Oct. 22, 2004
Opener Malware
From http://www.macintouch.com/opener.html
MacInTouch Reader
There's now a real virus out there for Mac OS X that can do some real
damage. It doesn't seem to be too destructive although it does delete
some UNIX commands and modifies prefs for a couple of others. It will
gather all password info on your machine. For now, lets call it
"Opener."
My system was a responding a bit slowly and a check of my /var/log
files showed that they were _all_ empty and had the same mod date. The
Activity Monitor showed a process called "john" eating almost an entire
processor.
Some further looking showed an unknown startupitem in
/Library/StartupItems/ called "opener". The executable file is a
well-commented bash program. It scans for passwords for every user,
processes the hashed info using your own Mac, turns on file sharing,
and puts all this stuff into an invisible folder called .info on each
users Public folder.
It does much, much more but it's important that a warning get out
quickly.
Mark Ingles
643-3107
Departmental On-site Computing Support
264 Evans Hall http://docs.berkeley.edu/
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Fri Oct 22 13:50:10 2004
This archive was generated by hypermail 2.1.8 : Fri Oct 22 2004 - 13:50:11 PDT