-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
H Carvey wrote:
| H Carvey wrote:
| |
| | SF has a Register article about Opener/Renepo-A. The article
| describes this as a "rootkit" (the term is, in fact, used in the title
| of the article), yet Sophos (linked in the article) classifies it as a
| worm. Neither the Register article nor the Sophos write up describe any
| rootkit-like capabilities.
| |
| | Here's the Symantec writeup:
| | http://www.sarc.com/avcenter/venc/data/macos.renepo.b.html
| |
| | The Register article calls the "rootkit" "destructive", yet doesn't
| describe any destructive capabilities. However, the Symantec writeup
does.
| |
| | So...what's the real deal? Is the media spreading FUD, or is the A/V
| community downplaying the effectiveness of this bit of malware?
| |
| | Thanks,
| |
~ As Mac OS X user and soemone who has to deal with Security all day long
~ I can assure you that it is main media FUD compared with the need to
~ make money from some virus vendors. This is not something I am hollering
~ out all by myself, you can query your favourite search engine and you
~ will get many similar voices such as mine.
Basically it is a script which has been posted online.
~ it has then been further developed by those involved. Basically it is a
~ rootkit as you can see, it is realised by running standard programs such
~ as:
~ ~ John The Ripper, DSniff and ohphoneX
However those things are neither masked by a kernel module, nor are they
really hidden away on the system. There is _no_ indication of a routine
that spreads all those things necessary for setup automatically, neither
is there indiciation how that script got onto the "machine" in the first
place.
~ I hope this helps
~ -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBf7IvPMoaMn4kKR4RA8KSAJ95d4GjK+71107EgJIG06zVw6efLQCfdIAw
RQrJhjnNHf0BFlz3l5bjO6A=
=VmQv
-----END PGP SIGNATURE-----
