Fresh NetWeirdRC Malicious Program Attacks Macs
Intego the security company based in Austin, Texas is cautioning computer owners with Mac OS X about a fresh malware sample dubbed OSX/NetWeirdRC that's almost same as Crisis because of its RAT (remote access tool) features used for commercial purposes, and one that VirusTotal has captured.
NetWeirdRC reportedly, has characteristics of any commercial backdoor, which particularly attacks Mac OS X 10.6 followed with Windows, Solaris as well as Linux, says Intego.
And while it isn't immediately known about the way this malware makes entry, Intego conjectures it maybe spreading through custom droppers alternatively via enticing e-mail recipients into viewing a file attachment embedded on that message which carries certain convincing news story.
An examination by VirusTotal shows that NetWeirdRC isn't lasting -maybe because of a bug; doesn't trigger off again following a reboot; as well as stays dormant till the user manually starts it again or eliminates it. However, it joins the login particulars' collection though it still doesn't restart rather it would just undo the infected computer user's home folder during the process of logging in.
What's more, when planted, this malicious program connects with the 220.127.116.11 Internet Protocol on the 4141 port to receive commands.
Intego's experts explaining the working of NetWeirdRC states that it monitors the infected end-user's activities via planting fresh files; carrying out instructions secretly; capturing screenshots; as also collecting system info.
According to them, the malware collects information regarding software running on the machine, to filching encoded SeaMonkey, Opera, Thunderbird or Firefox passwords.
Also, it has one temporary file namely /tmp/.lbOOjfsO that enables to know regarding its status of installation.
Intego subsequently discloses that whereas OSX/Crisis is a sophisticated malware that remains invisible rather well, OSX/NetWeirdRC possesses several noticeable factors.
Even from the price-tag whereby OSX/Crisis can be bought for EUR200,000 whereas OSX/NetWeirdRC costs a minimum of $60, the former demonstrates its greater sophistication. Meanwhile, those behind the creation of NetWeirdRC have posted online about the tool's capability of remaining undetected to enhance its sale prospects, apparently indicating that anyone can get as per whatever he pays no matter if it's within the malware economy as well.
Related article: Force 9 and TalkTalk Are the Highest Spam-Delivering ISPs
» SPAMfighter News - 01-09-2012