Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MacOSX worm

from [Steven Trewick] Network Security [Permanent Link]
Subject: RE: MacOSX worm
Date: Wed, 27 Oct 2004 09:25:47 +0100 


Well, the reg
http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/says

says the malware "contains a variety of destructive 
functionality including a keylogger and backdoor components."

The Symantec write up linked from the article
http://www.sophos.com/virusinfo/analyses/shrenepoa.htmlhas 
lists side effects including "Deletes files off the computer",
and "Modifies passwords", both of which could be considered 
destructive actions.

Perhaps the semantics in the reg article are a bit off, but
I hardly think they can be accused of spreading FUD.

You could always email them and ask for clarification, 
they are a fairly approachable lot.

As for the AV industry, I see no reason why they should downplay 
the threat (quite the opposite surely ?), but since the Symantec 
write up classifeis it as worm, and claims it spreads by file shares, 
and the user write ups at http://www.macintouch.com/opener.html
suggest something different again, perhaps the combined effect
*becomes* FUD

Same old same old.  

Steve


















-----Original Message-----
From: H Carvey [mailto:keydet89@yahoo.com]
Sent: 26 October 2004 17:09
To: focus-virus@securityfocus.com
Subject: MacOSX worm




SF has a Register article about Opener/Renepo-A.  The article 
describes this as a "rootkit" (the term is, in fact, used in 
the title of the article), yet Sophos (linked in the article) 
classifies it as a worm.  Neither the Register article nor 
the Sophos write up describe any rootkit-like capabilities.

Here's the Symantec writeup:
http://www.sarc.com/avcenter/venc/data/macos.renepo.b.html

The Register article calls the "rootkit" "destructive", yet 
doesn't describe any destructive capabilities.  However, the 
Symantec writeup does.

So...what's the real deal?  Is the media spreading FUD, or is 
the A/V community downplaying the effectiveness of this bit 
of malware?

Thanks,

Harlan Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com




The information contained in this e-mail is confidential and may be privileged, 
it is intended for the addressee only. If you have received this e-mail in 
error please delete it from your system. The statements and opinions expressed 
in this message are those of the author and do not necessarily reflect those of 
the company. Whilst Joplings Group operates an e-mail anti-virus program it 
does not accept responsibility for any damage whatsoever that is caused by 
viruses being passed.
joplings.co.uk
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MacOSX worm, H Carvey
Next by Date:  Re: MacOSX worm, Bruce Walker
Previous by Thread:  Re: {BAD-DATE} MacOSX worm, "D. HÃhn"
Next by Thread:  RE: MacOSX worm, Kevin O'Brien
Indexes:  [Date] [Thread] [Top] [All Lists]