Criminals gain control over Mac with BackDoor.Olyx

Criminals gain control over Mac with BackDoor.Olyx

http://news.drweb.com/show/?i=1750&lng=en&c=14

 

"Doctor Web—the leading Russian developer of anti-virus software"...
I thought that Kaspersky is the leading Russian developer of anti-virus software...

 

They all claim they are number one.

 

+1.

 

+1

 

We all know they're the number one malware creators.

 

Maybe it's just you.

Currently blacklisting is still effective on Macs, but not for long (if they will become more popular).

 

Hate to blaspheme, but false.

The MacDefender class of simple nasties was already eluding them because like most AV's, they're doing the usual file hash detection on malware and as soon as they release an update for their own detector, the guys repack what they have. Won't go into much detail about it even though they never made me sign an NDA, but I spoke to Apple's security people about a potential solution that would detect zero-day mods like we used to do with BOClean for ZLOB and many other well-funded attacks but they weren't interested.

Dirty little secret of the AV industry: They get a sample, they SHA1 hash it and there's your signature. Change one bit and it no longer matches.

I was absolutely aghast when I learned this at COMODO. It's the textbook method.

 

@Kevin McAleavey, It's cheap and easy, and you can boast about having a 99+% detection rate in tests while providing little security. Consumers will buy everything, as long as it's marketed right.

 

There can be only one!

On topic, since this the second backdoor, it should be cherished, sort of like a pioneer collection. And maybe even produce a movie called mac backdoor 2, oh how that would sell.

Mrk

 

Mac devices, in the not too distant future, will come bundled with a well-known antivirus program that will be a trial version.

Opportunity knocks for AV companies struggling with a dwindling market share.

 

This is why they need an emulation engine or other means of analyzing data on the fly (most AV's do this Avast etc.). Down side is it usually is disabled by default and it takes loger to scan the file. HIPS are great addition to an AV.

 

I'm of the opinion that AV's are *so* 1980's and are obsolete. HIPS is getting there too since Apple's OS has more holes in it than Windows from what I've seen of its innards while studying possible solutions for them. They've been VERY lucky. My proposal to them was an entirely different direction that would suit their different culture.

AV's and the messy world of OS' is the reason why I embarked on the whole KNOS thing two years ago. Imagine not even needing an AV or any of that in the first place? Apple, like KNOS, is based on BSD - the difference is that they decided to fork off on several other paths too and that is what is leaving them vulnerable now. But I suppose they're going to go the windows route with AV's instead. KNOS works on Apple machines, so it's all good. Here in our world we have PC's and fruits, and they all run on KNOS.