Monday, 30 July 2012


Apple Mac Trojan named OSX/Crisis.
Discovered by Intego.
Intego is a Mac security software company founded in 1997.

[Image: HB1ca.jpg]


They create backup, antivirus, antispam, data protection software, firewall for MAC OS X.
Now lets get back to our discussion
OSX/Crisis:
This threat is a dropper which creates a backdoor when it's run.
It installs silently, without requiring a password only in OSX 10.6,10.7 and Snow Leopard and Lion.
If the dropper runs on a system with Admin permissions it will drop a rootkit to hide itself.
With or Without Admin permissions this folder is created in the infected user's home:
~/Library/ScriptingAdditions/appleHID
only with Admin permissions,
/System/Library/Frameworks/Foundation.framework/XPCService
A new folder will be created.
It uses low level system calls to hide its activities


Image has been scaled down 20% (500x590). Click this bar to view original image (620x731). Click image to open in new window.
[Image: jWTMn.png]


Image has been scaled down 20% (500x428). Click this bar to view original image (620x530). Click image to open in new window.
[Image: ajycx.png]


Image has been scaled down 20% (500x428). Click this bar to view original image (620x530). Click image to open in new window.
[Image: TROpT.png]

Intego suggest to use VirusBarrier X6 need to update to get protected from OSX/Crisis.

Leave a Reply

Subscribe to Posts | Subscribe to Comments

- Copyright © Technology Unleashed - Powered by Blogger - Designed by Dhilipkumar -