iPhone worm in the wild:
Couple of days ago there were a lot of discussions about an attack on iPhone users in the Netherlands where the attacker installed a backdoor that asked the iPhone owner to pay 5 EUR to get rid of the Trojan.
The attack was aimed exclusively against jailbroken (hacked) iPhones – these phones allow the user to run unofficial code and bypass Apple's official App Store. In other words – it allows users to run (often) pirated programs.
EDIT: More coverage at the SANS diary ==> Apple Security Update 2009-006 for Mac OS X v10.6.2
Showing posts with label trojan. Show all posts
Showing posts with label trojan. Show all posts
Sunday, November 08, 2009
Thursday, May 01, 2008
DNS Changer Trojan Revisited
(Minor) evolution in Mac DNS changer malware
This article tracks the state of this trojan since it was first reported. Apparently, more AV products will alert on the trojan since its initial discovery, although the authors are now attempting to evade notice by obfuscating the install code.
This is a nice, short, and sweet article.
This article tracks the state of this trojan since it was first reported. Apparently, more AV products will alert on the trojan since its initial discovery, although the authors are now attempting to evade notice by obfuscating the install code.
This is a nice, short, and sweet article.
Sunday, November 04, 2007
DNS changer Trojan for Mac (!) in the wild
http://isc.sans.org/diary.html?storyid=3595
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
Subscribe to:
Posts (Atom)