[OS X TeX] OT: effective Macintosh Trojan in the wild
Bruno Voisin
bvoisin at mac.com
Thu May 5 09:07:04 CEST 2005
Le 5 mai 05 à 02:12, Jon Hanson a écrit :
> Macintouch provides this link to instructions for removing this
> Trojan:
>
> http://www.cowfight.com/cf4/underhand/RemovingUnderhand.rtf
Many thanks for the help. Yesterday evening my colleague reported to
me that, even after switching Norton Antivirus essentially off, the
problem (Mac becoming unresponsive) still showed up. I won't have the
opportunity to see my colleague before Monday, but as soon as I do
I'll see to applying the removal instructions.
I looked at that site (CowFight), I'm amazed and shocked: these guys
provide infection tools openly, as if it were any legitimate
business, and congratulate themselves on their achievements. On the
other hand this of course serves as a reminder to the Mac user
community that security measures have always to be taken.
Be it connected or not, since activating, in Tiger, firewall logging
and stealth mode, I'm now seeing bursts of port scanning now and
then, whether I'm at home on an AirPort network or (what's more
worrying) at work protected in principle by several layers of
university firewalls. ipfw.log contains many bursts of lines like
(10.0.1.2 is an address on my AirPort network, and I'm hiding the
other IPs to not get a poor guy's address showing up on Google) :
May 5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection
attempt to TCP 10.0.1.2:49987 from [...].73.26:80
May 5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection
attempt to TCP 10.0.1.2:49986 from [...].73.26:80
May 5 08:32:34 Portable-de-Bruno ipfw: Stealth Mode connection
attempt to TCP 10.0.1.2:49965 from [...].87.2:80
Scary! (I hope I'm not misinterpreting these messages as port scan
attempts.)
Bruno Voisin--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>
More information about the macostex-archives
mailing list