"I wanted to let you know that I’ve requested that you be invited to the prerelease seed of Mac OS X Lion, and you should receive an invitation soon," the letter from Apple read. It isn’t known how many security researchers received the note in question. "As you have reported Mac OS X security issues in the past," the letter continues, "I thought that you might be interested in taking a look at this. It contains several improvements in the area of security countermeasures."

OS: The riskiest OS used was Apple’s Mac OS X. In November, Apple sent users a massive maintenance release that weighed in at at least 644.48MB. The weighty upgrade included fixes for multiple security vulnerabilities since the previous update released in mid-June. Apple’s penchant for secrecy and longer patch cycles also increased the risk for users.

In response to the letter, software security guru Dino Dai Zovi tweeted: "Will Lion be the ‘Vista’ of Mac OS X? In the sense that they start taking security seriously

A new crimeware toolkit designed to create Mac OS X trojans is being advertised on several private underground forums according to security researchers from Danish IT security firm CSIS Security Group.

Crimeware toolkits allow users to build custom versions of trojans tailored for their own needs, complete with the command and control (C&C) applications.

Dubbed the Weyland-Yutani BOT, after a fictional corporation from the Alien series, the toolkit is being advertised as the first malware builder for Mac OS X and is similar in functionality to the infamous ZeuS and SpyEye kits.

The trojan supports form grabbing and web page injection for Firefox and Chrome, but not for Safari, because, according to the author, there are still many problems with that browser.

According to analysts from the CSIS eCrime Unit, the first version of the toolkit is being sold for $1,000 payable only in Liberty Reserve (LR) or WebMoney (WMZ) virtual currencies.

"CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality as well as the builder itself. Both video clips prove this kit to be fully operational already," Peter Kruse, security specialist at CSIS, writes.

Independent security journalist Brian Krebs cites the toolkit's author as saying that web injects developed for ZeuS or SpyEye can be used with Weyland-Yutani after some formatting.

The existence of this toolkit is very bad news for Mac users and follows recent scareware attacks directed at Apple's operating system.

Security researchers have long argued that Mac OS X is just as prone to malware as Windows and that the only thing keeping cyber criminals away from it is its small market share.

However, due to a tough competition on the Windows malware threat landscape, some attackers are beginning to tap into alternative sources of potential victims, which include Mac OS X users.

Other operating systems are not safe either, as the Weyland-Yutani BOT author is working on variants for Linux, as well as iOS.

Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Today’s Security Update 2011-003 follows scathing criticism of the company’s response to the threat and provides further confirmation that there is a clear and present malware threat to the Mac OS X ecosystem.

The File Quarantine update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.

An advisory from Apple identifies the threat as OSX.MacDefender.A.

The File Quarantine feature has also been beefed up to automatically check for known malware definitions and apply these updates when necessarily.

“The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the “Automatically update safe downloads list” checkbox in Security Preferences,” Apple explained.

For Mac users who already fell victim to the MacDefender scam, Apple shipped a malware removal tool to handle post-infection clean up.

The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.

The MacDefender scam has used social engineering lures associated with Bin Laden’s death to spread. There are multiple variants in circulation, according to anti-malware experts tracking the threat.

New Variant of 'Mac Defender' Quickly Evades Apple's Security Update as Cat-and-Mouse Game Begins
June 1, 2011 9:26 am PDT by Eric Slivka

As we noted yesterday, Apple released Security Update 2011-003 for Mac OS X Snow Leopard, a system update addressing the "Mac Defender" malware threat that has been running in the wild under several different variants for the past month. The update provides tools for automatically removing the malware, as well as protection against future infections. But as reported by ZDNet, a new variant of the malware capable of circumventing Apple's update has already appeared. popping up within hours of Apple's software release.
Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple's malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That's less than 8 hours after Apples security update was released.

Apple has prepared for this eventuality by including automatic daily updates of malware definitions with the software update, enabling it to quickly deploy protection as new variants and entirely different pieces of malware surface. Consequently, Apple should be able to respond to the new threat relatively quickly, although the speed with which the new variant appeared suggests that those responsible for the malware will not be going away easily.

As reported by Italian site Spider-Mac [Google translation], Apple has already issued an update to detect the new variant, pushing out a new entry for "OSX.MacDefender.C" to the Xprotect.plist file that contains the signatures for identifying malware.

After the update, users are indeed presented with a warning if they begin to download the latest variant:

The issue experienced by all QX clients today was caused by a very well distributed DOS attack. This information is just coming in but the following providers were also hit:

Windstream
Insight
Level3
Peak 10
Network Solutions

We do expect this list to grow but whatever group is responsible for this effectively took several providers offline or caused major network performance issues.

I will provide further updates as they become available.

Thanks

Network Solutions suffers two DDoS attacks...A distributed denial-of-service (DDoS) attack was carried out against Network Solutions on yesterday afternoon, and again this morning, according to a post on the company's official blog by spokesman Shashi Bellamkonda.

Online storage service Dropbox accidentally turned off passwords for four hours, potentially exposing data belonging to its 25 million customers to unauthorized users.

The breach occurred when the company applied a code change at 4:54 p.m. EST on June 19 that caused problems with the authentication mechanism, Arash Ferdowsi, Dropbox CTO and founder, wrote in the company blog June 20. The problem was discovered about four hours later and Dropbox killed all of the sessions of those who were logged in and accessing the data.

The password issue allowed anyone in the world to access any of the 25 million accounts and the information stored inside by typing in any string as the password. The bug was possible because Dropbox handles encryption and decryption on its servers instead of the individual user computers. Since it holds the encryption key, it controls who can open the files, not the user.

"This should never have happened. We are scrutinizing our controls, and we will be implementing additional safeguards to prevent this from happening again," Ferdowsi wrote in his blog.