Help

Worm for Macs -

GaToRAiD
Contributor II

Posted on ‎10-03-2014 08:42 PM

Guys, there is a worm out for macs. Here is a link to the article.
http://www.iclarified.com/44390/new-macbackdooriworm-threat-has-infected-over-18500-macs

I've just created an extension attr, and a smart group to monitor if this happens to one of ours.

0 Kudos
Reply
4 REPLIES 4

fcloth
New Contributor II

Posted on ‎10-03-2014 08:53 PM

My extension attribute checks two places:

-d /Library/Application Support/JavaW
-f /private/var/root/.JavaW

0 Kudos
Reply

rtrouton
Release Candidate Programs Tester

Posted on ‎10-04-2014 11:55 AM

It looks like the iWorm method of infection has been identified. The transmission is not automated and requires active human intervention and admin privileges for the Trojan to be installed:

http://www.thesafemac.com/iworm-method-of-infection-found/

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎10-04-2014 03:25 PM

Thanks for the link Rich. Good to hear its more a people problem than an actual flaw in the OS that's being exploited. Not that its that surprising. People being dumb is often the way things like this spread. Makes an excellent case against touching pirated software, that's for sure.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎10-05-2014 03:12 PM

XProtect has got you covered: http://forums.macrumors.com/showthread.php?t=1796295

0 Kudos
Reply