When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

OS X and Malware

There's now a real virus out there for Mac OS X that can do some real damage. It doesn't seem to be too destructive although it does delete some UNIX commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it "Opener." My system was a responding a bit slowly and a check of my /var/log files showed that they were _all_ empty and had the same mod date. The Activity Monitor showed a process called "john" eating almost an entire processor.

Some further looking showed an unknown startupitem in /Library/StartupItems/ called "opener". The executable file is a well-commented bash program. It scans for passwords for every user, processes the hashed info using your own Mac, turns on file sharing, and puts all this stuff into an invisible folder called .info on each users Public folder. It does much, much more but it's important that a warning get out quickly.

Dave Taylor: You might notify people that the fastest way for them to see if they've had this little bugger show up is to run:

    $ sudo ls -l /Users/*/Public/.info
A good result is:

    ls: /Users/*/Public/.info: No such file or directory
If you get anything else, it's time to pop into /Library/StartupItems and see what's in there.

News source: MacInTouch Reader Reports

Report a problem with article
Next Article

Medal of Honor 4 named, detailed

Previous Article

Pumping Up the Power of the iPod