Security News

Apple Updates XProtect Malware Definitions for iWorm Botnet

Posted on October 7th, 2014 by

Apple has released an update to its XProtect.plist definitions file to provide Mac OS X with basic detection for iWorm malware. This update detects three variants of OSX/iWorm, which Apple labelled OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C.

XProtect iWorm.A iWorm.B

Apple’s XProtect, or “safe downloads list” feature, has been a part of OS X since Snow Leopard; Intego explained back in 2009 what Snow Leopard’s anti-malware function did and did not do to protect your Mac. Additionally, Apple uses the same feature to block out-of-date plug-ins for both Flash Player and Java, which are often targeted by hackers looking to exploit known vulnerabilities.

The OSX/iWorm malware is a sophisticated botnet affecting Mac OS X computers and used a novel technique to operate (it used Reddit). Last week, Intego wrote about the new iWorm botnet and what it does when installing on a Mac.

Apple’s XProtect system provides rudimentary protection against certain Mac threats. It does not offer live malware scanning, protection against Windows threats or phishing sites, or other protection that full-featured anti-virus software can provide.

While security updates from Apple are always welcome, it’s clear that Apple does not protect against every known threat and often doesn’t release updates in the most timely fashion. Days before Apple updated its definitions, Intego VirusBarrier already began detecting this threat as OSX/iWorm.