Apple Raises the "Anti" for Revir, but Intego gets Flashbacks

The H (Heise) reported today that Apple has added detection for OSX/Revir to its XProtect facility, provided in OS X versions since Snow Leopard.

While I'm not the biggest fan of the XProtect approach to malware management (I'll go into that another time), Apple are to be commended on their (relatively) quick response, which will offer some protection to Mac users without security software in the unlikely event that this particular malware suddenly takes off in this particular form. 

In the same report, The H also mentions the OSX/Flashback Trojan reported today by CNET, though  that report is actually based on a report by Intego, which has received a single report of its being downloaded from an unnamed website. Flashback masquerades as an installer for Adobe Flash Player, which has led to surmise that it is targeting Lion users (Lion doesn't include Flash Player). Intego makes the very sensible suggestions that you should only install Flash Player from the Adobe site, and that Safari users should uncheck the General Preferences option to open "safe" files (which is the default). Otherwise,  Safari is likely to allow installer files with the extensions .pkg or .mpkg to execute automatically.

What’s Hot on Infosecurity Magazine?