The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


New “Ventir” malware

Posted on October 19th, 2014 at 8:54 AM EDT

On Thursday of last week, Kaspersky announced their discovery of a new piece of Mac malware, which they are calling Ventir. I have held off writing anything about this until I could get some independent confirmation, as I tend to be skeptical of Kaspersky these days. (See Misinformation about “acoustical infections” and Kaspersky reveals “The Mask”.) However, I have tested my own copy of the malware at this point, and found that Kaspersky’s analysis seems to be fairly accurate in this case. Read the rest of this entry »

4 Comments


iWorm method of infection found!

Posted on October 4th, 2014 at 7:29 AM EDT

e-biohazard

On Thursday, I wrote about new malware called iWorm. This morning I awoke to find an e-mail waiting for me in my Inbox from someone who wished to remain anonymous. This person indicated that he had found installers for the new iWorm malware. He pointed me to the downloads offered by a user named “aceprog” on PirateBay. Read the rest of this entry »

48 Comments


Dr. Web announces new “iWorm” malware

Posted on October 2nd, 2014 at 7:39 AM EDT

e-biohazard

Dr. Web announced the discovery of a new piece of Mac malware on Monday, which they are calling Mac.Backdoor.iWorm. According to their report, they believe the malware is affecting “more than 17,000 unique IP addresses.” Of course, this may not correlate well with the number of infected Macs, since most Macs do not have static IP addresses, but the number of infected Macs should at least be on the same order of magnitude. Read the rest of this entry »

15 Comments


New NetWeird variant in the wild

Posted on March 27th, 2014 at 9:10 AM EDT

e-biohazard

Since early February, I’ve seen several reports of a new variant of the NetWeird malware. In all cases, this malware was detected by Dr. Web, and was detected as Backdoor.Wirenet.2, as opposed to the earlier Wirenet.1 variant that first appeared back in 2012. It would appear that this malware is still in active development, and the news is bad on all fronts. Read the rest of this entry »

1 Comment


How to manage a hacked wireless router

Posted on March 18th, 2014 at 9:48 AM EDT

info

There have been a lot of cases of wireless routers being hacked or infected with malware recently. With news of the malware known as the “Moon” that has been infecting a number of LinkSys routers (one of the most popular brands) and a report that one gang of hackers is in control of more than 300,000 wireless routers, this is a dangerous time to manage a wireless network. So how does the average home or small business user manage their wireless routers? Read the rest of this entry »

18 Comments


Time to re-evaluate safety of Mac OS X

Posted on March 5th, 2014 at 11:07 AM EDT

e-biohazard

My Mac Malware Guide has, for some time, made the claim that a properly up-to-date Mac OS X system cannot be infected by any known malware. This was true at one point, with some provisos, when that text was originally written. However, recent cases of malware that has failed to be blocked by the XProtect anti-malware system in Mac OS X prompted me to do a re-evaluation of this statement. What I found was profoundly disappointing, leaving me wishing that I could take those words back. Read the rest of this entry »

9 Comments


Kaspersky reveals “The Mask”

Posted on February 11th, 2014 at 12:30 PM EDT

e-biohazard

Last week, Kaspersky posted a rather vague note about new malware they called “The Mask,” which they said was “one of the most advanced threats at the moment.” They withheld further information until yesterday, when they revealed their findings at a Kaspersky-sponsored conference, the Security Analyst Summit. This information can be found in a document titled ‘Unveiling “Careto” – the masked APT.’ After studying this document, I am forced to call into serious question Kaspersky’s claims… and their responsibility as a member of the security community. Read the rest of this entry »

4 Comments


New CoinThief malware discovered

Posted on February 10th, 2014 at 10:32 AM EDT

e-biohazard

A new Mac trojan, named OSX/CoinThief.A by SecureMac, has been discovered. This malware is designed to steal Bitcoins from infected machines, and is disguised as an app intended to be used for sending and receiving Bitcoin payments. Although the average user is not likely to be affected by this, it has cost at least one user around $12,000 in lost Bitcoins, according to SecureMac. Read the rest of this entry »

1 Comment


Mac anti-virus testing 2014

Posted on January 27th, 2014 at 8:49 AM EDT

e-biohazard

Almost exactly one year ago, I completed a round of tests of 20 different anti-virus programs on the Mac. Because this is an area of software that is in almost constant flux, I felt it was important to repeat that test this year. I was very curious about whether these programs were still as effective (or ineffective) as they had been, and how well they detected new malware that had appeared since the last test was performed. Read the rest of this entry »

46 Comments


Preliminary anti-virus testing comments

Posted on January 22nd, 2014 at 1:06 PM EDT

e-biohazard

I have been working on another round of testing of anti-virus apps. The last time I did this was one year ago, in January of 2013, so I decided it was probably time to repeat it. I have finished all the scanning, but still have a pile of work in front of me to get all the data tabulated. Still, this experience has been frustrating enough that I want to make some preliminary comments, before I have the full results in-hand. Read the rest of this entry »

21 Comments


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.