Tuesday, October 15, 2013

A security expert creates undetectable malware on Mac OS X

malware on Mac OS X
Macs are no longer the island of security that wanted to believe as they were. Malware exist on Mac OS X and start being more numerous. One researcher even found a "simple" way to make them undetectable. In April 2012, the Flashback botnet began to hurt the feeling of invulnerability of the Mac community, which for years had felt safe from viruses and other malware.

Sign of changing times, as related to an increase in market share to Apple’s professional cybercriminals. Cyber attacks seeking the best return on investment or, indeed, the apple computers often tend to be chosen by the target value. Since new malware for Mac OS X have succeeded without causing much damage as Flashback, but demonstrating every time the fortress "breathtaking" was no longer or had never been.

There are some days, Daniel Pistelli, a security researcher for Cerbero German company, announced that they had obtained a proof of concept with important consequences. It would be possible of creating undetectable malware on Mac OS X, as well as the system for any security solutions.

 To do this, they used one of the tools that Apple has built into Mac OS X and is used to encrypt the executable houses like Dock.app or Finder.app to protect. However, this encryption can equally well be used to "protect" the executable malware, he said in a post on his company blog. Security software is then unable to detect because it is encrypted - even if they were able to recognize before.

To provide a solution to the proof of concept that has unveiled Daniel Pistelli advanced in his post several tracks. The first implies that the virus include a decryption mechanism in order to recognize new malware. The second that these security systems try to find numerical code segments, and if they are, do not trust only executables that are signed by Apple itself. Finally, the third solution in the event of a discovery of encrypted code, antivirus allow only executable whose cryptographic signature matches a trusted key

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.