Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Intego Security Memo: OSX.TrojanKit.Malez Hacker Tool Can Create Trojan Horses

November 2008 by Intego Security Alert

Exploit: OSX.TrojanKit.Malez Hacker Tool

Discovered: August 27, 2008

Risk: Very low

Description: Reports have been circulating about a new Mac “malware” or “Trojan
horse”, usually under the name “OSX.Lamzev.A”, which is claimed to open a back door
on compromised Mac OS X computers. Intego discovered this hacker tool in August
2008, and determined that it was not a serious threat. Unlike true malware and Trojan
horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in
order to install the code. As of the present, no Trojan horses or other means of
replication have been found in the wild using this tool. In spite of recent reports, this
represents no serious threat to Macintosh computers.
This hacker tool can be used to create a “backdoor” on a Mac OS X computer. This
backdoor then gives a hacker remote access to the computer. The code is added to an
unsigned third-party application that is installed manually on a Mac, and, when the
application is run, the backdoor is activated. It creates a file named
com.apple.DockSettings in /Library/LaunchAgents, and the backdoor is launched at
each login. The binary of the original application is placed in
ApplicationName.app/Contents/MacOS/2, and the binary of the backdoor is found in
ApplicationName.app/Contents/MacOS/1. The tool modifies the application’s info.plist
file so it points to the latter location.
There are therefore only two modes of transmission of this hacker tool: the first is if
someone sends another user an infected application, either in a .zip archive or a disk
image, and the second is when a hacker obtains network access to a Mac and replaces
an existing application with an infected version.

Means of protection: The best way to protect against this exploit is to run Intego
VirusBarrier X5; the program’s virus definitions dated September 3, 2008 or later detect
this hacker tool. Intego VirusBarrier X5 eradicates the malicious code and prevents the
Trojan horse from being installed. Intego recommends that users never download and
install software from untrusted sources or questionable web sites.


See previous articles

    

See next articles


Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011