Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Mac OS X trojan - OSX/Leap InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mac OS X trojan - OSX/Leap

Published: 2006-02-16
Last Updated: 2006-02-17 00:06:32 UTC
by Jason Lam (Version: 1)
0 comment(s)
Readers have written in about the new Mac OS X trojan that are spreading via iChat. This one looks like difficult one to propagate widely. The trojan masquerade itself as a JPEG file wrapped in a tgz archive. User will have to deliberately decompress the files and open (execute) the resulting JPEG in order to get infected. Unless the user is already running as admin, admin password will be prompted as well.

You almost have to work hard to get infected, seems like this is just the beginning of more Mac OS X malware to come in the future with stronger capability to spread.

Details can be found at:

http://www.ambrosiasw.com/forums/index.php?showtopic=102379
http://www.macrumors.com/pages/2006/02/20060216005401.shtml
http://vil.nai.com/vil/content/v_138578.htm

------------
Jason Lam
Keywords:
0 comment(s)
Diary Archives