We continue to see increase RISK related to Java, specific to the MacOS. It is our belief that criminals will take advantage of the cross platform nature and Apple's update cycle. 

We recommend the following actions:

• If you do not need or use Java turn it off in Safari.
• Do not Trust Unsigned Applets.
• Restrict Java using the JavaPreferences.APP
• Users should deselect "Auto-Fill" in browsers.

Check the following and remove all:

• In Safari>Preferences>Auto File select "User Names and passwords"---> Edit and then remove all. 
• In Safari>Preferences>Auto File select "Other"---> Edit and then remove all. 

Consider the following for Safari and Browsing:

• Disable autofill from you browser for any form data.
• Set save history to one day.
• Make sure "Open Safe Files" is deselected in Safari.
• Download files only to the download folder.
• Set Remove Downloads to "When Safari Quits."
• Never do Web Surfing as the Administrator, carry out daily task as a user that does not have administrator privileges.
• Never use Safari on a Mac OSX Server, download files, confirm the hash and then move the file via network assets in your control.

RESPONSE center is still active related to MacDefender Malware but the conditions have stabilized. We will be conducting a post mortem of the event and determine what was effective and areas in need of improvement.

Areas we plan to explore:

• Better use of the Caro virus naming scheme to handle various and Mac Applications Packages.
• Quicker reporting and browser level responses including use of Safari extensions.
• Explore MAAS alert levels and determine if the levels need to include impact in addition to threat and Risk. In MacDefender's case the impact on users was far greater then the threat and risk.