Anti-Virus Stories November 5, 2012

Use Sophos antivirus? Watch out

Tim Bray notes a post on Neohapsis:

A working exploit for Sophos 8.0.6 on Mac is available, however the techniques used in the exploit easily transfer to Windows and Linux, due to multiple critical implementation flaws described in the paper. Testcases for the other flaws described in the paper are available on request.

Sophos responded with a post on the multiple vulnerabilities, and it responded over and over that “Sophos has seen no evidence of this vulnerability being exploited in the wild.” But, is that really good enough? How about issuing a fix in the two plus months that they’ve known about these issues?  It only takes one wild exploit.

Sophos gave 9to5Mac the following comment:

Some were fixed last month, and for others we started rolling out patches to our users today.  :-)

Users of Sophos products should be automatically updated, but if anyone wants to be sure they can initiate a manual update.

Anti-Virus Stories April 4, 2012

ArsTechnica quotes a Russian antivirus company called “Dr. Web” that claims hundreds of thousands of Macs are infected with the Flashback Trojan detailed earlier this week. The attack takes advantage of an old Java vulnerability that Apple just patched this week.

Variations of the Flashback trojan have reportedly infected more than half a million Macs around the globe, according to Russian antivirus company Dr. Web. The company made an announcement on Wednesday—first in Russian and later in English—about the growing Mac botnet, first claiming 550,000 infected Macs. Later in the day, however, Dr. Web malware analyst Sorokin Ivan posted to Twitter that the count had gone up to 600,000, with 274 bots even checking in from Cupertino, CA, where Apple’s headquarters are located.

Dr. Web said over half of the infected computers were in the United States (including 274 in Cupertino), and 20 percent were in Canada. The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

If you think one of your machines may be infected, F-Secure has instructions on how to use the Terminal to find out. If these numbers are true, chances are some 9to5Mac readers are infected. Update: A reader comments that he was infected (599,999 more to go):

Powered by WordPress.com VIP