Another Mac OS X Trojan..  ·  The Eustasy Herald 
This site is not currently active, and is displayed for archive and reference purposes only.

The Eustasy Herald

Friday, October 7, 2011

Another Mac OS X Trojan..

..just hours after Microsoft Killed the Botnet responsible for MacDefender. The 41 thousand computers, that could have sent 3.8 Billion infected e-mails a day, was called Kelihos, or “Waledac 2.0”. Microsoft claims it was responsible for spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children. dotFREE Group SRO, John Does 1-22, and an individual Dominique Alexander Piatti are said to have owned domains and subdomains that were used to operate and control the Kelihos botnet. Piatti (Czech Republic) has been served notice of the lawsuit.

The new Trojan has been identified by Sophos and F-Secure as Trojan-Dropper:OSX/Revir.A.

Trojan-Dropper:OSX/Revir.A is disguised as a Chinese PDF file, while actually maliciously installs Imuler.A, a backdoor programme used by hackers to gain access to your system.

“The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background. As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on March 21, 2011 and was last updated on May 21, 2011.

Since this malware sample was received from VirusTotal, we cannot exactly be sure about the method it uses to spread. The most probable way is sending via e-mail attachment. The author could be just testing the water to see if the sample is detected by different AV vendors.“

In the time from now until a security update, users are advised not to open suspicious files.

More in: Technology, World