'Re: [Clamav-users] Mac virus question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [Clamav-users] Mac virus question
From:       Chuck Swiger <cswiger () mac ! com>
Date:       2009-01-23 1:03:36
Message-ID: BB2FAF30-A260-4869-BDFB-F42690BFA392 () mac ! com
[Download RAW message or body]

On Jan 22, 2009, at 3:14 PM, Dennis Peterson wrote:
> Anyone have any comments on the iServices.a virus found in illegal  
> distributions of iLife '09?
> 
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126609&intsrc=hm_list
> 

If you have a copy, please submit it to ClamAV (or http://www.virustotal.com 
  / http://virusscan.jotti.org).

Per F-Secure's analysis at \
http://www.f-secure.com/v-descs/backdoor_osx_iworkserv_a.shtml  , this attempts to \
connect to either:

     * 69.92.177.146:59201           (ARIN: cableone.net)
     * qwfojzlk.freehostia.com:1024  (aka IP 201.235.145.105, part of  
LACNIC:FIBERTEL.COM.AR)

...and could try to download additional stuff via P2P, although at  
present it looks like both IPs are down (unpingable & the ports the  
trojan uses are not responding), so it looks like the actual threat is  
being contained.

Regards,
-- 
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic