Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-02-16 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mac OS X trojan - OSX/Leap

Published: 2006-02-16
Last Updated: 2006-02-17 00:06:32 UTC
by Jason Lam (Version: 1)
0 comment(s)
Readers have written in about the new Mac OS X trojan that are spreading via iChat. This one looks like difficult one to propagate widely. The trojan masquerade itself as a JPEG file wrapped in a tgz archive. User will have to deliberately decompress the files and open (execute) the resulting JPEG in order to get infected. Unless the user is already running as admin, admin password will be prompted as well.

You almost have to work hard to get infected, seems like this is just the beginning of more Mac OS X malware to come in the future with stronger capability to spread.

Details can be found at:

http://www.ambrosiasw.com/forums/index.php?showtopic=102379
http://www.macrumors.com/pages/2006/02/20060216005401.shtml
http://vil.nai.com/vil/content/v_138578.htm

------------
Jason Lam
Keywords:
0 comment(s)

Malware Analysis Quiz 6

Published: 2006-02-18
Last Updated: 2006-02-18 11:59:34 UTC
by Pedro Bueno (Version: 2)
0 comment(s)
UPDATE:
On question 2, when reading 2. Without running the applications, is it possible to identify what the malware can and will do?
please replace to: 2 (a & b). (a) Without running the applications, identify what the malware can/will do, then (b)run the applications and identify addtitional details evident when the applications are run.

Welcome to the Linux world! Yes, this time, for those following my quizes, it is a linux based one...Not much information is available, except for some log files and two suspicious files found on the machine...
I enjoyed to create it, as I hope that you enjoy to answer it!
Check it here! Any comment can be done to me at pbueno //&&// ( isc. sans. org ).


Keywords:
0 comment(s)

MS06-005 proof of concept exploit released

Published: 2006-02-16
Last Updated: 2006-02-16 04:03:36 UTC
by Jason Lam (Version: 1)
0 comment(s)
The proof of concept exploit for MS06-005 has been released. The exploit craft a malicious BMP file to perform buffer overflow in Media Player. Keeping in mind as Microsoft has pointed out that the exploiting factor can include other graphics file as well (such as .wmp), it's a good idea to get it patched ASAP.

------------
Jason Lam
Keywords:
0 comment(s)
Diary Archives