MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Monday
May022011

Condition Remains GREEN

Intego is reporting the discovery of a Mac OSX Rogue Anti-Malware software product called MacDefender. 

What to do:

  • Do not install any program called MacDefender.
  • Make sure "Open Safe Files" is deselected in Safari.
  • Select "Clear Auto-Opening" settings in chrome://settings/advanced.
  • Download files only to the download folder.
  • Set Remove Downloads to "When Safari Quits."
  • Never do Web Surfing as the Administrator, carry out daily task as a user that does not have administrator privileges.
  • Never use Safari on a Mac OSX Server, download files, confirm the hash and then move the file via network assets in your control.
  • Install a full featured anti-virus software. http://www.intego.com/virusbarrier/ of see references below.

Currently this Rouge Anti-Virus requirers user action so you can mitigate the threat by following the steps above. 

Monday
May022011

Condition Remains GREEN

CSIS is reporting a Crimeware kit is now live which targets Mac OSX and iOS devices. At this time the Weyland-Yutani BOT, named after the evil corporation in the Aliens franchises, targets Firefox and steals form data. The current version is not complete and we expect to see alterations and updates to target other Apple products.

What to do:

  • Disable autofill from you browser for any form data.
  • Set save history to one day.
  • Make sure "Open Safe Files" is deselected in Safari.
  • Download files only to the download folder.
  • Set Remove Downloads to "When Safari Quits."
  • Never do Web Surfing as the Administrator, carry out daily task as a user that does not have administrator privileges.
  • Never use Safari on a Mac OSX Server, download files, confirm the hash and then move the file via network assets in your control.
  • Install a full featured anti-virus software. (See references below.)

At this time the threat from the kit is very low but that may change going forward. Magmatic customers can request Safari Browser Secure Normal State Document.