David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud



OSX/Dockster Spyware

On November 30th, Intego blogged about OS X spyware it calls OSX/Dockster.A. This relatively simple backdoor trojan, found on Virus Total, provides a remote shell to give a remote attacker access to the system, provides a channel for downloading additional files, and has keylogger functionality. They flagged it as low-risk, as at that time it was not known to be in the wild. It was, however, suggested that its exposure to Virus Total might be intended as a test before pushing it to the public.

Sure enough, F-Secure has blogged today (3rd December 2012) about a Dalai Lama-related website from which the Java-based exploit CVE-2012-0507 (also used by Sabpab and Flashback) to push the Dockster malware. While neither F-Secure nor Sophos seem sure whether Hxxp:// is a legitimate site that has been compromised, it is, in fact, the Dalai Lama’s Tibetan language site, set up in 2010.

However, it isn’t the first time it’s been compromised in order to attack sympathizers with the exiled Dalai Lama. Sophos informs us that it has been blocking the site for users of their software since they noticed a security problem with it in October 2012 and calls the malware OSX/Bckdr-RNW.


Posted 03/12/2012 by David Harley

Tagged under: David Harley , Intego , Sophos , F-Secure , Dockster , spyware , Virus Total , Dalai Lam , CVE-2012-0507 , Sabpab , Flashback

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×