Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Trend Micro Advanced Threats Researcher Ivan Macalintal reports of a new malware affecting Mac OS. Detected as OSX_LAMZEV.A, this malicious file could allow hackers to take control of an infected system.

    Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems.

    When executed, OSX_LAMZEV.A prompts users to select an application and a port above 1024. These are Internet Assigned Numbers Authority (IANA) registered ports and are used by vendors for proprietary applications.

    The backdoor creates the file /tmp/com.apple.DockSettings and copies this file in the location ~/Library/LaunchAgents. This file is then deleted once it has been loaded to allow this backdoor to execute everytime the system starts up. The application selected by the infected user is copied by this backdoor to a certain location too. It then creates another backdoor component that executes whenever the said Mac application is executed.

    These malware routines compromise security, as remote malicious users may gain access to an affected system. OSX_LAMZEV.A also has autostart features, so turning one’s infected Mac on automatically runs the backdoor.

    Interestingly in November last year, another notable Mac malware hit users. Detected by Trend Micro as OSX_DNSCHAN.A, this older Trojan dropped malicious script files and came in two versions, one for Windows and another for Mac, depending on the Web browser and operating system used to download it.

    There are not many but their number keeps growing. Other Mac threats are documented in the following blog entries:

    The Trend Micro Smart Protection Network already detects OSX_LAMZEV.A and provides solutions for its cleanup and removal.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice