Trend Micro Advanced Threats Researcher Ivan Macalintal reports of a new malware affecting Mac OS. Detected as OSX_LAMZEV.A, this malicious file could allow hackers to take control of an infected system.
Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems.
When executed, OSX_LAMZEV.A prompts users to select an application and a port above 1024. These are Internet Assigned Numbers Authority (IANA) registered ports and are used by vendors for proprietary applications.
The backdoor creates the file /tmp/com.apple.DockSettings and copies this file in the location ~/Library/LaunchAgents. This file is then deleted once it has been loaded to allow this backdoor to execute everytime the system starts up. The application selected by the infected user is copied by this backdoor to a certain location too. It then creates another backdoor component that executes whenever the said Mac application is executed.
These malware routines compromise security, as remote malicious users may gain access to an affected system. OSX_LAMZEV.A also has autostart features, so turning one’s infected Mac on automatically runs the backdoor.
Interestingly in November last year, another notable Mac malware hit users. Detected by Trend Micro as OSX_DNSCHAN.A, this older Trojan dropped malicious script files and came in two versions, one for Windows and another for Mac, depending on the Web browser and operating system used to download it.
There are not many but their number keeps growing. Other Mac threats are documented in the following blog entries:
The Trend Micro Smart Protection Network already detects OSX_LAMZEV.A and provides solutions for its cleanup and removal.
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
November 18th, 2008 at 6:35 pm
[...] full article can be found here. Filed Under: InfoSecTagged: mac os x, [...]
November 19th, 2008 at 7:03 am
[...] details on the latest (minor) Mac OS-X security flap can be found in blog postings by Trend Micro here and Intego here. Lame Mac Trojan limps into view ? The Register __________________ [...]
November 20th, 2008 at 12:09 am
[...] za hacking.pl i Trend Micro (również [...]
November 21st, 2008 at 12:21 pm
[...] la compañía Trend Micro, un nuevo malware, llamado OSX_LAMZEV.A ha aparecido, y permite a los hackers tomar el control de [...]
November 21st, 2008 at 4:31 pm
[...] security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of [...]
November 21st, 2008 at 4:44 pm
[...] section consort Trend Micro is news that a newborn Mac OS X malware application is making the rounds. The application, titled OSX_LAMZEV.A, gives hackers a artefact to verify curb [...]
November 21st, 2008 at 8:30 pm
New Malware Threatens Mac Users: http://tinyurl.com/6bdkaf
November 21st, 2008 at 8:51 pm
Mac users: @trendmicro reports there is a new mac-centric Malware out. Beware! http://tinyurl.com/6bdkaf
November 21st, 2008 at 10:05 pm
[...] security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of [...]
November 22nd, 2008 at 12:47 am
[...] security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of [...]
November 22nd, 2008 at 9:05 am
[...] Malware Sighting Computer security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of [...]
November 23rd, 2008 at 9:31 am
[...] el excelente articulo en AppleDiario asi como la nota informativa en el blog de Trend Micro sobre OSX_LAMZEV.A, encontrado (o creado) por [...]
November 24th, 2008 at 3:31 am
[...] Internet-Sicherheitsdienstleister Trend Micro gab nun bekannt, dass seit einiger Zeit ein Schädling namens OSX_LAMZEV.A im Umlauf [...]
November 24th, 2008 at 12:53 pm
[...] Micro, internet kullanıcılarının güvenliğini tehdit eden yeni bir trojan tespit edildiğini duyurdu. Mac OS X’i etkileyen OSX_LAMZEV.A isimli bu yeni trojan, kullanıcının farkında olmadan [...]
November 24th, 2008 at 1:40 pm
[...] Micro, internet kullanıcılarının güvenliğini tehdit eden yeni bir trojan tespit edildiğini duyurdu. Mac OS X’i etkileyen OSX_LAMZEV.A isimli bu yeni trojan, kullanıcının farkında olmadan [...]
November 24th, 2008 at 11:31 pm
[...] сайте компании в разделе TrendLabs Malware Blog появилось описание приложения OSX_LAMZEV.A, запуск которого позволяет [...]
December 1st, 2008 at 7:16 pm
[...] Latest Mac Virus, OSX_LAMZEV.A, Requires Manual Installation — We imagine it’s still a virus even though a user has to be naive enough to download the program and install it. The virus opens a backdoor, but it’s lazy enough to ask the user to select the incoming port over which the backdoor is available. Virus writers these days! Trend Micro has more details. [...]
December 2nd, 2008 at 7:32 pm
[...] recordar también a fines del mes pasado fue detectado un malware en Mac OS X, por la compañía TrendMicro, que permite a los hackers tomar el control de nuestro Mac [...]
December 21st, 2008 at 5:27 pm
[...] firma de segurança Trend Micro reportou nesta semana que mais um malware para o Mac OS X está rolando por aí, além do Cavalo de Tróia [...]
February 8th, 2009 at 3:22 pm
[...] el excelente articulo en AppleDiario asi como la nota informativa en el blog de Trend Micro sobre OSX_LAMZEV.A, encontrado (o creado) por [...]