New Mac OS X malware variant spotted in the wild
Summary: Security researchers from Intego, have intercepted a new variant of the Imuler trojan horse targeting Mac OS X users.
Security researchers from Intego, have intercepted a new variant of the Imuler trojan horse targeting Mac OS X users.
The latest version of the Imuler.C trojan attempts to trick end and corporate users into thinking that they're downloading and about to view image files. The trojan horse circulates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”.
According to the researchers, the malware authors are relying on a known social engineering tactic and the default Mac OS X settings, where full file extensions are not displayed by default, hence the use of image icons for application files.
Once executed, the malware performs the following actions:
The malware installs a backdoor at /tmp/.mdworker, along with other files in this directory. A process called .mdworker then launches; the mdworker process (not the absence of the . before the name) is a processed used by Spotlight to index files.A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac, or starts it up. After a restart, the .mdworker process is deleted, and the checkvir executable launches.This malware searches for user data, and attempts to upload it to a server. It also takes screenshots and sends them to the server. It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. We have seen that this malware is active, as it connects to a remote server and downloads new executables.
End users are advised to turn on the feature that's showing all filename extensions in order to differentiate between real image files and applications, such as the Imuler.C trojan, and to submit suspicious files to the popular VirusTotal service in order to ensure that they're malware-free.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Procedure
2) Click on the gear button in the header of the window
3) Pick "Show View Options" menu item
4) Tick the "Show Item Info" checkbox.
Relax, it's not a virus
Mac users are not virus free
:|
Trojans and viruses
Please do tell.
Setting aside for the moment Windows 8 is not yet released.
Technically...
In fact this trend of trojans rather than viruses is also evident on Windows too. Probably down the simple fact that Windows is becoming much more difficult to infect with a virus.
We have two similar problems on both Mac and Windows.
On the Mac users have become confident that their system can't get infected with a virus.
On Windows users have become confident that their AntiVirus product means their system can't get infected with a virus.
Trouble is both groups are more likely to be infected via a trojan.
To many the distinction seems academic - but it really isn't. I virus spreads by exploiting a weakness in the system. A trojan tricks the user. Trojans don't need OS flaws, the OS is operating correctly when the infection happens.
So Mac vs Windows debates miss the point entirely - users need to be informed about what to look for, and need to be cautious of files who's provenance is unclear.
Pointless bickering about the relative merits of Mac VS Windows are a distraction in debate about infection via trojan. And it would be better to put "trojan (malware)" in the title of the article too.
RE: technically
I agree with the point, however the average user does not know what to look for. Of course taking the precaution of not opening attachments from senders you don't know and have no reason to trust is a big one, the fact is if you are roaming around the underbelly of the web, it is hard to know what to trust and what not to.
I'll tell
Which you'd only say when it suits you. Otherwise it's the 'greatest thing' known to man.
So please name a Windows Vista/7 Virus...
Take a wander over to Sophos' site
Check this out
Easy:
A family of viruses written to infect Windows Vista. When they were released they were capable of infecting Windows Vista. Sticks in my mind as it was the first virus specific to Vista.
But this is rather irrelevant don't you think?
Nice qualifier...
Headline errata:
"This was not found in the wild, and the risk was considered to be low." (http://blog.intego.com/new-version-of-imuler-trojan-horse-masquerades-as-image-files/,1st paragraph)
*Notice how it says "NOT" found in the wild.
So if it was not found in the wild...
Must have been found in civilization then
~/Library not ~/library
Here we go again
To me this is like saying that a person that is real sick from a bacterial infection is better off than one sick from viral infection. Either way it is still bad.
Secure from known viruses
Don't lull yourself into a false sense of security just because your machine is patched and you have malware protection running.
RE: false sense of security
I am going through this now with a client that has a bunch of machines on XP and some of them are only running XP SP1a. The person they named the "keeper of the computers" refuses to install patches because she had a patch cause a problem back in the Windows 98 days so she thinks all patches break software. Even arguing that there were newer computers running XP SP3 and the same software that have no issues did not convince her. She also did not have the company's servers running any antivirus and no firewall. I am usually the type that puts security before convenience even if it means changing the way things are done a little bit. At my day job they call me the Security Nazi. I am also a stickler about software licensing and have upset quite a few people when I told them they cannot have a copy of Office or other software that we have with take home rights to give to their kid for college.