Last Updated: 2006-11-04 11:11:46 UTC
by Pedro Bueno (Version: 1)
Last Updated: 2006-11-03 18:40:22 UTC
by Joel Esler (Version: 3)
We have watched their DNS lookup change from IP to IP. So they may be doing some updating just now. We'll keep an eye on it.
Update #1 -- Kaspersky pinged us. They are awake... :) They are aware of the problem and are working on it. Thanks for getting back to us!
Update #2 -- Kaspersky tells us that this does NOT affect updates. Only the websites.
Update #3 -- Kaspersky is back up as of 13:08 EST. -- Thanks Jim!
Last Updated: 2006-11-03 18:37:47 UTC
by Joel Esler (Version: 1)
The Source IP's were from totally different countries, and unique in makeup. Some packets could be from Windows Machines, (judging from TTL, options..etc) and some don't appear to be.
Taking a look at our port graph here...
Clearly we have something going on.
So we need some packets. Don’t bother sending us just SYN packets, we’re going to need at least some 3 way-handshake stuff.
Now. We are NOT telling you to allow this port through the firewall, lets just get that straight. But if you were in an operational environment where you may be allowed to get us a dump of the traffic with PERMISSION, then that would be great.
Last Updated: 2006-11-03 14:17:34 UTC
by Swa Frantzen (Version: 3)
As we said before the ability to have viruses and all sorts of other malware is inherently available in all modern operating systems, Mac, Linux, BSD, ... included.
It is a warning to get antivirus protection for those Macs, even if the shopkeeper told you you do not need it, even if there are no viruses in the wild today, even if it's hard to buy it, and even if the antivirus vendors seem not to know what they talk about like in the image below (highlights are mine):
Yet, it is still your responsability to make sure you do not spread malware (even if you might not be vulnerable to it yourself).
And when (not if) a really bad one hits you or your company it's better to be ready and have a framework to distribute signatures ready than to have to start shopping, get a budget, get purchase to order it, roll it out, ... after you got hit. It is a lot easier to do before you get hit.
So Apple, Apple shopkeepers, antivirus vendors and Mac users, PLEASE get a decent framework in place and please be aware there is no magic shield preventing malware on a Mac (or any other modern platform).
- I writing this on my Mac, and I love my Macs.
- Thanks to Juha-Matti for pointing out the PoC.
- We got some notes from readers questioning the validity of this post. It's real. Check it out here.
- We know the screenshot above has been updated by the vendor in the mean time.
Swa Frantzen -- Section 66
Please choose a specific diary above to comment