The Snow Leopard is the much vaunted Apple malware blocker. However, just half a year since its release, the software seems to have retreated into sleep mode, even with the increasing threat to Mac OS computers.

Stagnant releases

So far, the XProtect.plist has not updated its malware database with the expected signature updates. Its last known updates include cures for the OSX.RSPlug.A and OSX.Iservice Trojan horse malware. These Trojan horse malware target Mac OS computers specifically. While in the past, much of the attacks focused on Windows PC computers, the increased popularity of Macs has encouraged a shift in malicious focus among hackers.

The update that included cures to the OSX.RSPlug.A and OSX.Iservice malware also has several other antidotes to different malware strains. Theoretically, this should cover a typical Mac computer’s malware protection needs. However, the networking landscape has changed, and there are real dangers now for Mac computers.

DNS-changer Trojan danger

As quickly as the preference for Mac computers surged, so did virus and malware attacks on them.

One particular danger lurking on the net for Mac users is the DNS-changer Trojan. This Trojan malware is used by phishers to steal online identity and hijack other important information. It makes use of bogus websites that trick users into downloading malicious software.

A typical source of these DNS-changer Trojan is the slew of porn sites on the web. Users are attracted via streaming porn on the Internet. In normal scenarios, users shouldn’t have problems with online streaming. However, with malicious sites, these users will encounter codec issues, seemingly normal if the videos aren’t optimized for Macs. While there are set protection for malware attack, these DNS-changer Trojans come in innocent packages that Apple’s security allows.

The scheme was first discovered by Intego. Mac users are sent links to adult content videos. Once on the site, a pop-up opens informing the user of codec issues. This prompts them to download a disk image file, which does not alert Mac virus/malware protection. Since Mac browsers deem this safe to open, the disk image file runs and launches the malware installer. The interface looks legitimate enough that many users follow through with the installation. Once full installation is done, the Trojan takes over the computer. It is programmed to redirect the DNS  queries of the users onto malicious websites that hijack the user’s identity and other information.

Bigger expectations from Mac’s Snow Leopard

While the Mac does not attract the bigger chunk of online malware, it is poised to be a big target in the near future. Its users are expanding at a fast rate. Likewise, there are now several more software and other installations designed specifically for Mac computers, making them very attractive to hackers.