Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Alfredo Pesoli remove filter
Mac OS X Dialog Box Spoofing—Believe Me, I’m System Preferences
Alfredo Pesoli | 10 Feb 2009 | 0 comments

While analyzing the recent OSX.Iservice.B threat I noticed some interesting API calls that were dealing directly with the Mac OS X authorization mechanism. There are plenty of interesting analyses and discussion about Windows UAC, both regarding Vista (Ollie’s post) or the recent Windows 7 UAC.

 

The authentication mechanism is an important part of the overall OS security, especially when we’re talking about malicious code that tries to hide as real and safe applications in order to fool the end users. Before digging into details, I’d like to stress one fact: it’s not a vulnerability, but simply a feature of the OS that can be used and abused from a social...

Read more
OSX.Lamzev.A – The Mac OS X Trojan Kit
Alfredo Pesoli | 26 Nov 2008 | 0 comments

Let me introduce you to the new "Trojan kit," which is a member of the "…no, I don't require root privileges…" malicious code targeted toward Mac OS X. A while ago we received a sample of a new Trojan affecting the Apple operating system. OSX.Lamzev.A is the first sample we’ve seen from this threat family. It’s an easily customizable Trojan kit that could be the first of a long list of malicious code clones.
   
So, what do we mean by Trojan kit and what makes it stand out from the crowd? The only noteworthy feature is the way in which it infects clean applications—what this Trojan does is hijack a common feature that Mac OS X applications use to launch themselves—a smart but simple hack!

Initially, when the Trojan is run, a command prompt will appear, in which the attacker can configure the application that he or she wants to “Trojanize” (figure 1). The Trojan needs to be...

Read more
Cloning Shop for Mac Users Now Open!
Alfredo Pesoli | 20 Mar 2008 | 0 comments

This week, our friends at Trend blogged
about a new misleading application for the Mac. We decided to take a
look at it as well. The application, named iMunizator, is a variant of
the well known rogue antivirus product called Macsweeper, which we have blogged about previously.



When launched, iMunizator performs a full scan of the system and
soon after it reports the “problems” that it found. Worryingly, some of
the files detected by iMunizator are actually safe system binaries that
should never be removed—files with "app" extensions. See the screenshot
below:



...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791