New malware strain found to target Uyghur activists on the Mac

Posted by:
Date: Friday, April 26th, 2013, 07:49
Category: News, security, Software

The bad news: There’s yet a new malware strain going around on the Mac.

The good news: If you’re up to date, it’s not a concern.

Per CNET, security company F-Secure has located spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of Uyghur activist groups in an Advanced Persistent Threat attack.

Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

The malware used has changed a little over the past year, with some versions using Trojans embedded in ZIP files, and others exploiting Word vulnerabilities. F-secure’s report shows this latest attempt uses a Word document called “poadasjkdasuodrr.doc,” though any document name can likely be used. When opened, the malware contained in it will install two files that attempt to pose as update components to RealPlayer, in the following locations:
~/Library/Application Support/.realPlayerUpdate
~/Library/LaunchAgents/realPlayerUpdate.plist

Since these folders are within the user account, the malware used in this attack variant can install itself without user passwords being required. However, another mode of attack does ask for authentication; if received, the malware will then be placed in the global Library folder instead, so it will run for every user on the system.

Using the “launchagent” file, the system will keep the hidden malware in the Application Support folder running, and will attempt connections to a command-and-control server at the URL alma.apple.cloudns.org.

The best ways to avoid this malware are via safe computing practices, deleting obvious spam messages and avoiding messages with attachments that haven’t hailed from trusted sources. Additionally, these attacks often exploit known vulnerabilities that have been patched, so always keep your operating system and installed applications up-to-date.

In conclusion, Mac OS X’s Software Update feature is your best friend, avoid suspicious-looking e-mails and you should be set.

Excelsior!!!

Elgato releases EyeTV 3.6.1 update

Posted by:
Date: Friday, April 26th, 2013, 06:18
Category: News, Software

eyetv2

A handy update never let anyone down.

On Monday, Elgato Systems released version 3.6.1 of its EyeTV software application, which finds and tracks all television programming you want to see and allows users to pause live television and save content to file.

The update, a 148.8 megabyte download via MacUpdate, offers the following fixes and changes:
- Improved EPG data display and search.

- Faster Gracenote EPG data download.

- Improved HDMI display support.

- Improved application performance after system sleep.

- Miscellaneous bug fixes.

EyeTV 3.6.1 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.