RISK is LOW regarding PDF Decoy malicious Apache Installer Reported by F-Secure.

Important Facts

• It is not a Trojan from a PDF but a Decoy PDF used in conjunction with PostInstall Scripts and Actions from a Package file.
• The decoy is designed to not raise the suspicion of the user.
• It installs Apache after the PDF Decoy opens.
• XProtect has been updated to detect it. 

For more information visit our analysis here.

To disable the DigiNotar Root CA in Mac OSX for Safari do the following. 

Disabling a Certificate in Keychain Access

1. Open up your Keychain Access Application located in Applications/Utilities folder.
2. Select "All Items" in the Catagories Tab.
3. Unlock the KeyChain and enter into the search box "digin".
4. Select the DigiNotar Root CA and change "When using this certificate" to Never Trust.
5. Enter the Administrator Password for the Mac to make the change for all users. 

Enabling Preferences in Keychain Access to use OCSP and CRL

You can enable Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) to obtain the revocation status of X.509 Certificates. This may hinder performance so we recommend that individual users set these options only temporarily. 

1. Open up your Keychain Access Application located in Applications/Utilities folder.
2. Selet KeyChain Access>Prefences and toggle to the Certificates Pane.
3. Set Online Certificate Status Protocol (OCSP) to Best Attempt.
4. Set Certificate Revocation Listl (CRL) to Best Attempt.
5. Set Priority to OCSP.
6. Close Preferences and Quit the Keychain Access appliction.

Update on Thursday, September 1, 2011 at 07:03PM by Sean OConnell Public

The fallout continues and this compromise can be larger than first reported. We recommend setting "Staat der Nederlanden Root CA" to NEVER TRUST in Keychain Access. This will ensure that any other compromised certificates which may have been issued are block. This is a precaution, users should make sure CRL/OCSP in turned on as stated above.