Safari.js Virus a MacDefender???

Senior Advisor

Safari.js Virus a MacDefender???

Hi

 

Yesterday while I am using my Linux OS, I google around.

 

And found out that there is a Safari.js file that want to download to my computer.

 

I suspected that those files are a possibilities of a MacDefender virus.

 

Are any one of these methods being used in MacDefender virus?

 

It seems like  it is attacking to Safari Javascripts exploits.

 

There is also a possibility of a iPhone exploits for these sort of virus.

 

Please take note that ....

 

Macscan.securemac.com have new updates.

 

Check out the blog from Intego.

 

http://blog.intego.com/

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert

Re: Safari.js Virus a MacDefender???

Hi Rusli,

 

I just checked with the guys in our lab. We suspect the the .js file is used by MacDefender, as part of its process, but isn't an exploit. We have seen the use of .js files in the early versions MacDefender to display animations (fake scanning) nd redirect to the actual binary. Anyway if possible we really would like to get this .js file as a sample to check out what's going on with it. If you're in posession of this file and willing to upload it to our Sample Analysis System please also enter some comments into the desired field. This way a ticket will be created and our analysts will keep you up-to-date directly:

 

https://analysis.f-secure.com/portal/login.html

 

By the way, we are already detecting the latest MacDefender version:

 

http://www.virustotal.com/file-scan/report.html?id=ded6736e4bd8744033337a6800c87ea867d632c4eeccd49b6...

1 REPLY 1
F-Secure Product Expert

Re: Safari.js Virus a MacDefender???

Hi Rusli,

 

I just checked with the guys in our lab. We suspect the the .js file is used by MacDefender, as part of its process, but isn't an exploit. We have seen the use of .js files in the early versions MacDefender to display animations (fake scanning) nd redirect to the actual binary. Anyway if possible we really would like to get this .js file as a sample to check out what's going on with it. If you're in posession of this file and willing to upload it to our Sample Analysis System please also enter some comments into the desired field. This way a ticket will be created and our analysts will keep you up-to-date directly:

 

https://analysis.f-secure.com/portal/login.html

 

By the way, we are already detecting the latest MacDefender version:

 

http://www.virustotal.com/file-scan/report.html?id=ded6736e4bd8744033337a6800c87ea867d632c4eeccd49b6...