A Worm for Your Apple (MAC)

Wed, 2007-07-18 14:47 - Topics:

It was only a matter of time...

A small controversy is brewing over claims that an independent researcher going by the moniker Information Security Sellout (or InfoSec Sellout) has developed the framework of a worm that targets a currently undisclosed vulnerability affecting the Intel versions of OS X. The worm is expected to extend to PPC versions as soon as the author is able to test against that architecture. With the author dubbing it 'Rape.osx', the evolution of the worm is likely to be keenly watched by Apple watchers, security researchers, and malware developers.

Full story:

http://www.beskerming.com/commentary/2007/07/18/222/...

Similar entries

WORM_DLOADER.TBW
This worm may arrive bundled with malware packages as a malware component. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

This worm is a component of other malicious programs. It may be used by other malwares to perform its malicious routines. However, it requires other components in order to run properly.

When executed together with other malware files, it takes advantage of the Server Service vulnerability to propagate across networks. More details can be found regarding this vulnerability can be found on this site:
WORM_MARIOFEV.D
This worm may be dropped by other malware. It arrives as a .DLL file that exports functions used by other malware.
It then creates registry keys/entries. This worm gathers target email addresses from cached email messages, address books, and mail boxes. It uses gathered or generated email addresses to spoof the From field of the email message it sends out.

This worm connects to URLs to send and receive information.
WORM_RUSSOTURI.H
This worm may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
This worm creates a registry entry to enable its automatic execution at every system startup.

Once this worm is executed, it copies itself to all folders it locates in the system. It uses the name of the folder as its file name. It then proceeds to delete all files when the system date is either December 13, or any Friday that falls on the 13th day of any month.

This worm drops copies of itself in all physical and removable drives.
WORM_AUTORUN.RQ
This worm may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
This worm drops copies of itself. This worm creates registry entries to enable its automatic execution at every system startup.
This worm drops copies of itself in all physical drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.
WORM_KNIGHT.AB
This worm may arrive bundled with other malware as a malware component. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this worm drops several files.

This worm drops a copy of itself in all removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.

Infopirate.org

A Worm for Your Apple (MAC)

Similar entries

User login

Topics

Recent comments

Stay up to date!