Kaspersky Lab states Flashback infections drop to under 30,000, warn of potential exploits en route

Posted by:
Date: Thursday, April 19th, 2012, 10:30
Category: News, security, Software

This too shall pass.

Per the cool cats at Ars Technica, Flashback infections have plummeted since Apple released a tool to stop the Trojan, but a security firm has cautioned that more malware could be on the horizon.

Researchers from Kaspersky Lab held a press conference Thursday morning in which they revealed that the number of machines infected by Flashback has dropped to just 30,000. That’s significantly down from the 600,000 Macs it was estimated to have infected at its peak, as well as the 140,000 Macs estimated to have been infected on Tuesday of this week.

Presence of the Trojan has been limited as Apple released a Java update to rid machines of Flashback. And for those that don’t have Java installed and could be harboring a dormant version of the malware, Apple also issued a separate removal tool.

But researchers at Kaspersky believe Flashback could just be the beginning. They believe that hackers will continue to target the Mac, as Apple has gained significant market share in recent years and continues to outgrow the rest of the PC market.

“Market share brings attacker motivation,” Kaspersky officials said. “Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe’s Flash Player installer package.

Earlier this week, another Mac Trojan was discovered that takes advantage of an exploit in Microsoft Word to spread. Dubbed “LuckyCat,” it uses a Java exploit to infect a targeted machine, allowing a remote user to analyze and even steal data from the system.

Stay tuned for additional details as they become available.

Apple offering MobileMe users free Snow Leopard update to upgrade users to Lion

Posted by:
Date: Thursday, April 19th, 2012, 07:20
Category: iCloud, News

Offer them what they want and you might get a few new customers.

Per Macgasm, Apple is apparently sweetening the deal for MobileMe subscribers who still haven’t made the move to Mac OS X 10.6/10.7 and iCloud. As the last elements of MobileMe terminate on June 30 this year, the company is offering one of the upgrades free for the taking.

“Get your Mac ready for iCloud,” the MobileMe web page reads. “To take advantage of the great features of iCloud, your Mac must have OS X Lion installed. If you are running OS X Leopard, you will need to install Snow Leopard first and then purchase Lion from the Mac App Store.”

To ease in this transition, Apple is giving away free DVDs of Snow Leopard (a US$29 value) to MobileMe subscribers who log into their accounts and fill out the form found here. “After you have installed Snow Leopard on your Mac, run Software Update from the Apple menu to get the latest version of Snow Leopard 10.6.8,” step one of then process explains.

From here, users can pay US$29.99 for Mac OS X Lion from the Mac App Store, move their MobileMe account to iCloud and be done with it.

It generally doesn’t hurt to upgrade, so you might want to look into it, especially if there’s a freebie on the table.

Mac OS X Mountain Lion developer preview 3 notes hint at changes to come with Safari web browser

Posted by:
Date: Thursday, April 19th, 2012, 06:55
Category: News, Software

safarilogo.jpg

Following the release of OS X Mountain Lion Developer Preview 3, Apple has seeded Safari 5.2 Update 3 that carries a few new features and bug fixes.

Per AppleInsider, among the usual bug fixes, Safari 5.2 Update 3 comes with a new scalable vector graphics filter, redesigned Web Inspector and HTML5 media controllers. Also included are CSS filters, Web Audio API and HTML5 timed tracks.

From the release notes:

SVG Filters:
Using SVG Filters, you can combine several filter primitive elements and light source elements into a single sophisticated filter, which can then be applied to any SVG element.

HTML Assets:
– An HTML5 media controller can synchronize or otherwise coordinate the playback of multiple HTML5 media elements. For instance, you could use a media controller to overlay a sign language interpretation track over a video track, and keep the two in sync.

– A media controller has the same methods and events as an HTML media element. This means that, for example, when you call the pause() method on a controller, any
media that is slaved to that controller will be paused. Or, when a controller receives a canplaythrough event, all media slaved to that controller can be played through to the end without buffering.

– HTML5 timed text tracks enable captions, subtitles, descriptions, and chapters by letting you specify the timing of text that appears with an HTML5 video element.

CSS Filters:
– CSS filters let you apply pixel effects to any image or web page element with a single line of code. Available filter functions include sepia, hue-rotate, saturate, invert, opacity, brightness, contrast, blur, grayscale, and drop-shadow. Filters can be combined, and changes to the filter property can be animated with CSS transitions or animations.

Web Inspector:
– The Web Inspector has a streamlined new design that speeds up common development tasks. It features a new all new iconography, a navigation bar that lets you easily switch between different web page elements, a persistent JavaScript console, integrated timelines, and more. Additionally, JavaScript debugging is now enabled by default, and the page source view now opens in the Web Inspector automatically.

Web Audio API:
– The Web Audio API is a high-level JavaScript API for processing and synthesizing audio in web applications. While the HTML5 audio element allows for basic streaming and audio playback, the Web Audio API is powerful enough for more complex audio applications that require mixing, processing, or filtering audio data, such as a modern game audio engine or an interactive audio production application.

Stay tuned for additional details as they become available.

You too can now smell like a new MacBook Pro…

Posted by:
Date: Wednesday, April 18th, 2012, 06:10
Category: Fun, News

It’s hard to say if this was on your bucket list, but perhaps it’s worth looking into.

Per Macworld UK, A unique fragrance – the scent of a newly purchased Apple product being opened for the first time – has been created for an upcoming art exhibition by Melbourne artists Gavin Bell, Jarrah de Kuijer and Simon McGlinn.



The scent created with Air Aroma for Greatest Hits encompasses the smell of the plastic wrap covering the box, the printed ink on the cardboard, the smell of paper and plastic components within the box and, of course, the aluminum notebook which has come straight from the factory in China.

The creation process included suppliers in the South of France sending over samples of fragrances with the aromas of glue, plastic, rubber and paper. The samples were then used as ingredients by Air Aroma fragrance designers to create a range of signature blend fragrances.

To complete the fragrance they observed the unboxing of a new Apple computer to source fragrance samples. On completion the laptop was sent back to Australia, together with the scent of an Apple Macbook Pro.

The fragrance will feature at an exhibition at West Space, in Melbourne, entitled ‘De facto Standard’ between April 20th and May 12th.

Intel to focus “bulk” of initial Ivy Bridge shipments to desktop market

Posted by:
Date: Wednesday, April 18th, 2012, 06:39
Category: Hardware, News, Processors

intellogo.jpg

Intel revealed on Tuesday that the first wave of its next-generation Ivy Bridge processors will feature quad-core models, the bulk of which are headed for desktop computers, followed by a second launch of dual-core chips for “mainstream notebooks.”

Per CNET, CEO Paul Otellini relayed the information to investors during a quarterly earnings call on Tuesday.

“The first versions of Ivy Bridge that we’re shipping are quad cores, and then bulk of those are going into desktops,” Otellini said, according to a transcript by Seeking Alpha.

“And then the second launch of the products is in the dual core, which is the mainstream notebooks. So I think that helps put a profile over the course of quarter as well.”

Intel pushed the Ivy Bridge launch back by three weeks in order to “make sure that there was enough inventory in the pipeline,” the company’s CFO said. The chipmaker is expected to launch its first batch of Ivy Bridge chips next week.

Otellini’s comments could still leave room for a MacBook Pro release within the first wave of chips. Apple could potentially obtain enough inventory for initial MacBook Pro shipments even if the “bulk” of Intel’s new processors are headed for desktops. Currently, both the 15-inch and 17-inch versions of the MacBook Pro make use of a quad-core Intel processor, while the 13-inch model has a dual-core processor.

Availability of 15-inch MacBook Pros has been constrained among authorized resellers, often a reliable indicator of an imminent update.

Stay tuned for additional details as they become available.

Symantec: Flashback malware still present on approximately 140,000 Macs

Posted by:
Date: Tuesday, April 17th, 2012, 19:21
Category: News, security, Software

The good news: The Flashback malware’s infection numbers have gone down dramatically.

The bad news: About 140,000 of you need to look into removing the malware on your Mac.

Per a recent Symantec blog post, the security firm guessed that the number of affected machines would have dropped precipitously by now given that Apple and third-party vendors released their respective Flashback-neutralizing programs last week. The Mac maker even rolled out a removal tool for those Mac users who don’t have Java installed, and thus may be harboring a dormant version of the malware.

Statistics from Symantec’s “sinkhole,” or spoofed command and control server, show that Flashback has been removed from some 460,000 machines since Apr. 9, but the company expected less than 99,000 would be carrying the trojan by Tuesday.

Sinkholes are used by internet security and research entities to monitor and analyze the spread of malicious programs, though the standard practice sometimes brings unwarranted suspicion to smaller, less well-known firms. For example, Apple reportedly attempted to shut down the server hosting a sinkhole belonging to Flashback’s discoverer Dr. Web, mistakenly thinking that it was a legitimate command and control server. Apple’s move, however, can also be considered standard practice when dealing with fast-moving malware.

There has been no speculation as to why the remaining Macs haven’t already disposed of Flashback, as the self-installing program can be easily identified and deleted. It is possible that machine owners remain unaware of the program and haven’t yet performed a software update that would eradicate it.

The trojan itself continues to propagate on upatched systems. Analysis into Flashback’s structure reveals that it is coded to exceed the .com top level domain, and generates domain names from .in, .info, .kz and .net. Flashback creates one new string every day that is paired with a random TLD.

Once a user visits a site carrying Flashback, the program installs itself without the need for permission and proceeds to collect sensitive data like user iDs, passwords and web browsing histories which it then sends to an off-site repository.

Just as Flashback exploited the “Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability” to create its botnet, another threat has surfaced that uses the same hole as a means of distribution.

Called Backdoor.OSX.SabPub.a, the newly-discovered malware was created in March and is considered an “active attack” trojan as an operator manually checks and harvests data from an affected machine. SabPub has also been seen being distributed in malicious Word documents, installing itself by exploiting a known record parsing buffer overflow vulnerability.

Stay tuned for additional details as they become available.

Apple job listing points to potentially revised power systems for future Macs

Posted by:
Date: Tuesday, April 17th, 2012, 18:40
Category: Hardware, News

applelogo_silver

Sometimes it’s the job listings that prove the most telling.

Per AppleInsider, Apple is looking for a new hire to work closely with Apple’s computer system hardware team for DC-DC power designs integration.

The job listing also makes mention of optimizing power use with “white LED backlight drivers,” related to the LCD screens found on Apple’s iMac and MacBook lineups.

Apple would prefer to hire an employee with a PhD in power electronics. Candidates must have at least 8 years of experience in the field to be considered for the high-level position.

Stay tuned for additional details as they become available.

Third-generation iPad to arrive in 12 additional countries this Friday

Posted by:
Date: Monday, April 16th, 2012, 10:54
Category: iPad, News

There’s only a few certainties in this world. Death and taxes are the discouraging ones, but the likelihood of the iPad 3 arriving in your country is the third (and more upbeat) one.

Per AppleInsider, Apple will launch its new third-generation iPad in a total of 12 countries this Friday, April 20, while even more countries, including India, will get the new iPad a week later.

The full list of countries where the new iPad will debut this Friday is Brunei, Croatia, Cyprus, the Dominican Republic, El Salvador, Guatemala, Malaysia, Panama, South Korea, St. Maarten, Uruguay, and Venezuela.

In addition, a week later, on Friday, April 27, the new iPad will also become available in Colombia, Estonia, India, Israel, Latvia, Lithuania, Montenegro, South Africa, and Thailand.

The new iPad will be available starting at a suggested retail price of US$499 for the 16-gigabyte Wi-Fi-only model. Apple will also sell the 16-gigabite Wi-Fi iPad 2 for US$399.

The new iPad also comes available in a model with 4G LTE high-speed wireless Internet. However, customers in the latest launch countries will be restricted to slower 3G speeds, as the new iPad is only compatible with 4G LTE networks in the U.S. and Canada.

The third-generation iPad has seen the fastest international roll-out of any Apple product ever. It originally debuted in mid-March in the U.S. and nine other countries, while an additional 25 countries and territories gained the new iPad just a week later.

Stay tuned for additional details as they become available.

Flashback trojan emerges as “LuckyCat” variant, exploit found to spread malware via Microsoft Word documents

Posted by:
Date: Monday, April 16th, 2012, 09:44
Category: News, security, Software

You’ve got to hand it to whoever developed it: they’re persistent.

Per SecureList, a new version of a backdoor trojan for Apple’s OS X operating system takes advantage of an exploit in Microsoft Word to spread.

The latest variant of the attack known as “LuckyCat” was discovered and detailed by Costin Raiu, Kasperskky lab expert. Raiu found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.

“We are pretty confident the operation of the bot was done manually — which means a real attacker, who manually checks the infected machines and extracts data from them,” Raiu wrote in a post.

The new Mac-specific trojan, named “Backdoor.OSX.SabPub.a,” uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as “CVE-2009-0563.”

The new trojan is noteworthy because it stayed undetected for more than a month and a half before it came alive and data was manually extracted from the machine. That’s different from MaControl, another bot used in attacks discovered in February 2012.

There are currently at least two variants of the “SabPub” trojan, which remains classified as an “active attack.” It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.

Security on the Mac has been in the spotlight of late as a result of the “Flashback” trojan that infected more than 600,000 Macs worldwide. Apple addressed the issue with a series of software updates last week designed to remove the trojan from affected machines.

The Flashback botnet harvested personal information and Web browsing logs from infected machines. The trojan, which disguises itself as an Adobe Flash installer, was first discovered last September.

Stay tuned for additional details as they become available.

Apple releases third Mac OS X 10.7.4 seed to developer community

Posted by:
Date: Monday, April 16th, 2012, 09:47
Category: News, Software

It’ll be cool to see what comes next.

Per AppleInsider, Apple on Friday seeded the new OS X 10.7.4 build 11E46, asking developers to focus on the App Store, graphics, Mail, QuickTime, Screen Sharing and Time Machine.

The third build has no known issues and Apple is asking devs to continue their focus on the same areas as the second beta, called 11E35. This release comes less than a month after the first beta was released on March 16.

There are presently no known issues and the new developer-only beta is available for download at the Mac Developer Center.

If you’ve tried the new build and have any feedback to offer, please let us know in the comments.