Apple Updates Xprotect Malware Definitions For Mac

Apple anti-malware update blocks new 'iWorm' Mac botnet. That Apple had updated its XProtect.plist to detect and block iWorm. ZDNet confirmed a plist update on October 4 includes definitions.

• Apple Updates Xprotect Malware Definitions For Mac Download

Malware-fearing Mac users have been able to breathe easier since earlier this week. The key elements of the Security Update were that it successfully detected and removed a couple variants of the Mac Defender Trojan horse, and also added a daily check for new malware definitions. Not even 24 hours later, some malicious folks released a new version of the Mac Defender Trojan horse into the wild—a variant that Apple’s initial update couldn’t detect. The antivirus folk refer to the new incarnation as the “C” variant. If you haven't yet installed that Security Update and do so now, you’ll automatically get Apple’s up-to-date security definitions, which include the new C variant of Mac Defender. But if you—like me—installed the update back on May 31 then your definitions might still be out of date. Even if you leave the new Security preference to “Automatically update safe downloads list” checked, your Mac might not have run that check itself yet.

And if you—again, like me—would prefer that your Mac go grab the latest definitions right this second, it can be done. First, check to see whether you’re already up to date or not. Launch Terminal, and paste this command: more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist What do you see?

At this writing, some folks (with the old definitions) will see (among some other data) a “last modification date” listed as Thu, 26 May 2011 02:24:41. (If you see any later date, you’re more current than this tutorial, but the instructions below will still help ensure that you have the latest malware defnitions.) Now, to force your Mac to update, follow these steps:. Launch System Preferences. Go to the Security preference pane.

Uncheck the “Automatically update safe downloads list” box. Re-check that box. Now, if all goes well, and you re-run that Terminal command from above, you’ll see that the timestamp has changed. As of this writing, the “last modification date” should be Wed, 01 Jun 2011 21:19:15 GMT. You needn’t run this command every day; your Mac should automatically update that list as long as you leave the checkbox checked.

But if you want to make sure you’re current because you’ve heard about new, unpleasant malware on the loose that might harm your Mac, now you know how to force an update.

Apple this weekend updated its XProtect malware blacklisting system in OS X to address the recent that allegedly infected more than 18,000 Macs. As noted by and, a change to the XProtect.plist file released on October 4 contained definitions to protect users from three variants of the iWorm malware, including OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C. Discovered by security researchers at Russian anti-virus company Dr Web, the iWorm malware targeted OS X machines, forming a botnet that was organized using a server list posted on Reddit. It is not known how the malware was spread, but an anonymous tip provided to suggests the malware was bundled with pirated Mac software downloads available on The Pirate Bay. In addition to Apple's anti-malware actions, Reddit also shut down a fake Minecraft subreddit and banned the account that was posting the iWorm botnet server list to the subreddit's forums.

Apple Updates Xprotect Malware Definitions For Mac Download

Without these posts, iWorm-controlled Macs are unable to connect to the botnet servers that are used by hackers to send instructions to the infected machines.