New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware

Friday March 22, 2013 12:12 pm PDT by Eric Slivka
Yesterday, word surfaced of new malware targeting major browsers on the Mac platform with adware capable of injecting advertising into users' browsing experiences. The malware, known as "Yontoo", masquerades as a video plug-in or download accelerator in order to trick users into installing the package.

yontoo_xprotect
As noted by security firm Intego, Apple has already updated its "Xprotect" anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.
Apple has decided the Yontoo Adware has fallen too far on the side of undesirable behavior, as they have released an update to the XProtect.plist definitions file to provide Mac OS X with basic detection for the Yontoo adware as OSX.AdPlugin.i. In testing, it appears this detection is very specific and potentially location-dependent. This extra specificity is likely there so as to catch only the surreptitious installations of this file.
Apple routinely uses its Xprotect anti-malware tools introduced in OS X Snow Leopard to provide rudimentary protection against threats, and has expanded its efforts in OS X Mountain Lion with the introduction of Gatekeeper to allow users to restrict app installation to software from identified developers registered with Apple, or even to only apps installed through the Mac App Store.

Apple has also been using Xprotect to enforce minimum version requirements for plug-ins such as Java and Flash Player, forcing users to upgrade from earlier versions known to have significant security issues.

[ 66 comments ]


Top Rated Comments

(View all)

Avatar
anzio
76 months ago
Great news. Though I've said it before, all software must pass through my built-in antivirus called "common sense." It's updated frequently.

So I'm not too worried.
Rating: 18 Votes
Avatar
camnchar
76 months ago
But what about my freedom to install adware!
Rating: 10 Votes
Avatar
madsci954
76 months ago

But what about my freedom to install adware!


Said no one ever.
Rating: 7 Votes
Avatar
tevion5
76 months ago

But what about my freedom to install adware!


Such freedoms should come with free laxative overdoses.
Rating: 6 Votes
Avatar
Mr Fusion
76 months ago

But what about my freedom to install adware!

You joke now...

... Just wait till OS XI debuts and you'll have to wait for the jailbreak to install third-party apps. ;)
Rating: 5 Votes
Avatar
HenryDJP
76 months ago

This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.


Shouldn't matter much to you since you're running Windows 7...
Rating: 4 Votes
Avatar
epmatsw
76 months ago

This solution Apple has seems overly simple, or Im I missing something?

Not complaining, its awesome that they found such a simple way of doing this.

Anyone know exactly how this works?


It is very simple, and that's cause it's all that's necessary. Malware for OSX doesn't exploit vulnerabilities or security flaws that would allow it to get around this. They literally ask the user for permission to install themselves (thus "trojans"). All this measure does is alert the user if they attempt to grant permission to something that Apple has blacklisted.
Rating: 3 Votes
Avatar
Amazing Iceman
76 months ago

But what about my freedom to install adware!


I think if you rename the file, it will install. A little extra work, but this way you can get your freedom back. :D
Rating: 3 Votes
Avatar
Ochyandkaren
76 months ago

But what about my freedom to install adware!


Indeed!
The Tea Party way!
Rating: 3 Votes
Avatar
kendall69
76 months ago
Gee I thought the Liberals outlawed all viruses and Bloomberg saved us from malware.
Rating: 2 Votes

[ Read All Comments ]