Friday, March 22, 2013, 11:40 am PT (02:40 pm ET)
Apple updates XProtect.plist to block YontooShortly after news emerged of a new adware trojan targeting OS X web browsers, Apple has updated its malware and adware detections list to block Yontoo.
Intego's Mac Security Blog noted (via MacRumors) on Friday that Apple had updated its "XProtect" anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.
Intego's post notes that the XProtect detection "is very specific and potentially location-dependent." The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.
News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.
On Topic: Mac OS X
- Apple releases OS X Yosemite Public Beta 2, new iTunes 12 beta for testing
- Intuit releases redesigned Quicken 2015 for Mac, first new version in 7 years
- Apple releases Safari 7.1 and 6.2, OS X Server 3.2 betas to developers
- Apple updates pro-level video suite with fixes for Final Cut Pro X, Compressor and Motion
- Mailbox for Mac hits public beta, adds synced drafts and 'snooze to desktop' feature