonder:     USB 2.0 analog TV tuner for the Mac

Intego

  • Remote Management Console: a program that allows administrators
    to manage and configure Intego security software on Macintosh computers across
    a local network or via the Internet.
  • Internet
    Security Barrier X Antispam & Platinum Editions    :     the Antispam
    Edition includes Personal Antispam X3, NetBarrier X3 and VirusBarrier
    X while the Platinum Edition also includes Personal Backup X3, ContentBarrier
    X, and ChatBarrier X3
  • WiFi
    Locator    :     a pocket-sized device for finding wireless AirPort and
    WiFi networks
  • Personal
    Antispam X3    :     works in conjunction with Apple Mail and Microsoft
    Entourage to filter spam so users can keep their inboxes spam-free.

Keyspan

  • Express
    Remote    : used with AirPort Express to provides a powerful way
    to locally control music being streamed from iTunes on a remote Mac. When
    connected directly to your Mac, the Express Remote allows you to control audio
    and video media players on your computer in the same convenient way that you
    now control a TV or VCR.

Mariner Software

RadTech

  • G5
    iMac ScreensavRz:     the next in the series of elegant, form-fitting
    protective covers for LCD panel iMacs
  • Silver
    Edition BT 500 mini Bluetooth Mouse    : lightweight BT wireless
    mouse with 3 button control as well as a finger-friendly silicone composite
    scroll wheel
  • Tekstyl use-in soft cases for notebooks: features use-in
    functionality with full access to ports and drives while still in the case.
    The integrated fold-out stand provides
    an ergonomic typing angle for comfortable access to the notebook’s keyboard.
  • blemished MacTrucks
    at less then half price    : Come by RadTech’s Booth, #2329, during the
    show and receive big savings on the purchase of a specially marked MacTrucks.
    Offer good through the duration of the show or while supplies last.

Note:

By admin • General News, macworldexpo, News Comments Off • Tags: , , , , , , , , , , , , , , , , , ,

1 2