New Mac malware - OSX/Onionspy
A new strain of MAC Malware is being reported by Intego - OSX/OpinionSpy.
You can find details here:
http://blog.intego.com/2010/06/01/intego-security-alert-osxopinionspy-spyware-installed-by-freely-distributed-mac-applications/
http://webcache.googleusercontent.com/search?q=cache:tWyWhF_d-30J:blog.intego.com/+flv+mp3+intego&cd=1&hl=en&ct=clnk&gl=ca&client=firefox-a
So far, it has been seen on a number of screensavers, and a small java/php app generally named "mac_flv_to_mp3.php" or similar, but be cautious on downloads, it's a simple bolt-on, so be on the lookout for it elsewhere.
The neat thing about this malware is that it passes most static scan tests - the downloaded software itself is clean, the malware is downloaded as part of the installation process. This highlights the requirement for an on-access virus scanner for your OSX computers. I hate to bring "that advertisement" up again, but the "viruses? oh, mac's don't have that problem" statement was both not true and a huge red flag for malware authors.
Thanks to several readers for both pointing us to this article, and shooting us a copy of the actual code !
=============== Rob VandenBrink Metafore
https://www.sans.edu
