Re: 14 antivirus apps found to have security problems.

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Details:- http://securityaffairs.co/wordpress/7942/intelligence/davinci-code-surveillance-business-eligibility...

 

No doubts, one of the most advanced cyber threat to the technological evolution is the malware diffusion, we read daily news regarding new unknown agents developed by cybercriminals, governments or hacktivists, but are we really ready to reduce the exposure of our resources? Some weeks ago a news has passed without  too much noise but I believe it is really interesting that’s why I decided to propose it. Doctor Web firm, a Russian anti-virus company, has detected a cross-platform Trojanhorse that is able to gain full control of its victims and it is also able to can render the system unusable. The agent, named dubbed BackDoor.DaVinci.1, runs both in Windows and Mac OS X and what is singular is the characteristics of the Mac OS X release that for the first time implements rootkit technologies to hide malware processes and files.

The first question is … who has developed the backdoor?

According the info available on internet, the trojan has been designed by the Italian HackingTeam, a security firm  which is specialized in the development of offensive solutions for cyber investigations, on its web site it is possible to find the following description of the debated product:

In modern digital communications, encryption is widely employed to protect users from eavesdropping. Unfortunately, encryption also prevents law enforcement and intelligence agencies from being able to monitor and prevent crimes and threats to the country security. Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable. For Governmental LEAs and Agencies ONLY.

For the record the name of HackingTeam was published in the SpyFiledossier, published by Wikileaks’s Team, on the technologies developed for surveillance and control of communication channels.

The malware appears as very smart agent that is able to hide its presence to security systems  and is also able to infect mobiledevices, it’s spread as a signed AdobeFlashPlayer.jar file, obviously the for the signature it has been used an invalid digital certificate. The file is used to analyze the OS version of victim and execute malicious code.

The malware, following a valid design, is modular and its core components are represented by the backdoor module and a set of drivers that make possible the operation in hidden mode, all the instances of the malware share the same configuration settings stored in a dedicated file and it is equipped with a large collection of module to elude anti-virus software and firewalls. After Dr. Web other security firms have detected the cyber espionage tool giving it different name, for example Kaspersky lab team named it Morkut providing a first analysis on a blog post. According to Mikko Hypponen (F- Secure) Tweet…

“The Mac backdoor in the news (DaVinci/Morcut/Crisis/Flosax) is a commercial espionage trojan, and openly advertised on www.hackingteam.it”

 

  The developers of the BackDoor.DaVinci.1 sustain that their product is able to elude any anti-virus program but Dr.Web antivirus is able to detect it … we can bet that the game of “cops and robbers” is begun and the group of the HackingTeam is already working to introduce improvements that can make their malware is not really noticeable. TheDaVinci backdoor is not a common malware released in the wild without control but it is a commercial surveillance Trojan sold mainly to governments, it is used to monitor thousands of people all over the world. Of course the product of the Italian firm is not the only one, to provide an example we can remind the FinFisherproduct developed by Gamma company, similar products have been used by law enforcement and also by autoritarist regime such as Egypt and Bahrain and governments such has the German one. Their use is becoming really frequent and the thought that a maliciuos agent could violate computer defense for espionage but also for offensive purposes is not very reassuring.

Once released their software these companies are actually able to control the diffusion of the malware? What could happen if a foreign government or a group of cyber criminals make a reverse engineering of the products, developing its own malware resulting no easily identifiable that could be used for cyber espionage on a large scale? Are we really ready to this?

Unfortunately, although similar instruments designed for justifiable, such as support for investigations and prevention of crime and terrorism, are too easily sold to governments that use them bloodthirsty for tracking and persecution of dissidents. It should be mentioned that in court similar tools could not to be admitted as evidence in any way the provider must ensure that the instrument will not alter nature of information and the operation of the device put under control. I state that I’m not discussing on the the specific case, but it is evident that in the course of proceedings by authorities, the information collected may not be deemed reliable for some legal loopholes. The very fact that a trojan alters the nature of the system that infect, lead to rejection of the judges of the gathered evidence, the lawyers often sustain that once compromised a PC is impossible to guarantee that the data collected from a chat are legitimate and not deliberately inserted by the malware. The EU Council has recently recommended that Member States should strive for the examination of computer remotely suspicious, but there are still too many unresolved technical and legal aspects. The experience that Germany has done in his attempt to regulate the use of tools “remote forensics” by those who must enforce the law is helpful in this regard. The new generation of technologies, such as software agents, and Trojan, has unique features that distinguishes it from existing technologies currently used in the investigation.

During the investigation, these technologies can act independently. Their autonomous decision-making enables them to replace at least some of the functions previously performed by a human, and without the direct supervision of a human controller. This raises the question whether the rules that give human rights to officials can be applied by analogy to software agents, and if the rules are intended to limit the interference of the police citizen’s rights can be circumvented by using technology (Schafer, 2006) .

Another problem … companies that provide free anti-virus and those that provide the control systems are not necessarily in the same jurisdiction of the entity to control, causing conflicts with the relevant privacy laws. How should the person carrying out investigations in relation to suppliers of antivirus? Ask for their cooperation or proceeding seeking to evade them? At the moment it would seem that the second road traveled, at least by German governmnt (BT-Drucksache 16/4995).

Other question … The data collection is automated, no human subject will decide which data will be relevant and should be copied, but this may involve the collection of any data recorded on the computer that is irrelevant to the investigation.
These data could be potentially problematic and highly sensitive data, such as medical and health information, and therefore protected from investigations that the authorities can not analyze and use.

A judgment of the German Federal Supreme Court has established as a requirement for the use of RFS tools by law enforcement agencies for the custody of the selection process is conducted by an investigating judge, a state prosecutor or a bailiff (BVerfG, NJW 2008, 822), but the German judicial system does not have sufficient human resources.

Traditionally, forensic investigations computers are taken off-line to ensure that there aren’t changes and that the object of investigation is in the same condition when the evidence is admitted, as when the crime has found place.

The use of a trojan for investigations requires the authorities to reach from the remote target machines which, however, remain in the control of the suspect and remain connected to the network before, during and after the operations of inspectioning.

Thus the problem of acquisition of the test using RFS tools that not only is the original source (the computer) has not been subjected to seizure, but this is not a static environment, yet flexible, which can be manipulated. As a general rule, evidence obtained from an unsecure network, such as the Internet, can always be subject to a challenge to its authenticity and reliability.

The attempt to subject to statutory regulation the use of malware for investigation produces new ambiguity, it must be promoted a common approach applicable to the entire class of investigative technologies.

The debate is open, there are many doubts, but there is no ambiguity that these agents have efficacy for those governments who want to spy on and pursue their opponents … from a ethical point of view there is much to discuss, but this is not the appropriate forum.

Pierluigi Paganin

 

 

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Senior Advisor

Re: 14 antivirus apps found to have security problems.

My own information gatherings.

 

More sources from Kaspersky Labs.

 

http://securelist.com/?s=osx&x=0&y=0&search_nonce=48c2b9fcd1&_wp_http_referer=%2Fencyclopedia%2F

 

Story on Remote Control System by the Hacking Team.

 

http://securelist.com/blog/mobile/63693/hackingteam-2-0-the-story-goes-mobile/

 

Don't be surprise they have these servers cover all over the world. Thru out Asia, Middle East, Europe, America, Canada, South America.

 

Base on Davinci Malware Spyware For Law Enforcement by the Hacking Team

 

http://securelist.com/analysis/publications/37064/spyware-hackingteam/

 

Adobe Flash player exploits by the Hacking team

 

List of active C2s on 19.06.2014:

  • 50.63.180.***
  • 146.185.30.***
  • 204.188.221.***
  • 91.109.17.***
  • 106.186.17.***
  • 119.59.123.***
  • 95.141.46.***
  • 192.71.245.***
  • 106.187.99.***
  • 93.95.219.***
  • 106.187.96.***
  • 124.217.245.***
  • 23.92.30.***
  • 82.146.58.***
  • 93.95.219.***
  • 209.59.205.***

RCS modules (using Kaspersky Lab's classification names):

Senior Advisor

Re: 14 antivirus apps found to have security problems.

These companies are making multibillion dollars in selling malwares to the government in many countries.

 

They are setting up servers and building networks.

 

They infected many mobile telecommunications, computer networks,etc...

 

You will never know what comes next.

 

The power grid. Like Stuxnet.

 

Disruption subways.

 

Maybe next will be controlling Military Organisations Operations.

 

That will be their next target in making money organisations for their gains!

 

At end the of day. Who is controlling who??

 

They got nothing better things to do!!!

 

This things are real!

 

 

 

 

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Another infos from Symantec and McAfee Antivirus for Mac.

 

See the reference link:-

 

http://www.symantec.com/en/sg/security_response/writeup.jsp?docid=2012-072605-1811-99&tabid=2

 

Discovered: 25 July 2012 Updated: 30 November 2012 7:27:01 AM Also Known As: OSX_MORCUT.A [Trend] Type: Trojan Infection Length: Varies Systems Affected: Mac OS X
When the Trojan is executed, it creates the following directories and files:

    /System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server
    /System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/
    $HOME/Library/LaunchAgents/com.apple.mdworker.plist
    $HOME/Library/Preferences/jl3V7we.app
    $HOME/Library/ScriptingAdditions/appleHID/Contents/Info.plist
    $HOME/Library/ScriptingAdditions/appleHID/Contents/MacOS/lUnsA3Ci.Bz7
    $HOME/Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r


The Trojan then opens a back door on the compromised computer by connecting to the following location and awaits commands from the remote attacker:
176.58.[REMOVED]

It then modifies several applications in order to monitor the user's activities when using the following applications:

    Adium
    Skype
    Microsoft Messenger
    Firefox


It may also perform the following actions:

    Monitor Skype Audio traffic
    Monitor Safari or Firefox to record websites and capture screenshots
    Record conversations in MS Messenger and Adium
    Send files to the command and control server

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
    Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
    Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
    Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
    Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
    If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
    Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
    Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
    Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
    If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection requ Description

    This is a Trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc


    Aliases:
        Ikarus     -  Backdoor.OSX.Morcut
        Kaspersky  - Backdoor.OSX.Morcut.a
        Sophos     -     OSX/Morcut-A
        Emsisoft   - Backdoor.OSX.Morcut!IK
        Symantec - OSX.Crisis
    Indication of InfectionPresence of above mentioned activities Methods of InfectionTrojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
    Back to Top
    est. Do not accept applications that are unsigned or sent from unknown sources.
    For further information on the terms used in this document, please refer to the Security Response glossary.

 

Virus Characteristics

"OSX/Morcut" is a backdoor and rootkit combination installed by a cross-platform Java application which may pretend to be an Adobe updater when downloaded and runs as "Web Enhancer".

It also opens up a port and connects to a remote server for instructions and updates.

"OSX/Morcut" is persistent across reboots.

Upon successful installation on a machine, it will inject itself into a number of programs to spy on the infected user’s activity.  These applications include popular ones like:

        Skype
        MSN Messenger
        Adium
        Firefox

In addition to tracking all activity within the programs listed above, OSX/Morcut allows an attacker to monitor and/or control the following operations:

        Mouse position
        Location
        Internal Webcam & Microphone
        Clipboard Contents
        Key strokes
        Running applications
        Web addresses
        Screenshots
        Calendar Data & Alerts
        Device Information
        Address Book Contact Information

http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1359576#none

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Clamav Search Database....

 

http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=osx&search-type=contains&case-sensitivity=No...

 

ClamAV Virus Database Search Search for: begins withcontainsexactregex
Case-sensitive search: YesNo
Search database(s): DailyMain
Display results: DatabaseFileVirus NameSignature


Search results:

daily.cvd      not-OSX.Tored                                
daily.cvd      Osx.Exploit.Iosjailbreak-1                   
daily.cvd      Osx.Trojan.MW2004                            
daily.cvd      Osx.Adware.ClickAgent                        
daily.cvd      Osx.Trojan.RSPlug-1                          
daily.cvd      OSX.Defma                                    
daily.cvd      MacOSX.Revir-1                               
daily.cvd      OSX.BlackHol                                 
daily.cvd      OSX.BlackHol-1                               
daily.cvd      OSX.Trojan.Iumler-1                          
daily.cvd      OSX.Trojan.Imuler-1                          
daily.cvd      Osx.Exploit.CVE_2009_0563.Gen                
daily.cvd      Osx.Trojan.CVE_2009_0563.Gen                 
daily.cvd      Osx.Trojan.Lamzev-2                          
daily.cvd      Osx.Worm.Niqtana-11                          
daily.cvd      Osx.Exploit.Small-1                          
daily.cvd      Osx.Backdoor.Blackhole-2                     
daily.cvd      Osx.Virus.Generic-1                          
daily.cvd      Osx.Trojan.Typeagnet-1                       
daily.cvd      Osx.Backdoor.Olyx-2                          
daily.cvd      Osx.Trojan.Spynion-1                         
daily.cvd      Osx.Trojan.Gaslome-1                         
daily.cvd      Osx.Trojan.Flashback-21                      
daily.cvd      Osx.Trojan.Flashback-27                      
daily.cvd      Osx.Adware.Hoax-1                            
daily.cvd      Osx.Trojan.Logkext-2                         
daily.cvd      Osx.Trojan.Fakealert-9                       
daily.cvd      Osx.Trojan.Defma-1                           
daily.cvd      Osx.Backdoor.Lamadai-2                       
daily.cvd      Osx.Backdoor.Olyx-3                          
daily.cvd      Osx.Adware.Imunizator-1                      
daily.cvd      Osx.Trojan.Flashback-17                      
daily.cvd      Osx.Trojan.Flashback-29                      
daily.cvd      Osx.Trojan.Devilrobber-4                     
daily.cvd      Osx.Backdoor.Getshell-5                      
daily.cvd      Osx.Trojan.Morcut-8                          
daily.cvd      Osx.Trojan.Finspy-1                          
daily.cvd      Osx.Trojan.Krowi-3                           
daily.cvd      Osx.Trojan.Imunizator-1                      
daily.cvd      Osx.Trojan.Codecm-1                          
daily.cvd      Osx.Backdoor.Imuler-3                        
daily.cvd      Osx.Trojan.Muxler-2                          
daily.cvd      Osx.Backdoor.Getshell-4                      
daily.cvd      Osx.Backdoor.Docster-3                       
daily.cvd      Osx.Backdoor.Wirenet-5                       
daily.cvd      Osx.Backdoor.Docster-2                       
daily.cvd      Osx.Backdoor.Blackhole-1                     
daily.cvd      Osx.Keylogger.Monitor-5                      
daily.cvd      Osx.Trojan.Muxler-3                          
daily.cvd      Osx.Backdoor.Reshe-1                         
daily.cvd      Osx.Trojan.Yontoo-8                          
daily.cvd      Osx.Trojan.Fakealert-5                       
daily.cvd      Osx.Trojan.Fakealert-6                       
daily.cvd      Osx.Backdoor.Hackback-4                      
daily.cvd      Osx.Trojan.Yontoo-11                         
daily.cvd      Osx.Trojan.Flashback-23                      
daily.cvd      Osx.Trojan.Baoba-1                           
daily.cvd      Osx.Backdoor.Hacktool-1                      
daily.cvd      Osx.Trojan.Morcut-5                          
daily.cvd      Osx.Trojan.Morcut-7                          
daily.cvd      Osx.Virus.Zako-2                             
daily.cvd      Osx.Virus.Zako-3                             
daily.cvd      Osx.Trojan.Monitor-5                         
daily.cvd      Osx.Trojan.Getshell-1                        
daily.cvd      Osx.Trojan.Musminim-2                        
daily.cvd      Osx.Backdoor.Hackback-5                      
daily.cvd      Osx.Backdoor.Kitm-2                          
daily.cvd      Osx.Backdoor.Kitm-3                          
daily.cvd      Osx.Backdoor.Hackback-3                      
daily.cvd      Osx.Trojan.Hoax-1                            
daily.cvd      Osx.Backdoor.Wirenet-4                       
daily.cvd      Osx.Trojan.Flashback-18                      
daily.cvd      Osx.Trojan.Flashback-25                      
daily.cvd      Osx.Trojan.Monitor-3                         
daily.cvd      Osx.Trojan.Demo-1                            
daily.cvd      Osx.Backdoor.Wirenet-3                       
daily.cvd      Osx.Trojan.Fakecodecs-1                      
daily.cvd      Osx.Backdoor.Getshell-3                      
daily.cvd      Osx.Trojan.Flashback-19                      
daily.cvd      Osx.Trojan.Favdonw-1                         
daily.cvd      Osx.Keylogger.Monitor-3                      
daily.cvd      Osx.Trojan.Logkext-3                         
daily.cvd      Osx.Backdoor.Leverage-1                      
daily.cvd      Osx.Keylogger.Generic-1                      
daily.cvd      Osx.Backdoor.Lamadai-3                       
daily.cvd      Osx.Trojan.Zako-3                            
daily.cvd      Osx.Backdoor.Icefog-7                        
daily.cvd      Osx.Trojan.Yontoo-9                          
daily.cvd      Osx.Backdoor.Icefog-4                        
daily.cvd      Osx.Backdoor.Icefog-5                        
daily.cvd      Osx.Backdoor.Icefog-6                        
daily.cvd      Osx.Trojan.Boonana-5                         
daily.cvd      Osx.Trojan.Monitor-4                         
daily.cvd      Osx.Trojan.Boonana-4                         
daily.cvd      Osx.Trojan.Flashback-31                      
daily.cvd      Osx.Trojan.Yontoo-10                         
daily.cvd      Osx.Trojan.Flashback-22                      
daily.cvd      Osx.Trojan.Flashback-28                      
daily.cvd      Osx.Trojan.Zako-2                            
daily.cvd      Osx.Backdoor.Morcut-12                       
daily.cvd      Osx.Keylogger.Monitor-4                      
daily.cvd      Osx.Virus.Monitoring-1                       
daily.cvd      Osx.Backdoor.Imuler-2                        
daily.cvd      Osx.Adware.Codecm-1                          
daily.cvd      Osx.Trojan.Perfect-1                         
daily.cvd      Osx.Trojan.Bure-1                            
daily.cvd      Osx.Trojan.Morcut-6                          
daily.cvd      Osx.Trojan.Longage-1                         
daily.cvd      Osx.Adware.Geonei-9                          
daily.cvd      Osx.Adware.Geonei-5                          
daily.cvd      Osx.Backdoor.Morcut-8                        
daily.cvd      Osx.Adware.Generic-1                         
daily.cvd      Osx.Adware.Geonei-7                          
daily.cvd      Osx.Adware.Geonei-6                          
daily.cvd      Osx.Trojan.Flashback-24                      
daily.cvd      Osx.Trojan.Flashback-26                      
daily.cvd      Osx.Trojan.Fakealert-8                       
daily.cvd      Osx.Trojan.Flashback-16                      
daily.cvd      Osx.Adware.Geonei-8                          
daily.cvd      Osx.Trojan.Krowi-2                           
daily.cvd      Osx.Trojan.Laoshu-1                          
daily.cvd      Osx.Backdoor.Morcut-7                        
daily.cvd      Osx.Backdoor.Morcut-10                       
daily.cvd      Osx.Backdoor.Morcut-11                       
daily.cvd      Osx.Trojan.Flashback-20                      
daily.cvd      Osx.Trojan.Flashback-30                      
daily.cvd      Osx.Trojan.Fakealert-7                       
daily.cvd      Osx.Trojan.Morcut-4                          
daily.cvd      Osx.Backdoor.Morcut-13                       
daily.cvd      Osx.Trojan.LaoShu-2                          
daily.cvd      Osx.Trojan.Blackhole-2                       
daily.cvd      Osx.Trojan.PokerStealer                      
daily.cvd      Osx.Worm.Leap                                
daily.cvd      Osx.Trojan.LoseLose                          
daily.cvd      Osx.Keylogger.Logkext-5                      
daily.cvd      OSX.Trojan.KitM-1                            
daily.cvd      Osx.Trojan.Janicab-2                         
daily.cvd      Osx.Trojan.Janicab.Gen-1                     
daily.cvd      Osx.Trojan.Janicab.Gen-2                     
daily.cvd      Osx.Trojan.Lamzev                            
daily.cvd      Osx.Trojan.Olyx.A                            
daily.cvd      Osx.Trojan.Icefog                            
daily.cvd      Osx.Trojan.Icefog-1                          
daily.cvd      Osx.Trojan.Yontoo-6                          
daily.cvd      Osx.Trojan.Yontoo-7                          
daily.cvd      Osx.Trojan.Yontoo-5                          
daily.cvd      Osx.Trojan.Okaz-4                            
daily.cvd      Osx.Trojan.Pintsized-2                       
daily.cvd      Osx.Trojan.CallMe                            
daily.cvd      Osx.Trojan.Netweird                          
daily.cvd      Osx.Trojan.Boaba                             
daily.cvd      Osx.Trojan.Janicab-3                         
daily.cvd      Osx.Trojan.Olyx                              
daily.cvd      Osx.Keylogger.LogKext-4                      
daily.cvd      Osx.Trojan.Genieo-1                          
daily.cvd      Osx.Trojan.Imuler-2                          
daily.cvd      Osx.Trojan.Imuler-3                          
daily.cvd      Osx.Trojan.Imuler-4                          
daily.cvd      Osx.Trojan.Hovdy                             
daily.cvd      Osx.Trojan.HellRaiser                        
daily.cvd      Osx.Trojan.Renepo                            
daily.cvd      Osx.Trojan.Renepo-1                          
daily.cvd      Osx.Trojan.Jacksbot-2                        
daily.cvd      Osx.Trojan.Jacksbot-3                        
daily.cvd      Osx.Virus.Macarena                           
daily.cvd      Osx.Trojan.Weaponx-1                         
daily.cvd      Osx.Exploit.CVE_2006_0848                    
daily.cvd      Osx.Trojan.Weaponx-2                         
daily.cvd      Osx.Trojan.Okaz-9                            
main.cvd       OSX.RSPlug                                   
main.cvd       Trojan.OSX.iservices.A                       
main.cvd       Trojan.OSX.iservices.B                       
main.cvd       OSX.DNSChanger.dmg                           
main.cvd       OSX.DNSChanger.dmg-1                         
main.cvd       Trojan.OSX.RSPlug.F.dmg                      
main.cvd       Trojan.OSX.RSPlug.F.dmg-1                    
main.cvd       Trojan.OSX.RSPlug.F.dmg-2                    
main.cvd       Trojan.OSX.RSPlug.F.dmg-3                    
main.cvd       Trojan.OSX.RSPlug.F.dmg-4                    
main.cvd       Trojan.OSX.RSPlug.F.dmg-5                    
main.cvd       Trojan.OSX.RSPlug.G.dmg                      
main.cvd       Trojan.OSX.RSPlug.G                          
main.cvd       Exploit.OSX.Safari                           
main.cvd       Trojan.OSX.Cowhand                           
main.cvd       Backdoor.OSX.BlackHole                       
main.cvd       Trojan.Downloader.OSX                        
main.cvd       OSX.Flashback                                
main.cvd       Trojan.Downloader.OSX-1                      
main.cvd       OSX.Flashback-1                              
main.cvd       OSX.Flashback-3                              
main.cvd       OSX.Flashback-2                              
main.cvd       OSX.Flashback-4                              
main.cvd       Trojan.OSX.Miner                             
main.cvd       OSX.Flashback-6                              
main.cvd       OSX.Flashback-7                              
main.cvd       OSX.Flashback-17                             
main.cvd       OSX.Flashback-18                             
main.cvd       OSX.Flashback-15                             
main.cvd       OSX.Flashback-16                             
main.cvd       Adware.OSX                                   
main.cvd       OSX.Flashfake.Java                           
main.cvd       Trojan.OSX.FlashBack-2                       
main.cvd       OSX.Trojan.Yontoo                            
main.cvd       Osx.Exploit.CVE_2009_0563                    
main.cvd       OSX.Trojan.FkCodec.A                         
main.cvd       OSX.DNSChanger                               
main.cvd       OSX.Trojan-2                                 
main.cvd       Trojan.OSX.Opener                            
main.cvd       Trojan.OSX.RSPlug.C                          
main.cvd       Trojan.OSX.RSPlug.D                          
main.cvd       OSX.Tored                                    
main.cvd       OSX.RSPlug-2                                 
main.cvd       Trojan.OSX.OpinionSpy.B                      
main.cvd       Trojan.OSX.OpinionSpy.A                      
main.cvd       Trojan.OSX.MacDefender                       
main.cvd       Trojan.OSX.MacDefender.B                     
main.cvd       Trojan.OSX.MacDefender.C                     
main.cvd       OSX.Defma-1                                  
main.cvd       OSX.Defma-2                                  
main.cvd       Trojan.OSX.MacBack                           
main.cvd       Trojan-Downloader.OSX.Fav.A                  
main.cvd       Trojan-Downloader.OSX.Fav.B                  
main.cvd       MacOSX.iMuler-1                              
main.cvd       Trojan.OSX.FlashBack.A                       
main.cvd       OSX.DevilRobber                              
main.cvd       OSX.Flashback-5                              
main.cvd       Trojan.OSX.Imuler                            
main.cvd       OSX.Word.Malware                             
main.cvd       OSX.Word.Malware-1                           
main.cvd       OSX.Flashback-8                              
main.cvd       OSX.Flashback-10                             
main.cvd       OSX.Flashback-12                             
main.cvd       OSX.Flashback-9                              
main.cvd       OSX.Flashback-13                             
main.cvd       OSX.Flashback-14                             
main.cvd       OSX.Flashfake                                
main.cvd       OSX.SubPub                                   
main.cvd       OSX.Flashback-19                             
main.cvd       OSX.Flashback-20                             
main.cvd       OSX.Maljava                                  
main.cvd       OSX.Flashback-21                             
main.cvd       OSX.Flashfake-1                              
main.cvd       OSX.Flashfake-2                              
main.cvd       OSX.Flashback-22                             
main.cvd       Trojan.OSX.Crisis.A                          
main.cvd       Trojan.OSX.Crisis.B                          
main.cvd       OSX.Trojan.Crisis                            
main.cvd       OSX.Trojan.Crisis-1                          
main.cvd       OSX.Trojan.Crisis-2                          
main.cvd       OSX.Trojan.HellRTS                           
main.cvd       OSX.Trojan.Musminim                          
main.cvd       Trojan.OSX.AppleScriptTHT.A                  
main.cvd       Trojan.OSX.Morcut.A                          
main.cvd       Trojan.OSX.DevilRobber.A                     
main.cvd       Trojan.OSX.Miner.A                           
main.cvd       Trojan.OSX.Dockster.A                        
main.cvd       Trojan.OSX.Dockster.B                        
main.cvd       Trojan.OSX.Darkoperator.A                    
main.cvd       Trojan.OSX.Hellraiser.A                      
main.cvd       Trojan.OSX.Inqtana.A                         
main.cvd       Trojan.OSX.iServices.C                       
main.cvd       Trojan.OSX.iServices.D                       
main.cvd       Trojan.OSX.iMunizator.A                      
main.cvd       Trojan.OSX.FkCodec.A                         
main.cvd       Trojan.OSX.FkCodec.B                         
main.cvd       Trojan.OSX.FkCodec.C                         
main.cvd       Trojan.OSX.Renepo.H                          
main.cvd       Trojan.OSX.RSPlug.I                          
main.cvd       Trojan.OSX.RSPlug.J                          
main.cvd       Trojan.OSX.RSPlug.K                          
main.cvd       Trojan.OSX.RSPlug.L                          
main.cvd       Trojan.OSX.Netweird.A                        
main.cvd       VirTool.OSX.Rubilyn.A                        
main.cvd       VirTool.OSX.Rubilyn.B                        
main.cvd       Trojan.OSX.SMSsend.A                         
main.cvd       OSX.Trojan.Pintsized                         
main.cvd       OSX.Trojan.Pintsized-1                       

277 hits for 'osx'

Senior Advisor

Re: 14 antivirus apps found to have security problems.

See this ....!!!!

 

http://macviruscom.wordpress.com/apple-malware-timeline/

 

OSX/Crisis, Mountain Lion security, Safari vulnerabilities and a BIOS blast from the past
PoC EFI rootkit:

July 2012 at Black Hat: EFI rootkit for Macs demonstrated
Sources and resources:

    OS X Exploits and Defense, by Paul Baccas, Kevin Finisterre, David Harley, Larry H., Gary Porteus (published by Syngress)
    Viruses Revealed, by David Harley, Robert Slade, Urs Gattiker (published by Osborne/McGraw-Hill)
    Viruses and the Mac FAQ, by David Harley (Mac Virus): not currently available due to the need for extensive updating.
    Macs and Macros: the State of the Macintosh Nation by David Harley (paper and presentation for Virus Bulletin)
    Perception, Security, and Worms in the Apple by David Harley, Pierre-Marc Bureau and Andrew Lee (paper and presentation for EICAR: the presentation is available here).
    The AVIEN Malware Defense Guide for the Enterprise, by David Harley, Ken Bechtel, Michael Blanchard, Henk K. Diemer, Andrew Lee, Igor Muttik, Bojan Zdrnja, Robert Vibert, Judith Harley, Ken Dunham, Paul O. Baccas, Tony Bradley, Enrique Gonzalez, David Phillips, Paul Schmehl, James Wolfe. Published by Syngress.
     Methusela Cebrian Ferrer. (2009) A Closer Look at Mac OS X Threats. Virus Bulletin Conference Proceedings (pp153-164): Virus Bulletin.
    Graham Cluley (2010-2011) History of Mac malware: 1982 – 2011 and Apple Mac malware: A short history (1982-2010): Naked Security website

*I just noticed a visual glitch in the ESET page that only shows up if you use Internet Explorer 10 (and possibly 9: I don’t have that to hand to test with, but I couldn’t reproduce it on a system with IE 8). I’ve mentioned it to ESET, so by the time you read this it may already be gone. In any case, clicking the compatibility view button on the address bar should fix it.

 

 

See the Youtube video on Blackhat EFI Mac malware:- (you can google search it for a pdf file on it)

 

http://www.youtube.com/watch?v=W21ZIaKf5HA

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Senior Advisor

Re: 14 antivirus apps found to have security problems.

Novice

Re: 14 antivirus apps found to have security problems.

Im going thru the same crap...ive lost control of all my computers tablets cell phones even on this prepaid one and the lasw is nuts. my guy is an analyer for google...they do the coding crap so you cant control your own stuff and they think its funny but i think they are sick!