[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [Clamav-users] Mac virus question
From: Chuck Swiger <cswiger () mac ! com>
Date: 2009-01-23 1:03:36
Message-ID: BB2FAF30-A260-4869-BDFB-F42690BFA392 () mac ! com
[Download RAW message or body]
On Jan 22, 2009, at 3:14 PM, Dennis Peterson wrote:
> Anyone have any comments on the iServices.a virus found in illegal
> distributions of iLife '09?
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126609&intsrc=hm_list
>
If you have a copy, please submit it to ClamAV (or http://www.virustotal.com
/ http://virusscan.jotti.org).
Per F-Secure's analysis at \
http://www.f-secure.com/v-descs/backdoor_osx_iworkserv_a.shtml , this attempts to \
connect to either:
* 69.92.177.146:59201 (ARIN: cableone.net)
* qwfojzlk.freehostia.com:1024 (aka IP 201.235.145.105, part of
LACNIC:FIBERTEL.COM.AR)
...and could try to download additional stuff via P2P, although at
present it looks like both IPs are down (unpingable & the ports the
trojan uses are not responding), so it looks like the actual threat is
being contained.
Regards,
--
-Chuck
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic