Undetected Mac malware

June 25th, 2009

The following domain is involved in Mac Trojan (I suspect DNS changer) propagation.

electionprime.com

mac31

VirusTotal analysis comes out as clean as soap:

By the way, there is also a Windows version. It is using a not so common packer, Nullsoft PiMP Stub:

And again, very low detection:

Jerome Segura

Malware ID: 9a3aa341d9de45a8835ccb5aa3f5c5b8.zip (Mac)

Malware ID: ba70461d6801f179cb798b12c3362f90.zip (PC)

This entry was posted on Thursday, June 25th, 2009 at 3:27 pm and is filed under Mac security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments