(get it in RSS or Atom)

Interested in Mac viruses? Here's Thunderstrike 2, a.k.a. the "firmworm"

When one door closes, another one opens.

Thunderstrike, the Mac firmware hole from early in 2015, is back for its sequel, Thunderstrike 2.

Apple's OS X and Safari get biggish security fixes


Apple has published updates for all supported versions of OS X and for Safari version 6.

A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.

Stay safe online with Sophos this Christmas


From the comfort of summer, Sophos Southern Hemisphere says, "Stay safe online this Christmas!"

We've included some holiday-time tips for your friends and family, too - don't let your cyberguard down over the festive season.

PerlBot: A reason to run anti-virus on Linux?

PerlBot: A reason to run anti-virus on Linux?

This morning I noticed that SANS were talking about a Perl bot that has been reported on various Unix systems. I went looking for this file and noticed that a colleague had already updated the identity for Mal/PerlBot-A to detect Read more…

Updated XProtect protects against OSX.HellRTS

Default image

You may remember in August last year SophosLabs blogged about XProtect and how it can protect you from Mac malware. Earlier, this year Graham blogged about OSX/Pinhead-B a backdoor for OSX. The update schedule for Snow Leopard has been: 10.6 Read more…

Jerusalem Post website serving malware

Jerusalem Post website serving malware

A couple of posts on Twitter brought to my attention earlier today that the website of the Jerusalem Post is serving up malware to unsuspecting visitors. Initially, I suspected that the malware was loaded via a compromised advert stream or Read more…

Troj/JSRedir-AU: Troj/JSRedir-AK redux?

Image (1) bb-ny.jpg for post 25297

Late last year I blogged about ~40% of web-based malware. Earlier this year I mentioned it had changed and late last month I saw that it had changed again into Troj/JSRedir-AU. The infection numbers of Troj/JSRedir-AR and Troj/JSRedir-AU haven't been Read more…

Is it art? Controversy over OSX/LoseGame-A

Default image

Last week, SophosLabs released detection for OSX/LoseGame-A and following Symantec's publishing detection (which they call OSX.Loosemaque) there has been some controversy about whether this is a game or malware (see 1, 2, 3). From my point of view this is Read more…

Snow Leopard malware protection system: What does XProtect do?

Image (1) xprotect.jpg for post 24305

With the release of the new version of OS X today (Snow Leopard OS X 10.6) Apple have added some malware protection. XProtect (we are calling it this as this is the name of the detection data file) provides a Read more…

More Mac OS X malware discovered

Default image

Mac malware can seem like buses - you see none for ages and then two come along at once. Last night, SophosLabs was sent a message containing what claimed to be the "SRC CoDE of new Macintosh Worm" and so Read more…

Mac malware authors still plugging away

Image (1) maccinema.jpg for post 20005

Last week, SophosLabs received several reports of some new Mac malware (Intego and Threat Researcher). So I asked around for samples (sample exchange) and was able to write detection on for OSX/RSPlug-F (and updated it for a minor variant). Like Read more…


Default image

As I'm sure you're by now aware, a security researcher named Charlie Miller was able to pwn Safari in 10 seconds at CanSecWest yesterday! A truly spectacular feat! I'm not even sure how he was able to type so fast! Read more…

OSX/iWorkS-B another Trojan affecting dodgy downloads

Image (1) cs4.jpg for post 19948

SophosLabs heard some reports today regarding another Trojan affecting dubious downloads from torrent (Intego and Graham Cluley). This Trojan, OSX/iWorkS-B, is affecting Adobe Photoshop CS4 downloads on torrent. OSX/iWorkS-B has a similar modus operandi to OSX/iWorkS-A. The differences mean that Read more…

OSX/iWorkS-A another reason to have a Mac security product

Image (1) package.jpg for post 23203

Yesterday, SophosLabs was made aware of a new Mac OS X Trojan affecting a dubious copy of iWork '09 (an update to Apple's popular rival to Microsoft Office). In the news and blogosphere there were several write-ups and descriptions (Threat Read more…