Researchers at IT security and data protection firm Sophos have
discovered that Apple secretly updated the anti-malware protection
built-into Mac OS X when it released a new version earlier this
Although not documented by Apple, Mac OS X 10.6.4 has been
updated to provide limited protection against
OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan
which can allow remote hackers to gain control over Mac computers
for the purposes of identity theft, spying and the distribution of
Sophos has been detecting OSX/Pinhead-B since April, when the
malware was distributed
disguised as the popular iPhoto application by malicious
"It's good that Apple has updated its Mac OS X malware
protection, as this Trojan can give hackers the green light to send
spam email from your computer, take screenshots of what you are
doing, access your files and clipboard and much much more," said
Cluley, senior technology consultant at Sophos. "But what's
curious to me is why Apple didn't announce they were making this
update in the release notes or security advisory that came with Mac
OS X 10.6.4. It's almost as if they don't want to acknowledge that
there could be a malware threat on Mac OS X."
Sophos researchers discovered that Apple updated a file called
XProtect.plist - the rudimentary file that contains elementary
signatures of a handful of Mac threats - to detect "HellRTS".
"It's true to say that there are far far fewer malware threats
for Mac than there are for Windows - but that doesn't mean the
problem is non-existent. Unfortunately, many Mac users seem
oblivious to security threats which can run on their computers,
even though Apple has now built-in some elementary protection,"
continued Cluley. "This lack of awareness isn't helped when Apple
issues an anti-malware security update by stealth, rather than
informing the public what it has done. You have to wonder whether
marketing motives are at play behind such decisions."
Sophos experts warn that many Mac users have not bothered to
install anti-virus software, meaning they could be a soft target
for hackers in the future.
More information about Apple's anti-malware update can be found on
Graham Cluley's blog.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.