Spyget > Apple Updates Anti-Malware Tools to Address New Trojan Threat ...

[MacRumors: Mac News and Rumors - All Stories] The new threat consists of two parts, with the first being a trojan downloader known as "OSX/Revir.A" that serves to distract users by downloading and continually opening a PDF document containing "offensive political statements" written in Chinese. But the actual damage from OSX/Revir.A comes as it installs a backdoor known as OSX/Imuler.A to potentially allow malicious parties to access the user's machine.

Previous [Previous] In-House Malware Analysis: Why You Need It, How To Do It - ...

Next [Next] Microsoft “Accidentally” Tags Chrome As Malware ...

Some related posts from Technorati and Google.

[TUAW - The Unofficial Apple Weblog] Apple updates malware definitions to address PDF trojan | TUAW ...: function runOmni() { s_265.pfxID="wtu"; s_265.pageName="Apple updates malware definitions to address PDF trojan"; s_265.server=""; s_265.channel="us.tuaw"; s_265.pageType=""; s_265.linkInternalFilters="javascript:,www.tuaw.com"; s_265.prop1="article"; s_265.prop2="security";

[Remove Spyware & Malware with SpyHunter - Enigma Software Group USA LLC] Backdoor.Win32.VB.npb Removal Report: This is because, once the Backdoor.Win32.VB.npb Trojan is installed, a hacker can simply install any software onto the infected computer system. Usually, the Backdoor.Win32.VB.npb Trojan creates a vulnerability which a hacker can then use to install a server for a RAT (Remote Access Tool.) Using a client application, the hacker can then connect to the infected computer system from anywhere in the world and perform any actions almost as if the hacker were sitting in front of the screen.

[Barkings!] Barkings!: Trojan Alert - Fake Adobe Updater and "Diaoyu PDF": It is also possible for the hacker to remotely log into the Mac and grab these password files, but this would require conscious configuration on the Mac owner’s part, as well as the hacker’s knowledge of a valid username and password.

[BUHTH] Two malware targeting Mac OS users: Upon installed the malware will disactivate the security network softwares and the Little Snitch firewall. When the installation is completed the installation file will auto delete and similarly the trojan will be able to connect to a distant server to retrieve informations.

[THN : The Hacker News] Mac trojan poses as PDF to open botnet backdoor ~ THN : The ...: The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Because of this, users who might fall victim to this attack aren't likely to see many ill effects for the time being, but that could change if the files end up spreading to a wider audience.

[Krebs on Security] Inside a Modern Mac Trojan — Krebs on Security: Given that assumption, other malwares can choose to run in directory such as /Application just like the case of the Fake MacDefender rogue. Take note though unlike in earlier Windows versions, Admin accounts in OS X are still required to input their password if a malware choose to put its files in system directory such as /System/Library.

[itsecurity.be] ITsecurity.be - OS X Trojan horse in the wild: According to F-Secure, the malware does not appear to work very well (if at all) at this time since it does not receive instructions from the remote server, but the malware may still be capable of performing its malicious activities. Currently the server seems to be a crude Apache implementation that is likely in a testing phase, but has the potential to be active and properly interact with the malware.

[SecurityWeek RSS Feed] Flashback Trojan Puts Mac Malware Back on Stage | SecurityWeek ...: The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches.” The malware also installs a backdoor at ~/Library/Preferences/Preferences.dylib that communicates with a remote server and sends and receives data using RC4 encryption, according to Intego.

[Laptop Repair New York Blog » LaptopMD+ Laptop Repair Blog – Laptop Repair NYC – New York, Brooklyn, Manhattan] Security Advisory: Trojan Viruses on Mac Computers and Apple's ...: The second trojan virus poses itself as a fake Adobe Flash installer which temporarily attempts to siphon off personal information from the user’s computer sending it back to remote servers.

[The Mac Security Blog] The Mac Security Blog » More About the Flashback Trojan Horse: The Trojan horse installs a backdoor, at ~/Library/Preferences/Preferences.dylib, which communicates with a remote server, sending and receiving data using RC4 encryption. The backdoor uses the infected Mac’s hardware UUID (a unique identifier) as a user agent, and to identify specific computers.

[Local news] New Mac trojan found hidden in PDF file | Local news: Fellow ZDNet blogger Ryan Naraine brings the word via his Nought Day blog, that the malware, Trojan-Dropper:OSX/Revir.A “installs downloader building block that downloads a backdoor system of rules onto the system, time camouflaging its hobby by exit a PDF report to confuse the mortal.”

Reflected tags on Technorati: Blog, ,