2012 was looking quite quiet in Apple security terms up to now, but I see that the guys behind the OSX/Flashback Trojan are quietly beavering away. No sooner had Apple updated XProtect, a system utility that provides a certain amount of protection against a selection of OS X-targeting malware, to include a handful of OSX/Flashback variants, than Intego reported another variant not detected by XProtect.
Without taking any cheap shots at Apple’s better-than-nothing-but-less-than-industrial-strength anti-malware measure, there’s a distinct echo here (as Topher Kessler noted last week) of the 2011 tussle between Apple and the guys behind MacDefender and related fake security software, when for a while it seemed that every Xprotect update was followed by a new version of the malware (including some notably innovative tweakings). An old story for commercial antivirus, but Apple was, it seemed, signing up for a slightly different ballgame.
Since Intego first reported Flashback in September 2011, the company has flagged a number of variants (according to its most recent blog, it’s up to OSX/FlashBack.J). It’s rarely possible nowadays to map variant names accurately from one vendor to another without having access to a sample or at last a hash value, but Intego states that XProtect does not yet recognize the sample or samples to which their variant name refers.