malware
Latest
New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk
Mobile malware is nothing new, especially for Android users who have trained themselves to navigate the sometimes shady back alleys of the Market. The fine folks at CA Technologies came across an interesting new trojan though, that does something slightly more unnerving than max out your credit cards -- it records your conversations. There's no evidence that this has actually found its way into the wild yet, but it's entirely possible that some nefarious developer could capture your calls and upload them to a remote server. Obviously, this wouldn't hold much interest for your traditional cyber crook, but suspicious significant others and corporate spies could have a field day with such capabilities. All we can do is suggest you remain vigilant and maintain a healthy dose of paranoia about any apps on your phone.
Mac malware 'explosion' missing in action
The appearance of the MacDefender trojan back in May provoked a lot of back-and-forth between various tech writers (including your humble correspondent). Was this a sign that the good times were ending? That the Mac platform would come under ever-fiercer attack from malware authors? That soon we'd all be running resource-sucking virus scanners and a-fearing every link we clicked? Well, in a word: no. It wasn't. And I've got some science to prove it. A primer on "malware definitions" If you're unfamiliar with the concepts at work here, it'll help to understand my results if you know exactly what a "malware signature" is. The primary way a malware scanner works is to examine files on your computer -- sometimes all files (the so-called "deep scan" approach, which usually takes hours) and sometimes only specific files that are known to be targeted by viruses, trojans, and other malware. Scanners also usually stay running in the background and scan each and every file you open and program you run right as they load, as an extra level of always-on protection. This last mode is what often causes computers to feel sluggish after you install anti-malware software. So what does this "scan" thing entail, exactly? Glossing over a lot of technical details, the scanner will run the file it is examining through a hash function of some kind. This is a sort of ultra-strong fingerprinting algorithm that creates a unique identifier for the file (a 'hash') that can definitively match data or code segments. The malware definitions list is a catalog of hashes that have been generated from known malicious files; if a file on your system matches one in the list, then boom, You've Got Malware. An example of XProtect's signatures for MacDefender. For this setup to have any value at all, it's crucial that the definitions list is kept up-to-date. Things can move fast in the malware world; new threats emerge suddenly and (even more insidiously) malware authors tweak their existing programs to have a different signature, making them undetectable by the scanner. These "variants," as they are called, result in a rapid cat-and-mouse game between developers of malware software and developers of malware scanners. This is what happened to Apple back in early June. The MacDefender trojan prompted Apple to start aggressively pushing out updates to its own in-house malware scanner, XProtect. This, in turn, prompted hackers to start releasing new variants of MacDefender that bypassed the new check, then another new check from Apple, another new version of MacDefender, and so on. Many commentators wrote long posts with varying degrees of pessimism and optimism about how this would end. Would the hackers win and Apple be overwhelmed, or would they be defeated by Apple's vigilance? My methodology Two months ago, I tried to come up with a way that we could answer that question definitively. I wrote a small script to download Apple's malware definitions file every hour and permanently store each unique version. I started this script running on June 2nd, capturing version 2 of the file; since then there have been 22 further versions, each adding new malware definition signatures to the scanner. I now have all that data at my fingertips. Before I show you what I've discovered, let's consider what this script hasn't taken into account. It's not really measuring how much malware exists for the Mac, of course. It's measuring how much malware Apple has identified -- whether MacDefender related or not (there is other malware listed in the file, like OSX.HellRTS.) However, I think that's not too useless a metric: we know that Apple put considerable effort into staying on top of the situation with MacDefender, sometimes releasing updates to the definitions file just hours apart. We can also assume that Apple, with its world-wide support staff, can do a better job than anyone else at keeping its ear to the ground for new threats. It seems reasonable to assume that the state of that XProtect definition file is a good proxy for the state of Mac malware in general. Results The following and graph shows the number of unique malware variants listed in the file as each new version was released. There are two occurrences where the graph goes down, i.e. a new version of the file lists fewer definitions than the older version. This happened when Apple found two new variants, wrote signatures for them both, then later found a single signature that covered both variants. My script records this as a variant "disappearing" because there are fewer signatures overall. It doesn't mean that protection actually decreased. Analysis For a period of several weeks, we see the rapid cat-and-mouse game predicted by people like Ed Bott. Variants of MacDefender appear at the rate of about one a day, and we see a corresponding update of the XProtect definitions file once or even twice a day also. This keeps going until we reach the 21st version of the definitions file, which detects 15 distinct variants of MacDefender (labelled OSX.MacDefender.A through to OSX.MacDefender.O) using 12 different detection signatures. And then... nothing. No new updates to the file since the 23rd of June. There are two ways to look at this. It's possible that the malware kept coming, and Apple either failed to notice it, or just gave up trying to keep up. If that were true, though, we'd expect to still be hearing about it, both in the general press and from TUAW's contacts throughout the Mac ecosystem of developers and support staff. But we've heard nothing. The other option, then, is that the malware has stopped evolving. The MacDefender authors gave up trying to issue new variants, and nobody else has (so far) taken their place. The Mac malware scene is... well, if not dead, then asleep. Stunned. Pining for the fjords. I stand by my earlier cautionary note. There's no magical protection against malware in OS X -- there's solid engineering, but that's not infallible. All computer users, regardless of OS, should remain vigilant: don't run software from untrusted sources, don't fall for web browser popups screaming that you have viruses, think twice before entering your iTunes or online banking or email password into an unfamiliar website. Still, for now, I think Mac users who were worried about MacDefender can partly relax. The wolf is still not at our door. Footnote: regarding Lion's version of XProtect The recent release of Mac OS X 10.7, Lion, appears to have brought some changes to XProtect as well as overall enhancements to OS security. The URL that is probed for new malware definitions has moved (from here in Snow Leopard to here in Lion) and the file itself contains quite different signatures -- there are signatures in each version of the file that do not appear in the other. Furthermore, although the Snow Leopard version lists MacDefender.A through to .O (15 variants in all), the Lion version only lists .A and .B. The .B definition list, however, contains many more signatures. It doesn't necessarily mean that XProtect doesn't detect as much malware as it did before. My guess would be that the new OS has brought with it internal modifications to how XProtect works that has caused these changes. Again, however, I do not feel that this invalidates my results. Snow Leopard remains a supported OS that will still have a large install base for some time to come, and (we can assume) Apple will continue to release security updates for it in as timely a manner as it ever did -- including XProtect updates.
Google pulls co.cc subdomains from search, brings our global malware nightmare to an end
Google's been on a creative tear lately, rolling out new products and revamping older ones. But there's a reason the phrase "search giant" is synonymous with Big G, and it's always working to return better results. Sometimes that means tweaking its algorithm to prevent SEO-gaming; other times it means dropping over 11 million sites from search results, as the company just did in blocking the .co.cc subdomain. Google classifies it as a "freehost" -- it belongs to a Korean company that provides free or cheap domains, often bulk-registered -- and after automated scanning revealed a high percentage of malware-hosting sites, decided to scrub the entire lot from its results. Of course, this is something like using a nuclear weapon against cockroaches: it causes a lot of collateral damage, while your real target scurries to its next hideout. Still, we wish Google well in its bravely quixotic mission.
Microsoft to malware: your AutoRunning days on Windows are numbered
Beware, malware. The Windows AutoRun updates for Vista and XP SP3 that Microsoft released in February have so far proven successful in thwarting your file corrupting ways. Although Windows 7 was updated to disable AutoPlay within AutoRun for USB drives -- freezing the ability for a virus to exploit it -- the aforementioned versions had remained vulnerable up until right after January. Fast-forward to the period between February and May of this year, and the updates have reduced the number of incidents by 1.3 million compared to the three months prior for the supported Vista and XP builds. Amazingly, when stacked against May of last year, there was also a 68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft's Malicious Software Remove Tool. There's another fancy graph after the break to help illustrate, and you'll find two more along with a full breakdown by hitting the source link down under.
Don't bring your computer viruses to Japan, because they're illegal now
Tired of getting swamped with spam and malware? Just pack your things and catch the next flight to Japan, where computer viruses are now considered illegal. Under the country's new legislation, anyone convicted of creating or distributing viruses could face up to three years in prison, or a maximum fine of ¥500,000 (about $6,200). It's all part of Japan's efforts to comply with the Convention on Cybercrime -- an international treaty that requires member governments to criminalize hacking, child pornography, and other terrible things. Privacy advocates, however, have already raised concerns over some stipulations that would allow investigators to seize data from PCs hooked up to allegedly criminal networks, and to retain any suspicious e-mail logs for up to 60 days. In an attempt to quell these fears, the Judicial Affairs Committee tacked a resolution on to the bill calling for police to exercise these powers only when they really, really need to.
Force your Mac to update malware definitions (Updated)
You've updated your Mac with Security Update 2011-003, but how do you know if you have the latest malware definitions from Apple? Macworld had a nice technical note on how to force your Mac to update its malware definitions, so we thought we'd pass that knowledge along. To start, you can check to see how old your malware definitions are by launching Terminal (found in your Utilities folder in the Applications folder), copying the following code, pasting it into Terminal at the prompt, and then pressing the Return key: more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
More malware in the Android Market: Google removes 26 deleterious app doppelgangers
Ideally, we'd do our smartphone software shopping free from the specter of malicious apps masquerading as useful ones. This past weekend, however, 26 apps in the Android Market were discovered to be packing pernicious code called Droid Dream Light. Apparently, the dastardly devs who made the malware took existing apps and modified them to send details (including IMEI and IMSI info) about the infected handset to a remote server upon receiving a call. The code can also download and cue new package installations, but it needs user approval to do so. Google promptly pulled the offending apps, but their appearance serves as another reminder to be careful when downloading software on your smartphone -- prudence demands minding your app permissions, lest your little green bot start stealing your personal info.
Avast! Free Antivirus for Mac beta now available
Apple released Security Update 2011-003 yesterday with protection from the MacDefender malware and its variants, but some of our readers might want to do more to protect their Macs from malware. Avast has been a longtime supplier of a free (for non-commercial use) antivirus package for Windows that is unobtrusive and fast, so it was with a great deal of interest that I read a PR blast from the company this morning. The company has just released a beta of avast! Free Antivirus for Mac for download and testing, and like the Windows version of the software, it looks pretty good. The company previously had a download for Mac, but as noted in the user forums on the Avast site, "The current popularity of Apple products also makes them more interesting for the bad guys so we thought it would be good to prepare for the battle sooner rather than later." The result is a product that is much more on par with the Windows product. To install the downloaded beta app, you simply drag the application icon to the Applications folder and double-click to launch. The app uses Growl notification, so it helps if you have Growl pre-installed. The app has three shields that are in operation at all times: the File Shield, which scans the binaries of launched apps and all files that are being modified, the Web Shield, which monitors and filters all HTTP traffic coming from websites, and the Mail Shield, which monitors and filters all POP3 and IMAP traffic. In addition, avast! Free Antivirus for Mac can do on-demand scanning of the whole file system, network volumes, or mounted removable volumes. The scanning engine is updated automatically -- I'm just happy that it doesn't speak "virus database has been updated" the way the Windows version does because that has a tendency to startle me. Unfortunately, the app does seem to slow down page loading in Safari, and I'm sure it would do the same with Firefox and Chrome. Of course, this is beta-ware, so the Avast team will most likely work on optimizing their code as the product gets closer to general release. If you're considering antivirus software for Mac for yourself, relatives, or employees, you might want to take a look at the avast! Free Antivirus for Mac beta.
Hours after security update, new MacDefender variant evades it
And the cycle continues. Yes, just hours after Apple released a security update designed to smack down the recently-prevalent MacDefender malware, ZDnet's Ed Bott reports that a new variant of the bogus 'security' software has been released into the wild. This version is called "Mdinstall.pkg" and it works exactly as before, installing itself on Safari without any approval needed (as long as the default "Open 'safe' files after downloading" setting is on, which we recommend you disable). The timestamp on the file reportedly shows that it was put together as recently as last night, which means that these hackers are actively working against any defenses Apple put in place yesterday. The security update from Apple -- so far only available for Snow Leopard 10.6.7 users, meaning that 10.5 Leopard users (not to mention 10.4 Tiger) are still vulnerable -- adds a new option in the Security preference pane, seen here. The anti-malware tool apparently checks in with Apple's servers periodically to update its definitions suite, just as you would expect it to. So what's the solution here? Short of Apple simply removing the ability of Safari to open up files like this at all (which would of course hamper that functionality for folks who use it), the only real solution is to do what you've got to do on all computer systems subject to attacks: practice constant vigilance. It'll be interesting to see if Apple steps back up again on this one with another update (which would then incur another variant of the malware), but until then, users have to be educated and careful about what they click on in the browser. If you're already fighting off an installation of the Mac Defender malware, be sure to check out our handy removal guide.
Apple cracks down on MacDefender, prevents malware downloads with daily quarantine list
Preconceptions aside, Apple products do occasionally spread viruses, and not just the biological kind, which is why Cupertino saw fit to equip Mac OS X 10.6 Snow Leopard with a quarantine function to safely set malware aside. This week, however, Apple's kicking those digital white blood cells into high gear, updating that quarantine list daily with a new background process. The company's primarily got its crosshairs on the recent MacDefender scare, of course, but on the off-chance malware starts coming out of the woodwork, it sounds like you won't have to wait for a formal security update to be forewarned of the dangers. If privacy's your primary concern, however, you can also opt-out -- take a gander at our source links to see how it's done. [Thanks, Jake]
Responding to Security Update 2011-003 in verse
What is it about viruses and security concerns that automatically lend themselves to verse? TUAW doesn't analyze these things. It merely moves with the flow. Here is our "Burma Shave" style overview of the Mac Defender/Apple Security Update crisis. When those Macs caught 'la grippe' Apple responded; its bud they nipped Security Update waits for you Bid MacDefender an unfond 'adieu' ...Burma Shave Think you can do better? Leave your rhymes in the comments.
Mac Security Update 2011-003 now hunting MacDefender
Mac Security Update 2011-003 has appeared in Software Update and is available for immediate download and installation. According to KB article HT4657, the update provides a File Quarantine definition for the OSX.MacDefender.A malware and Mac OS X 10.6.7 will now automatically update the definitions on a daily basis. The update will also search for and remove MacDefender and its known variants. If you prefer to defuse your malware manually, be sure to refer to our guide. The update will be available later directly from Apple Downloads, and we'll update this post with a direct link at that time.
Skype taken to task by angry users over claimed crapware payload (update: disabled for now)
The Skype forums are a hive of panic and abuzz with accusations that either the company is bundling crapware with its VoIP app or has a serious security problem. Users are reporting that a strange, new, and difficult to uninstall program is finding its way on to their PCs called EasyBits GO. EasyBits is the company that has powered Skype's games channel since 2006, but at least until now its wares have not been standalone software. One moderator has declared EasyBits Go is not part of Skype and suggested customers immediately run a malware scan, but mods are volunteers and not official representatives of the company, so we're taking it with a grain of salt. Another (later) post from a forum admin simply states that Skype is looking into the issue and will release an official statement, though we have no idea when that might actually happen and we're awaiting reply to our own request for comment. It appears that a rep from EasyBits Media has taken to the forums to quell some of the outrage, but to no avail. Posts from the team are painfully vague, saying that it was part of an update to the gaming platform and apologizing for the misunderstanding, before linking directly to an .exe that it claims will remove the offending software. To say that forum users are wary of the executable would be an understatement (most responses have involved torrents of profanity). Reports are that the suspicious app is installing itself without any approval from users, but we can't confirm this since any attempts to install in our lab of doom resulted only in errors while downloading. For now, we'll just have to wait for word from Skype, and the company better move quick -- the pain of the recent outage is still fresh in many customers' minds. Update: Skype has officially confirmed that EasyBits GO was erroneously added to its installer, and says that the buggy update has been disabled for now. Strangely, the official blog suggests that disabling the software is a temporary measure, and that it might reappear soon, as Skype will "work with them to correct the problems and user experience" that led to user qualms. [Thanks to everyone who sent this in]
Upcoming MacDefender patch is not the first AV tweak to Mac OS X
This upcoming MacDefender patch is not the first time Apple has tweaked Mac OS X in response to a malware threat. Many people forgot that recent versions of OS X were designed with a built-in malware detection system. Mac OS X 10.4 and 10.5 Leopard had a validation system called File Quarantine. In Leopard, it triggered a warning dialog box when you opened a file that was downloaded from your browser, email client or iChat. OS X 10.6 Snow Leopard improved upon File Quarantine by adding a system to check files against known malware definitions. These definitions were stored in the XProtect.plist file. Just last year, the 10.6.4 release of Snow Leopard contained a malware tweak to detect a backdoor Trojan horse. This fix was not mentioned in the OS X documentation, but security firm Sophos noticed a new entry in the XProtect.plist file for the Pinhead-B threat. This Trojan horse was distributed as a ripped copy of iPhoto. If you installed the fake program, hackers could use your Mac to send spam, take screenshots or snoop through your files. Unlike the MacDefender threat, the iPhoto Trojan horse was dismissed by the Mac community. Infected people were pirating software and brought this upon themselves. MacDefender, though, is a whole new ballgame. People encounter it while innocently browsing the Web and are easily duped into believing the Apple Security Center is real. It's not the apocalypse, but it's definitely a wake up call. [Via Sophos and Macworld]
In a MacDefender world, practice constant vigilance
A week ago, I did my public service duties and linked the MacDefender protection and removal guide that Steve Sande wrote to my Facebook wall. Then I braced for the comments. Luckily, none of the taunts I expected about Macs now being subject to malware came to light. What I did get was general surprise that Mac users had to be aware of such a thing. "I thought Macs couldn't get viruses and such," one commenter said. Sadly, it's not the case any longer. As fast as we're educating people on how to fight MacDefender, and Apple is developing a patch to fight it, the malware is morphing and coming up with different methods of worming into your system -- including now being able to install sans password. It's a battle that Windows users have long grown tired of, but Mac users are still blinking their eyes and not quite believing that it's our turn. Macworld published an excellent piece on what MacDefender really means to the Mac community. As Macworld says, even though this is the monster under the bed that Mac users have evaded until now, it doesn't mean a malware apocalypse is upon us.
Apple: Mac OS X update coming to block MacDefender malware
Tipster TJ just pointed us to a new Apple Support knowledge base article that describes how to avoid and remove the MacDefender malware. It's largely the same information that we have in our removal guide, but it's good to see that Apple is now making the instructions available for everyone. (Sample tip: "If any notifications about viruses or security software appear, quit Safari or any other browser that you are using.") One of the more interesting points from the knowledge base post is seen in the graphic above: Apple says that a Mac OS X software update is coming soon that will automatically find and remove MacDefender and its known variants, as well as giving users a warning if the malware is downloaded to the Mac. According to our developer friends, Apple also sent out a Developer Seed Notice on May 20 to Mac developers regarding Mac OS X 10.6.8 Build 10K524, which became available for download and testing on that date. We have reason to believe that this security/malware patch will be rolled into Mac OS X 10.6.8, which means it's coming pretty soon.
Another phishing email takes on Apple themes
According to MacRumors, yet another Apple-styled phishing email is making the rounds. This one seems to be a lot more insidious than another phishing email that circulated last week. While the earlier email had several aspects to it that were dead giveaways it was fake, this new email could very easily trip up anyone who doesn't pay attention to the latest Apple news. The "from" line says the email comes from Apple.com (noreply@apple.com), lending an air of credulity to it that the earlier email lacked. The message claims to be concerned with the debut of the iPhone 5, and it contains images pulled from various sources around the Web alongside some copy written in a very Apple-y style. Our readers will no doubt recognize these images as fake right away, but they might appear plausible to people who don't follow the news very closely. As such, this email is potentially more dangerous than the one that was circulating last week, particularly since an inviting "check it out" link downloads a Windows executable file that could contain just about anything. It probably seems obvious to us Apple fans, but for everyone else it bears mentioning: Apple doesn't announce new products via email like this, especially not flagship products such as the iPhone. For major product launches, Apple puts on a keynote event that gets wide media coverage; for minor product refreshes, sites like this one get the word out even when Apple doesn't draw much attention to them itself. If you get an email like this that claims to be about the latest and greatest Apple product, but no one else on the internet has discussed it at all, don't bother clicking anything and just delete the message. Better yet, until this latest round of phishing emails gets monkey-stomped into the digital dirt, it's probably a good idea to avoid clicking on anything in any unsolicited messages that appear to be from Apple. If you really want to see what's new on the Apple Store, the URL is very easy to remember: store.apple.com.
MacDefender malware protection and removal guide
Screenshot thanks to @jaythenerd The MacDefender malware has been causing trouble for Mac users all over the world; people are calling Apple Support in a panic, spending time visiting their local Apple Store Genius, and getting all stressed out about it. What's worse: the malware is mostly harmless to your computer. It's a scam trying to rip off your credit card number, not hurt your Mac (not that the theft of your credit info is a good thing). The attack, which displays a message stating that your machine has been infected with viruses that only a "MacDefender" app can remove, has been spreading rapidly -- most of the folks encountering it are coming across it via Google image searches, where results have been 'poisoned' with the malware download. MacDefender doesn't infect Macs with a virus, nor does it run a keylogger as a background process on your machine. It's simply trying to scare users into providing credit card information by registering an unneeded piece of software. MacSecurity and MacProtector are the same scam software, differing in name only. It's been reported by ZDNet's Ed Bott that Apple is telling support reps not to assist with removing this malware. You're on your own, but TUAW is here to help you. Read more to find out how to protect yourself from MacDefender, what a MacDefender attack looks like, and how to remove the app if it is installed on your Mac.
AppleCare rep tells Ed Bott Mac malware reports are up
An anonymous AppleCare support representative spoke to ZDNet's Ed Bott over the weekend, telling the reporter that complaints about malware infections on the Mac increased significantly in the first half of May. "This last week over 50% of our calls have been about [malware]," said the AppleCare staffer. "In two days last week I personally took 60 calls that referred to Mac Defender." Earlier this month, a new series of malicious software packages with names like "Mac Defender," "Mac Security" and "Mac Protector" began to assault Apple's computing platform. Websites would alert users their Macs were infected and persuade them to download and install "Mac Defender" to protect their computers from the alleged attack. Rather than eliminate malware, these trojans prompt users to provide credit card information to their authors. It's all a scam. Even so, the scam appears to be quite effective. The AppleCare staffer claims many callers believed the warnings from these malware packages were legitimate or came from Apple, and in the last week, call volume for the computer-maker's support lines was up to five times higher than normal. "I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls," the AppleCare representative told Bott. It's unclear from Bott's interview how many callers had actually installed the phony "Mac Defender" software and how many were calling to verify the authenticity of an alert on a website claiming their computers were infected. The AppleCare staffer's facts and figures are notably anecdotal. It's difficult, for example, to reconcile a five-fold increase in call volume since the malware attacks began when only half the calls have to do with "Mac Defender." Although the AppleCare staffer's story sounds a lot like a surfer boasting about a tremendous wave, it's important to use common sense when installing software from the internet. Unlike a virus or worm that sneaks onto a computer without authorization, trojans like "Mac Defender" require an administrator to provide his or her password and knowingly install the malicious software. When TUAW first reported these malware attacks, we offered some helpful tips for avoiding these digital con games. Is this AppleCare representative capitalizing on the latest wave of Mac malware hype and exaggerating his or her story for attention? Or is the "Mac Defender" family of trojans really gaining traction among a community of unsuspecting Mac users? Let us know what you think in the comments.
Malware, Macs, and crying wolf: Doing the math
Love Apple gear? Like math? TUAW's Doing the Math series examines the numbers and the science that lie behind the hardware. The contentious subject of Mac security has been back in the news in recent weeks following the emergence of a fake antivirus package called MacDefender (also known as Mac Security and Mac Protector) that managed to steal a number of users' credit card details, and a new piece of "crimeware" called Weyland-Yutani BOT which allows non-technical hackers to easily create password grabbing webpages that specifically target Mac browsers. This prompted a fresh round of "the Mac is under attack! Malware will drown us all! Exclamation!" blog posts, followed by the usual backlash against them. On the alarmist side, Ed Bott wrote "Coming soon to a Mac near you: serious malware", predicting doom, gloom, and dogs and cats living together. The case for the defence was eloquently made in an article entitled "Wolf!" by Mac uber-blogger John Gruber where he simply collected assorted "Mac malware is inevitable" quotes from prominent analysts... going back to 2004, and all clearly unfulfilled in the sense of widespread attacks or exploits in the wild. Bott responded with a thoughtful post where he made a more reasoned case that malware for Macs really is inevitable in the long run, regardless of how inaccurate previous predictions have been. So who's right, and who's wrong? Is it time to run to the hills or are people just sounding the gong of panic unnecessarily? In this post I'm going to try and dive a little deeper into the issues surrounding Mac malware, hypothetical and real, and separate the headlines from the facts.
