Methusela Cebrian Ferrer CA - HCL
The emergence of crimeware[1] in Macintosh displayed immense awareness in security. Apple stepped in and introduced protection which detected notable malware families DNSChanger, aka 'RSPlug', Jahlav and Iservices, aka 'iWorks', in Mac OS X 10.6 Snow Leopard. As observed with immediate effect, the organized group perpetrating the distribution stopped serving the Mac malware. Some interesting questions have surfaced: is there a reorganization happening? and is this the solution to deter cybercriminals?
The message is clear, Mac users became more cautious and security-aware this time. The greater level of security consciousness has led to an increase in community discussions and participation. Users immediately report dubious websites and suspicious behaviour possibly caused by unknown threats. However, a lack of detailed information may prevent discovery of the real culprit.
This paper seeks to explore and discover the continuous interest of organized groups in Macintosh. We will track down the attempts, strategies and latest offensive development pursued in Mac. The utilization of available detection utilities will be discussed to highlight the importance of identifying possible new malware.
[1] http://www.virusbtn.com/conference/vb2009/abstracts/Ferrer.xml
