Jamf Nation Community

I have not seen it yet but will be watching closely

( i did test the EA. It works well with my test environment so I will be monitoring my smart group.)

@elliotjordan Thanks for the post!!!!

@elliotjordan Thanks for posting this! I was looking closely at how to detect it. I was thinking about putting in a Software Restriction, but since the malware masquerades as a legitimate process, I'm worried about killing it. Anyone else thought of a way to put a software restriction in place to keep the process from running?

Maybe use the little script in the EA and only run the kill command on a positive result.

Sophos released a threat signature, so folks using Sophos Anti-Virus should be okay: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OSX~iWorm-A.aspx

@emilykausalik,

Thank you for posting this.

We use Sophos AV - I'll make sure the Sophos security team here gets this.

@elliotjordan, thank you for posting too.

EA and smart group work perfectly, thx @elliotjordan][/url. So far just my test machine reports positive. I'd be interested to hear what get placed in that javaw folder once someone sees an infection.

Currently using this EA. Thanks Elliot!

Looks like Apple released an XProtect update for this.

http://www.mactech.com/2014/10/06/apple-updates-xprotect-malware-list