The post you are about to read narrates the characteristic features of the Mac adware that forces you web browser to display bothersome ads distinguishable by the phrase “brought by FlashMall”. These advertisements are excess because they originate from an application on a specific machine rather than a site admin’s discretion. The item to blame for this mishap is a piece of code which can be spotted as a browser extension on the targeted Mac box. So review the description of this bug and be sure to not overlook the steps that will help eradicate the threat.
DownLite, a rather complex piece of malicious software infecting Mac OS X, gets broken down into its various aspects in this entry. This sample isn’t commonplace because it utilizes several different operational vectors, including dubious ecommerce activity through unwarranted ads inserted into sites, distribution of unsafe ad-supported software as well as interference with custom settings of web browsers. Furthermore, this adware is closely related to the VSearch and Conduit Search Protect infections.
The issue to be described in this post is about web browsing hurdles on Mac OS X caused by an adware application called VSearch. Infected users see popup ads when surfing the web with Firefox, Safari and Chrome. These ecommerce-related objects appear in large quantities when you do web search, visit online shopping sites and even go to the routine pages like news, sports or weather. Because of the overpopulation of websites with things that are not intended to be there, the browsers operate slower and the user cannot see the content of interest correctly. So learn more details on OSX/VSearch virus, including advice on removal.
Such important vectors of examining arbitrary code’s activity on Mac OS X as process analysis and network analysis are the subjects Sarah Edwards explicates here. In the context of the former, the expert dwells on instruments called Dtrace, including execsnoop and newproc.d; fs_usage; procxp; and the Activity Monitor. As far as network analysis is concerned, popular tools like CocoaPacketAnalyzer, Wireshark, Tcpdump and lsock get scrutinized and demonstrated via real-world examples.
Forensic analyst Sarah Edwards now turns the focus of her presentation to the ins and outs of file analysis on Mac OS X. Within the framework of this nontrivial activity, really verbose tools such as Dtrace, fs_usage and fseventer are looked into, with some examples of the returned metadata and other attributes being provided along the way. Generally, this part is covering the methods for analyzing arbitrary Mac files and the types of information that can be retrieved as a result of this workflow.
The topics covered by Sarah Edwards in this sub-section of her presentation are related to the various aspects of performing dynamic analysis of Mac applications, including malicious ones. In particular, the following processes are looked into: virtualization - that is, running code in a virtual machine; and application tracing, which is intended to return data on app execution, file system events, etc. Also, the tools applicable for dynamic analysis are listed here and demonstrated in action.