2016-07-08T23:58:52+01:00 Zend_Feed_Writer https://www.augwessex.org.uk/discussions/view/1335 AUGW info@augwessex.org.uk https://www.augwessex.org.uk/ 2016-07-08T23:58:52+01:00 https://www.augwessex.org.uk/discussions/view/1335#6219 Tony Still info@augwessex.org.uk https://www.augwessex.org.uk/ For those that haven't seen the recent stories: there is a new piece of Mac malware that masquerades as 'EasyDoc Converter', a free document reader. Needless to say, it doesn't work but does install various nasties. It is being referred to as Backdoor.MAC.Eleanor by the good guys. If you have Gatekeeper enabled, it will be flagged should anything try to install it - just say no. If you don't have Gatekeeper enabled, give yourself a gentle telling-off and then: Go to System Preferences->Security&Privacy->General and set "Allow apps downloaded from:" to "Mac App Store and identified developers" (or just "Mac App Store"). This causes the OS to prompt you when a newly downloaded app first wants to run; unless you're very sure of it, say 'no' whenever this prompt appears. Another class of nasties currently in circulation pretends to be a .jpg file (or other common file type), usually delivered inside a zip archive. It's actually a script that does bad things. The giveaway here is that it uses an obscure feature of the underlying OS that treats any file whose name ends in a space (that is conveniently invisible) as an executable (script). Gatekeeper will flag this too so just say no again. If you do a Finder 'Get Info', you'll see that the "Kind" is executable (not JPEG image or whatever); if you investigate further you'll see the trailing space on the file name. This one is being called OSX/Keydnap, likely to be copycats too soon. Usual security guidance also applies: don't accept downloads from any remotely dodgy web sites - go to the trusted home site of the app. If you've never heard of the app, research it before downloading it. Don't use pirated software, it's a favourite delivery mechanism for malware (apart from the fact that it's illegal and you're stealing the author's livelihood). Enjoy...