Intego issues a Mac security memo

Posted by Dave Merten Apple ico Nov 23, 2008 at 3:57pm

imageIntego today has released a Security Memo. Reports have been circulating about a new Mac “malware” or “Trojan horse”, usually under the name “OSX.Lamzev.A”, which is claimed to open a back door on compromised Mac OS X computers. The code is added to an unsigned third-party application that is installed manually on a Mac, and, when the application is run, the backdoor is activated.

This hacker tool can be used to create a “backdoor” on a Mac OS X computer. This backdoor then gives a hacker remote access to the computer. The code is added to an unsigned third-party application that is installed manually on a Mac, and, when the application is run, the backdoor is activated. It creates a file named com.apple.DockSettings in ~/Library/LaunchAgents, and the backdoor is launched at each login. The binary of the original application is placed in ApplicationName.app/Contents/MacOS/2, and the binary of the backdoor is found in ApplicationName.app/Contents/MacOS/1. The tool modifies the application’s info.plist file so it points to the latter location.

There are therefore only two modes of transmission of this hacker tool: the first is if someone sends another user an infected application, either in a .zip archive or a disk image, and the second is when a hacker obtains network access to a Mac and replaces an existing application with an infected version.

Means of protection: The best way to protect against this exploit is to run Intego VirusBarrier X5; the program’s virus definitions dated September 3, 2008 or later detect this hacker tool. Intego VirusBarrier X5 eradicates the malicious code and prevents the Trojan horse from being installed. Intego recommends that users never download and install software from untrusted sources or questionable web sites.

image“Macsimum News” is a proud supporter of Planet Gumbo, which feeds the hungry. We urge you to help them in their efforts.

Leave a comment:
Please do your best to keep the comments on topic

Posted on January 09, 2009




Please enter the word you see in the image below:

Article Information

Comment on this Article Print this Article Email this Article Digg This

Contributor

Contributor

Dave Merten

Dave was one of the founding guides at ‘The Mining Company,’ now known as About.com, in February 1998. Dave was their ‘Focus on Mac Support’ guide. In 2004 he started ‘G5 Owners Support Group,’ and in 2005, renamed it ‘Mac Owners Support Group.’ In 2006, he started the ‘MacOSG Support Corner’ column here at Macsimum News

View Dave Merten's Articles

Recent Articles

NCsoft opens City of Heroes World to Mac gamers
Analysts don’t think Apple is addressing current economic climate in its pricing structure
Reporter’s Notebook: well, the final day of the Expo is here
MWSF: Targus showcases ‘eco-friendly’ Mac bags
MWSF: Respondus releases Studymate Class Server, the ‘Ultimate Study Group’ for E-Learning
Remembering Robert Hess (Macworld party lists’ founder)
MWSF: Griffin Technology announces FM Radio experience for iPhone and iPod
MWSF: Aquafadas unveils version 2 of PulpMotion
MWSF: Freeverse shows new iPhone and iPod touch games
MWSF: NETGEAR launches new series of versatile wireless routers
MWSF:  SoftRAID announces SoftRAID 4.0, with Fast Mirror Rebuilds and SnapShot Disks
MWSF: Speck unveils a new line of backpacks, bags and sleeves for notebook computers
MWSF: Viximo announces TrueFlirt virtual flirting application
Macworld Photos: Day 4
CES: Epson announces a 1080p home theater projector with 75,000:1 contrast ratio
Apple software updates for Jan. 8
MWSF: DocProtect 1.0 for Mac and Windows
‘Macsimum,’ ‘MacTech’ team up for Best of Show awards
Town Hall Meeting: whither future Macworlds?
MWSF: Blackmagic Design announces new video cards


Hotel München