[OS X TeX] OT: effective Macintosh Trojan in the wild

Bruno Voisin bvoisin at mac.com
Wed May 4 10:38:24 CEST 2005

Sorry for this OT post, but I've been faced for the first time this  
morning with an effective Macintosh Trojan (I thought that  
impossible) and thought it useful to report here, in case others are  
faced with it.

In short, I've spent a couple of hours trying to get up and running  
the PowerBook G4 15" of a colleague, with no luck. The OS is Panther  
10.3.9. Since last Monday, the PowerBook is freezing several times a  
day, with Norton Antivirus (installed on that particular Mac) popping  
up a dialog about Hacktool.Underhand in a file swapfile1 that cannot  
be repaired. Problem is, there's nothing about this Trojan at  
Symantec's site, and no file swapfile1 on my colleague's disk  
(looking for both visible and invisible files on the whole disk).

Turning finally to Google gives this <http://www.computing.net/mac/ 
wwwboard/forum/10972.html>, which corresponds exactly to the same  
symptoms and is fairly recent (reports on the problem started May 2).  
One post attributes the problem to NeoOffice, which is wrong since it  
is not installed on my colleague's Mac. Apparently, the only solution  
(apart from disconnecting physically from the net) is to boot another  
Mac with Norton AV installed, connect the infected Mac in FireWire  
disk mode and then sanitize it, which apparently means removing  
several swapfiles and tmp files.

Bruno Voisin

--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>

More information about the macostex-archives mailing list