Help

Mac malware uses Windows-style PDF camouflage ruse

Not applicable

Posted on ‎09-26-2011 03:36 AM

Have you guys seen this? I will be checking with McAfee to see there is a
definition update to detect this.
Anyway to use Casper to restrict this?
http://www.theregister.co.uk/2011/09/23/mac_malware_pdf_disguise/

0 Kudos
Reply
4 REPLIES 4

briangoldstein
New Contributor III

Posted on ‎09-26-2011 08:19 AM

According to the story on Cult of Mac (http://www.cultofmac.com/?p=115345)
the process is named checkver. You can make a Restrict Software entry for
'checkver' that kills the process and deletes the file.

Brian

--
Brian Goldstein
Singer Consulting, Inc.
brian at randsinger.com
888.222.2959 x2103
For general support inquiries please email support at randsinger.com

0 Kudos
Reply

ernstcs
Contributor III

Posted on ‎09-26-2011 09:33 AM

One correction to this would be that it's 'checkvir' with an I.

Craig E

0 Kudos
Reply

Not applicable

Posted on ‎09-26-2011 01:35 PM

I think that website has typo? Checkvir and checkfir.plist .

See this one make sense to me: restrict/delete checkvir in
/Applications/Utilities and delete checkvir.plist in
~/Library/LaunchAgents/
http://macs.about.com/b/2011/09/23/f-secure-reveals-new-mac-trojan.htm

I am also seeing other sites and most of them says checkfir.plist. So I
will delete both checkvir.plist and checkfir.plist .

Cem

Sent from my iPhone

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎09-26-2011 02:04 PM

Apple's on the case

http://www.macrumors.com/2011/09/26/apple-updates-anti-malware-tools-to-address-new-trojan-threat/

Regards,

Ben.

0 Kudos
Reply