Automatically Change .om to .com To Prevent Malware

Malcontents are sneaky.  In their latest ploy, they are counting on you misspelling “.com” so they can send you to one of their fake domains.  So instead of going to netflix.com, you end up at netflix.om–a phony site determined to infect you with malware.  If you are not paying attention, you might not realize you are on the wrong domain. Continue reading “Automatically Change .om to .com To Prevent Malware”

Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files

Apple has already shut down the ransomware found in the Transmission torrent client.  You can easily prevent this from happening to you in the future by adding a Hazel rule to your downloads folder, which will automatically determine the checksum, so you can compare it with the one the legitimate file has. Continue reading “Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files”

Detecting Wirelurker Malware

[UPDATE] It appears the command and control infrastructure has been neutralized.

Palo Alto has already written a script that will detect the Wirelurker malware.  It basically scans for the files known to be malicious.  Just download the script and run it from Terminal:

curl -O https://raw.githubusercontent.com/PaloAltoNetworks-BD/WireLurkerDetector/master/WireLurkerDetectorOSX.py</code>
python WireLurkerDetectorOSX.py

Continue reading “Detecting Wirelurker Malware”

Roll-your-own Defense Against Mac.BackDoor.iWorm

[UPDATE]: Advanced settings added below

Get Alerted If Your Computer Gets Infected

When the Mac.BackDoor.iWorm malware gets installed via pirated software, your computer and becomes part of a botnet.  While you may not be able to stop it from getting there, you can be alerted when it does and then take steps to manually neutralize it. Continue reading “Roll-your-own Defense Against Mac.BackDoor.iWorm”

Roll-your-own Protection From A New Malware Called XSLCmd

A nasty piece of malware on OS X is XSLCmd.  Using a neat trick, you can get alerted if your computer gets infected.  This malware can open a reverse shell, list and transfer files, and install additional malware.  Definitely not something you want.  The problem with some malware–especially zero-day attacks–is that your anti-virus program might not detect it.  But using this trick you can at least know something got installed to your Mac that shouldn’t be there. Continue reading “Roll-your-own Protection From A New Malware Called XSLCmd”

OS X: Roll-your-own Malware Detection

[UPDATE 2014-10-20]: This tricks seems to cause high CPU usage in Yosemite, try using launchd instead.

[UPDATE 2014-10-02]: defend yourself from becoming a zombie courtesy of Mac.BackDoor.iWorm

[UPDATE]: Use this trick to fend off the new malware XLSCmd

Macs are not immune to malware.  Authors of malicious software often try to get a LaunchDaemon or LaunchAgent installed onto your computer in one or more of the following locations: Continue reading “OS X: Roll-your-own Malware Detection”