Microsoft Detects Fresh Mac Backdoor
The team Microsoft malware Protection Center (MMPC), which explored malicious software as well as designed signatures for various anti-malware programs Microsoft manufactures, cautioned users that one fresh Mac "backdoor" was circulating in the wild as when it was planted. It downloaded more exploits alternatively and facilitated hackers in seizing data from the infected PC, as reported by ComputerWorld on July 26, 2011.
According to Meths Ferrer, Microsoft malware Engineer MMPC had revealed the backdoor dubbed "Backdoor:MacOS X/Olyx.A," in an archived file also containing a Windows backdoor called "Wolyx.A," as per news published in the COMPUTERWORLD on July 26, 2011.
Either a user is required to install backdoor manually perhaps once tricked into running the file or wrapped up with other malware or tricked by other social engineering to victimize an individual, reported James.
Apparently, Olyx, short form of Backdoor:MacOS X/Olyx.A looks like GhostNet that first emerged during 2009 attacking the previous editions of Windows. However, a malevolent .exe file that's definitely Mac-oriented is found within the new edition. The Olyx malware as well contains one digital certificate duly signed for helping it bypass security systems.
Interestingly, this backdoor, whether on Mac or Windows, is signed with the authentic digital certificate that the WoSign Code Signing Authority issued to several firms in China.
Explaining further, security researchers at Microsoft said that the backdoor masqueraded as one support file of an application of Google through the creation of a folder that is called 'google' within the directory -'/Library/Application Support' wherein Olyx plants itself as 'startup.'
In the meantime, it requires mention that anti-virus firm Intego of France, which concentrates solely on the Mac refused to agree with Ferrer. According to this firm, it often observes the Olyx kind of malware that's not only badly crafted, but cannot be effortlessly planted into Macs as well.
Spokesman, Peter James for Intego in a statement said that every backdoor was characterized with an end-user manually planting it, possibly following deceptive methods that got him to execute the file, alternatively coming bundled with other malicious programs, which abused a security flaw else employed social engineering tactics for tricking the affected user into executing the program, reports ComputerWorld.
James added that it was somewhat amazing that Microsoft mentioned Olyx one month after its circulation which hinted that the company likely would be examining additional Mac malicious programs henceforth.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 05-08-2011