RSS Alerts

Share

More services

David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

Biography:
The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud

CybercrimecloudWiFiComplianceDavid HarleyMalwareSecurityhacking

Bloggers

Blog

I Keep Getting Flashbacks

2012 was looking quite quiet in Apple security terms up to now, but I see that the guys behind the OSX/Flashback Trojan are quietly beavering away. No sooner had  Apple updated XProtect, a system utility that provides a certain amount of protection against a selection of OS X-targeting malware, to include a handful of OSX/Flashback variants, than Intego reported another variant not detected by XProtect.

Without taking any cheap shots at Apple’s better-than-nothing-but-less-than-industrial-strength anti-malware measure, there’s a distinct echo here (as Topher Kessler noted last week) of the 2011 tussle between Apple and the guys behind MacDefender and related fake security software, when for a while it seemed that every Xprotect update was followed by a new version of the malware (including some notably innovative tweakings). An old story for commercial antivirus, but Apple was, it seemed, signing up for a slightly different ballgame.
 
Since Intego first reported Flashback in September 2011, the company has flagged a number of variants (according to its most recent blog, it’s up to OSX/FlashBack.J). It’s rarely possible nowadays to map variant names accurately from one vendor to another without having access to a sample or at last a hash value, but Intego states that XProtect does not yet recognize the sample or samples to which their variant name refers.  

Posted 16/01/2012 by David Harley

Tagged under:XProtect, Intego, David Harley, Apple, OSX/Flashback

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012