The OSX/Revir.A trojan downloader works by downloading and constantly launching a PDF file containing offensive political statements in Chinese, and then installing a backdoor (known as “OSX/Imuler.A”) onto the victim’s Mac to potentially allow malicious access to it. The backdoor then sets up a launch agent on the victim’s Mac which keeps the malware active and sends the infected Mac’s username and MAC address to a remote server.

A new trojan affecting OS X has been discovered by security firm F-Secure, disguising itself as a PDF and setting up a backdoor in a Mac user’s hard drive after displaying Chinese characters (shown above) once executed. The backdoor, at this point, isn’t much of a threat as it doesn’t currently do any harm, although that could change at any time at the discretion of the trojan’s creator(s).

Antivirus makers are locked in an eternal two-step with virus coders, blocking today’s virus only to wake up tomorrow to find a new variant out in the wild. Should Apple follow suit, and begin the sisyphean task of trying to stay ahead of malicious coders, knowing the end result is, in essence, eternal gridlock? Or, could there be another way to keep the Macintosh the virus-free paradise longtime users have come to know and love?

More and more viruses these days are, in a way, joining the good side. That is, they’re pretending to be virus scanners that want to clean your computer from malicious files when they are, in reality, the malicious file themselves. For instance, names such as MacDefender, MacProtector and MacSecurity all fall under this category. Intego Security has uncovered another such virus naming itself MacGuard. “Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program,” warns Intego.

A new security threat targeting Mac OS X users has been discovered disguising itself as anti-malware application “MACDefender” (which is in no way affiliated with MacDefender, creators of popular geocaching software). The malware makes use of Safari’s feature which automatically opens files which it deems “safe” after a download, triggered through JavaScript which automatically downloads the file once you visit the malicious web page.

The SecureMac team has detected another Horse Horder in the wild for the Mac. Like previous findings from this team, this Trojan Horse attempts to disguise itself on your system and then affect it negatively in some way. In the case of the BlackHole RAT 2.0, it slows down your system by tying up the CPU, executes shell commands, and attempts to erase the hard drive. In short, it’s something you don’t want.

With Snow Leopard set to release this Friday, August 28th, many Apple fans are excited to both try it out and get some space back on their hard drive. Also, if you’re like me, you don’t really care that it doesn’t include any great, new features as long as it promises to be as stable and fast as Apple promises. However, one thing that would be extremely interesting to see at any point in time is Apple-developed antivirus built into the operating system. And that’s the rumor.

In quite possibly the stupidest move Apple has made since the hockey puck mouse, Apple has now removed a Knowledge Base page that advised Mac users to have Antivirus software installed on their machines.

Macworld reports:

“We have removed the KnowledgeBase article because it was old and inaccurate,” Apple spokesman Bill Evans, told Macworld. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box.”

Yeah, so does Windows, and look how well that worked for them.

If you ask a worker at the Apple Store about antivirus software for the Mac, you may hear that you don’t need it at all because, “Macs don’t get viruses.” However, this information may no longer hold true. At least Apple itself doesn’t think so. According to a recently published knowledge base article from Apple, more »

SecureMac is reporting a new Trojan horse that threatens the Mac OS X 10.4 and 10.5 installation. AppleScript.THT, a new variant of the infamous Trojan Horse virus, is originating from a hacked website through iChat and Limewire. The Trojan horse allows a malicious user to access a system remotely and transmit system and user passwords. more »