And so it begins... Mac OS SX Virus infection

[zodraz]

I guess the popularity of the Mac is bringing the hackers to attention.

(1.2 Ghz, Dual, XBoot only, OS 10.28)

This morning when I woke up my Mac I got two Norton Antivirus Alerts:

1) Adobe Photoshop 7 was infected with a Trojan horse. It has been deleted.

2) Adobe "Keygen(Works Fo" was infected with Backdoor.Litmus.Gen.  It has been deleted.


Holy Cramp!

I just went to Norton's site which had little to say about it.

I'm switching my virus detection to scan my drives every night now, as opposed to over the weekend. And maybe kick up the scanning to higher level (if I can stand the performance hit).


     

[pendragon]

for the alert.  It's best to know when the bad guys (and gals) are mucking about.

Harv

[RobW]

Humm, I've not used an anti-virus program since I moved to OSX last December. Guess maybe I need to start thinking about this again.  

Harv, I don't recall--are you using Norton??

[pendragon]

Rob, Yes, I use NAV v9.0. It is however, the only Norton product I am presently using.

Harv

[zodraz]

Scary part is, if it snuck in an email I'll have to alert our I.T. department, since all email goes through a antivirus screening (OutLook Exchange server, McAffee anti virus). This really concerns me, as they as they are M$ only, and I reallly don't want to fuel any fires about Mac vs PCs.

Since both viruses were in Photoshop, I wonder if it was an infected picture file.

I've contacted our contracted Mac support folks too.

I'lll let you know what comes of it.

[Paddy]

Backdoor.litmus.gen IS the trojan horse, and none of the "Backdoor.litmus" trojans for which there are info (there are a number of variants) on Symantec's site affect Macs or UNIX. So, I suspect that while you may indeed have the file floating around, it probably wasn't capable of doing any damage.  The only info on Google on this particular variant was in other languages, but what little I did find, clearly referred to PC's only.

Given the file you've referenced, I'm wondering if it has anything to do with this:

http://securityresponse.symantec.com/avcen...w.shower.l.html

Why would you have an Adobe keygen file on your machine? Sounds like something that got there from KaZaa, perhaps unbeknownst to you.

My somewhat puzzled 2¢.

[bobw]

Backdoor.Litmus is a backdoor Trojan horse that can give a hacker access to the computer. Like many other backdoor Trojans, Backdoor.Litmus is controlled by the hacker using IRC channels.

Can't hurt OS X.

http://www.symantecantivirus.com/avcenter/...oor.litmus.html

[Mayo]

Just to be clear about this, my understanding is that there are no active viruses capable of infecting OS X Macs.  Is this incorrect?

[bobw]

That's correct. There are no viruses, at this time, that can harm a Mac OS X system.

[Mayo]

That's what I thought.  The article I read stated that Unix is particularly difficult to hack, and that virus spreaders also like to infect a large number of computers, which makes Windows the ideal target.

What amazes me is that Apple does not use the virus issue in its advertising.  I would be willing to bet that there are more than a few Windows users that are getting fed up with cleaning up infected machines and downloading myriad security fixes from M$.

If anyone has different or supplemental info, a link to its source would be nice.  Unfortunately, I cannot recall where I read the article that I am referring to...

[cdub1988]

Most of the stuff I've seen has been related to things running on top of *nix, like holes in Sendmail, Apache and PHP.

Haven't seen anything that sticks out that affects BSD, though.

Take care, all.

Chris

[bobw]

Probably the main reason there aren't any viruses for OS X is that the market share is way to small to attrack hackers, and X is a much more secure system than an MS System.

[zodraz]

Not much  luck on finding info specific to backdoor.litmus.gen.

This site does list it:  http://www.vogon-international.us/virus-re...overy-enc-b.htm but provides no info.

Symantic does have this info on "backdoor.litmus" :

Backdoor.Litmus is a backdoor Trojan horse that can give a hacker access to the computer. Like many other backdoor Trojans, Backdoor.Litmus is controlled by the hacker using IRC channels.

Type: Trojan Horse

             
Releases confidential info: Stored passwords can be retrieved by the hacker.                
Compromises security settings: Other malicious software can be installed on the compromisd system.                

 
 When Backdoor.Litmus is run, it creates a copy of itself as %Windows%\Litmus\Msgsrv16.exe.
 
 NOTE: %Windows% is a variable. The worm locates the \Windows folder (by default this is C:\Windows or C:\Winnt) and copies itself to that location.
 
 Once a computer is compromised, the hacker can perform actions such as the following:
Upload files
Execute files
Perform file management
Use the compromised computer as a robot on IRC
Steal passwords
Remotely manage the installation of the backdoor

I still don't get how it ended up in my Photoshop application. I don't use Kaa Zaa, or any file shareing service.

I DID download the Adobe Illustrator 10 update using Safari the day before. But that could be coincedence.

I'm glad it can't mess with my computer!


     

[()]

I'm not worried at all about a virus, i already had my flu shot (LOL)

I don't use the PC too often due to the slowness of a 2.4 P4 processor that seems to need a M$ update on a daily basis.

I suppose M$ needs to get on their feet and actully do some work for a change and redisgn M$ altogether.

M$ just sucks!

OS X for Mac rules!