New Mac DNS variant

August 27th, 2009

A mini how-to on collecting Mac Trojans. This new variant comes from anzipfimuk.com.

1) Identify a new site that hosts the Trojan (I use a HoneyPot)

2) Unless you have the exact URL, you will not be able to download the file

3) Typing the full URL (using that series of digits) gets you the binary

This one is only detected by our friends from Sophos:

Jerome Segura

Malware ID: 4ece0e88b3527c85c2c503d3899be26b.zip

This entry was posted on Thursday, August 27th, 2009 at 9:01 am and is filed under Mac security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments