iAntiVirus Blog

Safari Update Now Available for Download

2009-07-09T16:16:00.000-07:00

Apple has released Safari version 4.0.2 for Mac OSX 10.4 and 10.5, Windows XP, Vista, and 7 beta which, according to the release notes, improves the stability of its Nitro JavaScript engine, and also includes two security fixes.

The said security fixes addresses the issue on Webkit's handling on the parent and top objects which may result in a cross-site scripting attack when visiting a maliciously crafted website, as well as its handling of numeric character references which causes memory corruption. Apple has posted a knowledge base article on these two vulnerabilities, and more information can be found here.

This 40MB update is available via Software Update, or by manual download in the Apple website.

Lady Gaga's Latest Album leads to Malware Download

2009-07-02T22:39:00.000-07:00

The RSPlug trojan horse seems to be spawning quite rapidly the past few months. After only a few days when a variant of this trojan horse was spotted on a gaming website, our Malware Research Team discovered a newer variant of this threat lurking in a website offering free "music" downloads.

This new variant, which iAntivirus detects as Trojan.OSX.RSPlug.M, disguises itself as one of the many music album downloads available in the website like Lady Gaga's latest album pictured above. All music album links in the website will lead Mac users to download disk images containing RSPlug.M. Windows users, however, are led to download its Windows executable counterpart which PCTools Internet Security for Windows detects as Trojan.Alureon.a.

This new variant exhibits the same behavior just like the others. The only notable difference is a slight modification in the code to evade Antivirus scanners.

Mac users should be wary when downloading music from untrusted sources. It's also worth mentioning that digital music doesn't normally come as a disk image file (.dmg), and this alone should raise one's suspicion that the file being downloaded is not legit.

From Porn and Warez to Game Sites

2009-06-25T17:43:00.000-07:00

The Malware Research Team found a new variant of the Trojan.OSX.RSPlug threat masquerading as a gaming software. Previous versions of this threat were mostly found on sleazy porn, and warez sites. Malware writers responsible for this threat took a different route this time targeting unsuspecting gamers.

The new variant which PC Tools iAntivirus detects as Trojan.OSX.RSPlug.k were discovered in this website:

The threat is disguised as a DMG (Mac Disk Image) file of a game whose file name is as follows:

Clicking on the link pointing to the said malicious file will download it onto the unsuspecting user's computer and is automatically executed.

Like most RSPlug variants, this one also displays the MacCinema installation window:

This threat pretends to install a legitimate program on the user's computer, but silently runs malicious BASH scripts that are packaged in the DMG file in the background. Moreover, these scripts are found to be encoded in UUencode using the SED command.

Here's a screen capture of one of the said BASH scripts:

These scripts are further encoded (in three layers), and further decoding the script will reveal a PERL script with a HTTP GET request for another PERL script called generator.pl:

Like the previous variants, the PERL script that is being retrieved via the HTTP GET request also changes the user's DNS server using SCUTIL commands resulting into the user being redirected to phishing or malicious sites.

PC Tools iAntivirus recommends its users to Smart Update to our latest database for full protection against this threat.

iAntiVirus in the Boston Globe

2009-02-12T23:31:00.000-08:00

Came across this article yesterday which mentions iAntiVirus.

Apple security update available

2009-02-12T23:29:00.001-08:00

Please run software update to get it right away!

New database

2009-01-21T18:50:00.001-08:00

Hi everyone,

We've just released a new version of the virus database for iAntiVirus.
If you haven't got Smart Update set to automatic then please run it manually to ensure you have the latest protection available!

Detections - updated/new:
Trojan.OSX.DNSChanger.E
Exploit. Trojan.MacOS.Tweesh.a

QuickTime 7.6

2009-01-21T16:25:00.000-08:00

Apple has released an update for QuickTime, amongst the changes are security fixes.

Please run Apple Software Update to get it!

This update addresses heap overflows, buffer overflows, memory corruption issues and others - all of which may lead to arbitrary code execution.

Official information here.

iAntiVirus v1.3 is available

2009-01-07T17:39:00.001-08:00

iAntiVirus v1.3 has passed testing and is now available!

You can grab it from here or run a Smart Update to upgrade.

Changes in this version have been mentioned in a previous post.

Mac OS X Update - 10.5.6

2008-12-15T16:01:00.000-08:00

Apple has released an update for OS X - it addresses several severe security issues.

Please run a Software Update and grab it today!

Security Issues addressed

Apple Type Services (ATS) server PDF embedded font handling issue (CVE-ID: CVE-2008-4236)
Arbitrary code execution in BOM (CVE-ID: CVE-2008-4217)
Heap buffer overflow in CoreGraphics' handling of color spaces (CVE-ID: CVE-2008-3623)
Possible user credential disclosure in Safari (CVE-ID: CVE-2008-3170)
Enhanced download validation capability, previously warnings were not displayed for all unsafe download content types, this allowed for arbitrary code/command execution (CVE-ID: CVE-2008-4234)
Multiple vulnerabilities in the Adobe Flash player plugin (CVE-IDs: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824)
Local privilege escalation issue due to integer overflows in the kernel's i386_get_ldt and i386_get_ldt system calls (affects Intel based machines only) (CVE-ID: CVE-2008-4218)
Infinite loop when an exception occurs in a program (or dylib) which resides on an NFS share (CVE-ID: CVE-2008-4219)
Integer overflow in the LibSystem inet_net_pton function -> this could affect any program which uses that function (CVE-ID: CVE-2008-4220)
Memory corruption issue in the strptime function of LibSystem (CVE-ID: CVE-2008-4221)
Multiple integer overflows in the strfmon function of LibSystem (CVE-ID: CVE-2008-1391)
Per host configuration in managed client system installs sometimes incorrectly identifies the system (CVE-ID: CVE-2008-4237)
natd infinite loop due to a maliciously crafted TCP packet -> only affects systems with the Internet Sharing service enabled (CVE-ID: CVE-2008-4222)
Authentication bypass in Podcast Producer (OS X server only) (CVE-ID: CVE-2008-4223)
Input validation issue when handling malformed UDF volumes, ISO files. Opening a malformed volume may cause an unexpected syustem shutdown. (CVE-ID: CVE-2008-4224)

Information from Apple here .

Note: All CVE IDs will be linked to their respective pages once they become available.

Snow Leopard

2008-12-10T16:31:00.001-08:00

Just a quick note to let you all know that we're testing iAntiVirus on Snow Leopard, and apart from a minor installer issue there have been no problems so far! :)

iAntiVirus v1.3 - in testing

2008-12-10T16:22:00.001-08:00

Hi everyone,

It's been quite a while since I've posted on this blog, but that's because I've been busy working on the next version of iAntVirus! The upcoming version has interface improvements, a smaller footprint, and a number of under-the-hood enhancements which will allow really cool additions and new features further down the line...

Here are some screenshots:

iAntiVirus 1.2 available

2008-11-02T21:16:00.000-08:00

We've just released iAntiVirus v1.2 on Smart Update and on the website.

v1.2 contains the following:

- Addressed time machine incompatibility issue

- Enhanced quarantine functionality (now much faster)

- Various other enhancements

Please get the update and leave your comments on the forum, thanks!

iAntiVirus v1.1 is now available!

2008-10-10T03:18:00.000-07:00

iAntiVirus v1.1 was released recently. Please run a Smart Update or download the package from iantivirus.com

More information available on the forum.

iAntiVirus 1.1 is coming!

2008-10-02T01:09:00.000-07:00

iAntiVirus v1.1 is currently undergoing internal testing.

Some changes in v1.1:

- New scheduled scan type - allows you to specify a scheduled normal or quick scan.

- Updated scan engine which should improve scan speed (it was already fast! :)) and resolves an issue reported on the forum.

- New database with updated signatures and new signatures for 3 exploits .

- Scan progress now displays more information about child objects being scanned (e.g in v1.0 status might say "Scanning /Users/pctools/Downloads/huge_file.zip" for a long time, in v1.1 it will be displayed as "Scanning /Users/pctools/Downloads/huge_file.zip//(updates for every filename in the archive)".

- Scan complete alert - if you've kept the dock icon hidden, a slideup will alert you once a scan has completed (if the dock icon is visible then it will simply bounce, as previously).

We'll make an announcement here once v1.1 has been confirmed ok by our QA team, so please check back shortly!

iAntiVirus 1.0

2008-09-24T22:18:00.001-07:00

Hi everyone,

iAntiVirus 1.0 has passed internal testing and is now available on Smart Update.

Please run Smart Update to get this release!

Thanks to everyone who helped test beta 3.

iAntiVirus 1.0 (non-beta!)

2008-09-23T17:40:00.000-07:00

iAntiVirus 1.0 - not a beta, but the full release is currently in internal testing and should be confirmed ok for public use shortly.

Thanks to everyone who gave comments, suggestions and reported issues ( well 1 issue! :) ) with iAntiVirus 1.0 beta 3.

Once the full 1.0 release has been confirmed ok, it will be announced here first so please check back shortly.

iAntiVirus 1.0 public beta 3

2008-09-17T20:21:00.000-07:00

Hi everyone,

iAntiVirus b3 has passed internal testing and is now available on Smart Update!

This version includes a new scan engine, the ability to schedule quick scans, drag and drop scan support, the ability to enable or disable the dock icon and a variety of other enhancements and fixes.

Please run Smart Update now to get beta 3 and let us know your thoughts on the iAntiVirus forum.

Thanks

Apple Security Update

2008-09-16T18:04:00.000-07:00

Apple has made a large set of security updates available on Software Update.
If you haven't done so already, please update - it helps keep your Mac secure!

More information about the update and issues it addresses can be found at: http://support.apple.com/kb/HT3137

New version is coming

2008-09-10T22:17:00.000-07:00

Hi everyone,

Sorry for the lack of updates recently, we've been busy working on the next version of iAntiVirus!

The next beta is currently being put through it's paces by our QA team and should be confirmed ready for public release shortly.

Some of the changes are:
- New version of the anti-virus engine
- Scheduled Quick Scans
- The ability to enable/disable the dock icon (some people really didn't like the dock icon!)
- Drag-and-drop support: if you haven't disabled the dock icon you can simply drag and drop folders+files onto it, iAntiVirus will then scan them
- A whole bunch of internal changes and some bugfixes

Please check back occasionally as updates of progress will be posted here first.

New update

2008-07-10T06:44:00.000-07:00

Hi everyone, there is a new database available so please run Smart Update if you haven't already.

This update includes two new detections (Trojan-PSW.OSX.Corpref.A and Exploit.OSX.ARDAgent) plus a variant of an existing threat.

Thanks for the feedback

2008-07-01T18:22:00.001-07:00

Hi everyone, just a quick note to thank you for the feedback you've been giving on the iAntiVirus forum!

Your comments are appreciated and we've taken some of your suggestions on board for the next build of iAntiVirus beta.

Stay tuned and keep the comments coming, updates will be announced here soon.

iAntiVirus in the press

2008-06-30T18:59:00.000-07:00

Hi everyone, iAntiVirus has been picked up by various news sources :)

Macworld, TechNewsWorld, bMighty.com, NetworkWorld.com, BetaNews

iAntiVirus public beta 2

2008-06-26T19:37:00.000-07:00

Hi everyone, we've recently released iAntiVirus beta 2!

Changes in this version:
1. Addresses a scan issue reported by 2 of our external beta testers.
2. Installer includes the latest virus definitions

You can update by downloading and installing the package from www.iantivirus.com, or by simply running Smart Update if you are already an iAntiVirus user:

1. Click the Smart Update icon on the top right of the iAntiVirus main window.
2. Click "Upgrade now" at the upgrade available prompt:

3. Wait for the upgrade to be downloaded:

4. Enter your password when prompted:

5. iAntiVirus will restart and you will be running the latest version currently available :)

Requesting comments

2008-06-24T20:35:00.000-07:00

The iAntiVirus beta was released recently and we are looking forward to everyone's comments!

Please leave any feedback you may have on the forum.

If you haven't already done so, download iAntiVirus v1.0b from the iAntiVirus website.

Tell us what you like, dislike and also what you would like to see in future versions!

Thanks

iAntiVirus update

2008-06-23T23:32:00.000-07:00

Hi everyone,

The iAntiVirus database has been updated to include a trojan which has been seen in the wild exploiting the Apple Remote Desktop vulnerability.

Please be sure to run Smart Update and get the latest protection!