Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Mac Virus Discovered, Making the Rounds

Posted by Soulskill on from the sharing-is-caring dept.

sl4shd0rk writes "A new Mac OS X exploit was discovered Friday morning by Kaspersky Labs which propogates through a zipfile attachment. The attachment tricks the Mac user into installing a variant of the MaControl backdoor via point-and-grunt. Embedded in the virus is an encrypted IP address belonging to a server in China which is believed to be a C+C server. Once installed, the virus opens a backdoor allowing the attacker on the C+C server to run commands on the compromised machine. Shortly after Kaspersky's announcement, AlienVault Labs claims to have found a similar version of the Mac malware which infects Windows machines. The Windows version appears to be a variant of the Gh0st RAT malware used last month in targeted attacks against Central Tibetan Administration. Both viruses are suspected of being tools in a campaign to attack Uyghur Activists."

4 of 239 comments (clear)

  1. Re:What is wrong with you people? by KhabaLox · · Score: 4, Informative

    http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us#Virus

    --
    Ceci n'est pas un sig.
  2. Re:What is wrong with you people? by Rosyna · · Score: 5, Informative

    The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?

    Mac OS X has an automatic malware scanner. The malware definitions are checked for updates daily, automatically.

    The last update to the definitions was on June 26th, 2012. I do not know if it contains the definitions for this malware yet.

  3. Re:What is wrong with you people? by beelsebob · · Score: 5, Informative

    The problem here is that OSX inherently lacks software that raises flags when 'the incident' happens, or at least it seams to be that way.. Does the victim has any built-in protection to deal with such a malware infection?

    Yes, there's built in protection against selected malwares, come mountain lion, unsigned, or signed-with-revoked-certificates binaries will not run by default either.

    Does the OS X possess mechanisms to monitor or block outgoing traffic?

    Yes, and they're turned on by default.

    Does this system even has a proper driver structure to allow insertion of your monitoring pass-through driver into the TCP or disk driver stack?

    Yes, you can use dtrace to monitor this kind of thing if you want.

  4. Comment removed by account_deleted · · Score: 5, Informative

    Comment removed based on user account deletion