Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Mac malware - OSX/Onionspy

Published: 2010-06-02
Last Updated: 2010-06-02 14:48:38 UTC
by Rob VandenBrink (Version: 1)
8 comment(s)

A new strain of MAC Malware is being reported by Intego - OSX/OpinionSpy. 

You can find details here:

So far, it has been seen on a number of screensavers, and a small java/php app generally named  "mac_flv_to_mp3.php" or similar, but be cautious on downloads, it's a simple bolt-on, so be on the lookout for it elsewhere.

The neat thing about this malware is that it passes most static scan tests - the downloaded software itself is clean, the malware is downloaded as part of the installation process.  This highlights the requirement for an on-access  virus scanner for your OSX computers.  I hate to bring "that advertisement" up again, but the "viruses? oh, mac's don't have that problem" statement was both not true and a huge red flag for malware authors.

Thanks to several readers for both pointing us to this article, and shooting us a copy of the actual code !

=============== Rob VandenBrink Metafore

8 comment(s)
Diary Archives