The trojans are definitely coming. As many have probably noticed security researchers found a flaw in OS X that allows attackers to execute arbitrary code. The most popular way is to use Safari and take advantage of the “Open safe files after downloading” feature. The best write-up is from the SANS ISC:
Serious flaw on OS X
You can find the proof of concept exploit here, and a write-up of how it can be exploited via email here.
There is no patch available. In The mean time:

  • Disable “Open safe files after downloading”
  • Use firefox on OS X (Which does not appear to be vulnerable)
  • Be very careful about opening attachements in email and downloaded files

A good step to take if you are suspicious comes from the ISC write-up:


$ unzip Mac-TV-Stream.mov.zip
Archive: Mac-TV-Stream.mov.zip
inflating: Mac-TV-Stream.mov
creating: __MACOSX/
inflating: __MACOSX/._Mac-TV-Stream.mov

The metadata file in this example is ._Mac-TV-Stream.mov. This is some binary file, but even running simple strings command on this file will reveal what the real utility used to open the main file is:


$ strings ._Mac-TV-Stream.mov
%/Applications/Utilities/Terminal.app

A zip file could be masking malicious code, so be careful. Oh, and HD Moore has added this to metasploit, exploit here.
.com

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.