[OS X TeX] OT: effective Macintosh Trojan in the wild

Bruno Voisin bvoisin at mac.com
Thu May 5 09:07:04 CEST 2005


Le 5 mai 05 à 02:12, Jon Hanson a écrit :

> Macintouch provides this link to instructions for removing this  
> Trojan:
>
> http://www.cowfight.com/cf4/underhand/RemovingUnderhand.rtf

Many thanks for the help. Yesterday evening my colleague reported to  
me that, even after switching Norton Antivirus essentially off, the  
problem (Mac becoming unresponsive) still showed up. I won't have the  
opportunity to see my colleague before Monday, but as soon as I do  
I'll see to applying the removal instructions.

I looked at that site (CowFight), I'm amazed and shocked: these guys  
provide infection tools openly, as if it were any legitimate  
business, and congratulate themselves on their achievements. On the  
other hand this of course serves as a reminder to the Mac user  
community that security measures have always to be taken.

Be it connected or not, since activating, in Tiger, firewall logging  
and stealth mode, I'm now seeing bursts of port scanning now and  
then, whether I'm at home on an AirPort network or (what's more  
worrying) at work protected in principle by several layers of  
university firewalls. ipfw.log contains many bursts of lines like  
(10.0.1.2 is an address on my AirPort network, and I'm hiding the  
other IPs to not get a poor guy's address showing up on Google) :

May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection  
attempt to TCP 10.0.1.2:49987 from [...].73.26:80
May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection  
attempt to TCP 10.0.1.2:49986 from [...].73.26:80
May  5 08:32:34 Portable-de-Bruno ipfw: Stealth Mode connection  
attempt to TCP 10.0.1.2:49965 from [...].87.2:80

Scary! (I hope I'm not misinterpreting these messages as port scan  
attempts.)

Bruno Voisin--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>





More information about the macostex-archives mailing list