Re: OS X malware family has a new member: OSX.Lamzev.A

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

This is and was the situation when writing the entry.
More information and information about the possibly previously unknown vulnerability related to the Trojan is not 
available.

Now Symantec analysis says that
-Trojan creates the file /tmp/com.apple.DockSettings
-inserts its contents into ~/Library/LaunchAgents, and
-deletes /tmp/com.apple.DockSettings.

Source:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-111315-1230-99&tabid=2

Juha-Matti

Mario D [phisher_hunter () yahoo com] kirjoitti: 
> They may be under pressure from Apple to not release details.  Remember the MacBook wireless drama?
>
> --- On Fri, 11/14/08, rholgstad <rholgstad () gmail com> wrote:
> From: rholgstad <rholgstad () gmail com>
> Subject: Re: [Full-disclosure] OS X malware family has a new member: OSX.Lamzev.A
> To: "Juha-Matti Laurio" <juha-matti.laurio () netti fi>
> Cc: full-disclosure () lists grok org uk
> Date: Friday, November 14, 2008, 12:27 PM
>
> Sweet more non-tech writeup from securiteam. I am beginning to wonder if 
> securiteam is really a technical company or just a bunch of clueless 
> journalists like Nate McFeters.
>
> Juha-Matti Laurio wrote:
> > New Trojan horse for Mac OS X found, the Trojan is known as OSX.Lamzev.A
> by Symantec.
> > A short history of Mac malware:
> > Mac.Hovdy.a (June '08),
> > OSX.Exploit.Launchd (June '06), and
> > Leap.A (February '06).
> >
> > More at
> > http://blogs.securiteam.com/?p=1160
> >
> > Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/