Mac malware Crisis can spread to different environments
Posted on 21.08.2012
Nearly a month ago a number of security companies have analyzed a new Mac Trojan that opens a backdoor into the affected computer and spies on the user by monitoring mouse coordinates, instant messenger apps, the built-in webcam and microphone, clipboard contents, pressed keys, calendar data and alerts, address book contents, URLs visited by the user, and other things.

The malware - dubbed Crisis or Morcut - was not spotted in the wild, but received by the security researcher from VirusTotal in the form of a JAR file, the analysis of which revealed that it contained a .class file named WebEnhancer, and two installers - one for Windows and the other for OS X.

Symantec's researchers have continued analyzing the file, and have recently discovered that the Windows version of the threat uses three methods to spread itself: to a removable disk drive, to a VMware virtual machine, and to a Windows Mobile device.


Unlike the majority of other malware that terminates itself when it detects a VMware virtual machine image on the compromised computer in order to avoid being analyzed, this one mounts the image and then copies itself onto the image by using a VMware Player tool.

Also, the threat is capable of spreading to Windows Mobile devices by dropping modules onto devices connected to compromised Windows computers, but does not affect Android or iPhone devices.






Spotlight

Black hole routing: Not a silver bullet for DDoS protection

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Mar 2nd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //