Apple’s Mac PCs get another Trojan Malware
According to Intego the computer security company, its security researchers have detected one fresh Trojan virus designed to attack Mac OS X which installs various components when it's run following the gaining of administrative rights of the end-user's account.
The Trojan, which's named 'Morcut' else 'Crisis,' solely infects end-users using Lion or Snow Leopard while it loads itself onto Mac computers devoid of entering any password.
Also, Crisis arrives being included within a Java archive that masquerades as Adobe Flash Player having the filename AdobeFlashPlayer.jar. This malevolent archive contains WebEnhancer, name of certain .class file, as well as two more the 'mac' and 'win' files. Before delivering its malicious payload, typically the WebEnhancer finds out whether the target end-user is using Mac OS X of Apple or Windows of Microsoft.
Intego's researchers explain that at the time of running, the Trojan uses root access to install one rootkit that helps it remain concealed.
The malware creates 17 files or 14 depending on whether it relies on root access or otherwise for finishing its task.
Moreover according to the Intego Virus Team, Crisis' backdoor component connects with the 188.8.131.52 Internet Protocol address for receiving commands repeatedly after each five-minute interval.
The malware also has one special ability unlike the usual OS X malicious programs i.e., it spoils reverse engineering programs for effectively performing its analysis.
Intego, which provided Crisis' samples into the VirusTotal online site, still couldn't clearly determine the Trojan's creator as well as his motives behind the creation.
Luckily the Trojan isn't yet widespread, thus providing an opportunity for preparing against it or similar more.
Nevertheless, Crisis is at par with other Mac malware of late in terms of ranking. Those other malicious programs are Mac Defender the fake AV software; the Flashback malware having backdoor components, which contaminated no less than 650,000 PCs; along with dual spyware pieces that intercepted the online activities of Chinese dissidents.
In conclusion Intego states that people should exercise caution regarding whatever they load onto their PCs; ensure that the files they take down are from trustworthy entities; as well as that they're running up-to-date anti-virus programs.
» SPAMfighter News - 04-08-2012