Last week saw Intego announce their MacPromo bundle (for £39.99) which offers ten great Mac applications at a whopping saving! For full info on the deal be sure to visit my earlier post on the subject. Regardless of whether you actually buy the bundle, it’s still worth sharing the fact it made uber-blog, Lifehacker. Pretty proud of this coverage – extract as follows.

The proceeds don’t go to charity or anything, but it is a pretty good deal as long as you can find two applications on the list that you want. The coolest of the bunch is definitely the powered-up file explorer PathFinder, which on its own is already a $40 app, and worth having on any Mac. If any other app on the list seems useful to you and your workflow, you’ve already got yourself a bargain.

Update: This was also featured in Lifehacker’s 4th December weekly round-up of their top downloads.

This week saw our client Intego, the Mac security specialists, announce a new trojan horse under the name of OS X Koobface.A. It’s the first security memo that’d we’d released since the OSX/OpinionSpy alert in June 2010. Needless to say, the coverage collation took up the majority of my time on Thursday and Friday. The full announcement can be found on the Mac Security Blog and Intego has since published further information on Koobface.A. Remember, VirusBarrier X6 is the most comprehensive Mac Security product out there. This news has been extensively covered and can be found online on Forbes, The WSJ, Macworld, CNET, ZDNet, etc.

To save you the trouble of visiting the blog, here’s what the alert entails.

Malware: OSX/Koobface.A
Risk: Low
Description: Intego has discovered a Mac version of the Koobface worm, which spreads via social networks such as Facebook, MySpace and Twitter. Intego’s Virus Monitoring Center has been examining this malware for some time, and given the low level of risk, has not publicly issued information about it. Since other reports have been made public about this malware, Intego has decided to publish this security memo.

Reports have circulated discussing a Trojan horse, but without understanding either the scope or the functioning of this malware. This threat is a Mac OS X version of the Koobface worm, which is served as part of a multi-platform attack via a malicious Java applet. The malware itself is made up of a number of elements, though in order to simplify, we will use the term “Trojan horse” to describe it. (Technically, it propagates as a worm, is installed via a Trojan Horse, and installs a rootkit, backdoor, command and control, and other elements.)

Users first encounter this malware via links on Facebook, MySpace and Twitter, but links can and do exist from other web sites as well. They are taken to malicious web sites in order to view videos, and these sites attempt to load a Java applet. Users are alerted to this via the standard Mac OS X Java security alert.

Users can deny or allow the applet access to their computers. If they click Deny, the applet will not run, and no infection will occur. If they click Allow, however, the applet will run, and will attempt to download files from one or more remote servers. At this point, VirusBarrier X6’s Anti-Spyware feature, if activated, will alert users to an outgoing connection by Java. If this occurs, click Deny to block the connection.

If files are downloaded, they are stored in an invisible folder (.jnana) in the current user’s home folder. These files include elements designed to infect Mac OS X, Windows and Linux. The Java applet should also download an installer that will then launch and attempt to install the malware. While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files.

Potentially, if it installs correctly, it functions the same as the Koobface worm running on Windows. It runs a local web server and an IRC server, acts as part of a botnet, acts as a DNS changer, and can activate a number of other functions, either through files initially installed or other files downloaded subsequently. It spreads by posting messages on Facebook, MySpace and Twitter, usually trying to get people to click a link to view some sort of video.

While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed, and the threat is therefore low. However, Mac users should be aware that this threat exists, and that it is likely to be operative in the future, so this Koobface Trojan horse may become an issue for Macs.

Earlier this week, CNET reported that Apple had become aware of a iOS vulnerability that allowed jailbreaking via a web-based exploit. What this means is users wishing to jailbreak their devices no longer need to work synced to a computer. Intego reported heavily on this issue in its Mac Security Blog and it was picked up by Macworld UK. An extract from the coverage follows:

“While jailbreaking allows a level of customisability and the potential to run third party apps not endorsed by Apple, Mac security specialists Intego and others have claimed the flaw leaves Apple device owners particularly open to attack.

“Visiting a web site set up to perform this jailbreak operation will lead to the download of a PDF file, which contains code that exploits this vulnerability,” Intego noted on a blog post this week. “While this can be used to jailbreak a phone, it could also be used to compromise iOS devices. With a slight modification, this process could occur without any user notification or intervention.” The browser based jailbreak applies to any Apple device running iOS versions 3.1.2 to 4.0.1.

Intego continues: “The corrupted PDF file (there is one file per iOS version and hardware model; there are a total of 19 different files) is embedded into a web page in an IFRAME so Safari will display it automatically without any user interaction. The PDF file contains an embedded Type1c font that is corrupted and that contains exploit code necessary to download the jailbreak code. (This can also contain other malicious code.) This code is then executed in the kernel space through an IOSurface (IOKit) memory allocation bug, obtaining root privileges and bypassing code signing protection and sandboxing.”