Automatic updating has always been built into Lion since its initial release in July 2011.īefore you update your Mac OS X anti-malware download definitions, you should first make sure you have the latest version of Mac OS X installed (10.6.8 is the final version of Snow Leopard, and 10.7.2 is the current version of Lion as of when I'm writing this). In May 2011, after the outbreak of MacDefender malware, Apple released a security update that enabled automatic updating of Mac OS X's built-in definitions file for Snow Leopard. ![]() To briefly review, Mac OS X Snow Leopard and later (including Lion) include very basic protection against malicious downloads under certain circumstances. I thought this would be a good opportunity to share with my readers a few ways to manually force an update to Apple's definitions. The latest update appears to block a new version of a Trojan horse that masquerades as a Flash Player update, which Apple labels. If you know of a way to manually check for XProtect updates in Mavericks, please leave a comment.Īpple just released an update for its ist malware definitions file (which Apple calls the "safe downloads list" this is kind of a misnomer because it's actually a list of unsafe downloads). UPDATE, : None of these tricks work in OS X Mavericks (version 10.9). Out of the 43 antivirus engines on VirusTotal, only Sophos currently detects the file as malicious (Mal/Phish-A).Ī somewhat amusing side note: I don't even live in the UK, nor have I ever traveled there-and the phishing e-mail was sent to an AOL.com ( America Online) address-so this is obviously not a targeted phishing scam campaign by any means.įor more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter or Google+. Here are the Web of Trust and IPVoid reports for this IP address:Īs observed by URLVoid, the IP is currently on SURBL's phishing blacklist. It could simply be the case that the scammer had remote access to a compromised machine that happened to be located in Denmark. Naturally, just because the IP is from Denmark doesn't mean that the scammer is from there. The server is hosted at an IP address owned by Cybercity, a DSL ISP in Denmark:Īttempting to visit the URL directly in a browser will redirect to the official HMRC site, the same redirection occurs after submitting data via the form, obviously in an attempt to make the form submission seem to have been legitimate to unsuspecting victims. ![]() The attachment is an HTML file that contains a basic form that uses the "post" method to submit the form contents to a server. ![]() I wanted to include some additional details that were less appropriate for the other article but might interest those interested in tracking phishing campaigns. I've written a piece about this for Sophos' Naked Security blog. There's a new phishing scam e-mail making the rounds claiming to be from the UK tax organization Her Majesty's Revenue & Customs, or HMRC for short.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |