The Tro­jan re­turns

Mac Format - - GENIUS TIPS - by Matt Knight

QOver the last cou­ple of months, when I open Sa­fari, McAfee End Point Pro­tect for Mac 2.3.0 in­forms me it has found and re­moved some mal­ware. It con­sis­tently iden­ti­fies this as mul­ti­ple files with the .js ex­ten­sion, which are de­tected as ‘JS/Redi­rec­tor’, which it claims is a Tro­jan. How do I keep get­ting this in­fec­tion?

ATh­ese are al­most cer­tainly false pos­i­tives, re­ported from sus­pi­cious JavaScript files, and not any mal­ware as such. Mal­ware de­tec­tion de­pends on look­ing for pat­terns in file’s names, con­tents and lo­ca­tions. Spe­cific mal­ware usu­ally has quite a dis­tinc­tive fin­ger­print, but there are also some rather vaguer pat­terns that are sug­ges­tive of ma­li­cious be­hav­iour: that is a bet­ter de­scrip­tion of what McAfee here refers to as ‘JS/Redi­rec­tor’.

Re­fer to McAfee’s pro­file for JS/Redi­rec­tor at in­ and you’ll see it refers to “ob­fus­cated JavaScript that will lead to re­di­rect­ion of the browser win­dow”. That can also de­scribe a lot of in­no­cent JavaScript, and that’s al­most cer­tainly what is trig­ger­ing these warn­ings: nor­mal web pages that hap­pen to con­tain rather messy JavaScript.

Check each re­port care­fully, but as long as they re­main generic, you should be able to safely ig­nore them as be­ing false pos­i­tives. You can al­ways test this by dis­abling JavaScript for all but some spe­cific web­sites – which sites you brows­ing when McAfee shows the alert? – which may stop these re­ports.

JavaScript redi­rec­tions are used by le­git­i­mate and dodgy sites alike, which can trip up se­cu­rity soft­ware.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.