日前 Trojan-Dropper:OSX/Revir.A 漏洞雖已被修復
但很快的Trojan-Dropper:OSX/Revir.C又出現了
MD5:7DBA3A178662E7FF904D12F260F0FFF3
The main binary
- detected as Trojan-Dropper:OSX/Revir.C .conft
- Contains an encrypted payload .confr
- contains a decoy JPG file. The first 2048 bytes
are also used as the RC4 key to decrypt the payload .cnf
- contains the filename to be used when creating the decoy file
http://goo.gl/5AERC 預防教學看看就好
http://goo.gl/YtGlR from f-secure.com
就我目前的了解這支病毒主要是攻擊jpg和pdf
這支病毒版本更新的速度還算蠻快的
還沒裝防毒和自動更新的人快裝吧有裝有安心
OSX_IMULER.C http://goo.gl/mf1eH 這支更凶還會更新
它會執行遠端惡意使用者指定的下列命令:
Take a screen shot
Update the C&C server name
List the contents of a folder and save it as /tmp/launch-0rp.dat.
Then upload the file /tmp/launch-0rp.dat.
Get the file size of a file
Download a file from a URL
Execute a command via the shell
Delete a file
Download a file and save it as /tmp/xntaskz.gz.
Decompress the downloaded file to /tmp/xntaskz.
Execute the following command:/tmp/CurlUpload -f /tmp/xntaskz
以上
--
嗨嗨每個人
我的專長:迅速解毒 當機處理 資料救援 取回帳號 系統規劃 資訊整合
系統規劃:經濟,高效能,低污染,節約能源,(降低噪音震動,電磁波,廢熱,積塵,輻射)
省空間,使用舒適感佳,溫暖的鍵盤與滑鼠 (抗手冰冷) 鄉民說收卡是為了培養EQ
--
但很快的Trojan-Dropper:OSX/Revir.C又出現了
MD5:7DBA3A178662E7FF904D12F260F0FFF3
The main binary
- detected as Trojan-Dropper:OSX/Revir.C .conft
- Contains an encrypted payload .confr
- contains a decoy JPG file. The first 2048 bytes
are also used as the RC4 key to decrypt the payload .cnf
- contains the filename to be used when creating the decoy file
http://goo.gl/5AERC 預防教學看看就好
http://goo.gl/YtGlR from f-secure.com
就我目前的了解這支病毒主要是攻擊jpg和pdf
這支病毒版本更新的速度還算蠻快的
還沒裝防毒和自動更新的人快裝吧有裝有安心
OSX_IMULER.C http://goo.gl/mf1eH 這支更凶還會更新
它會執行遠端惡意使用者指定的下列命令:
Take a screen shot
Update the C&C server name
List the contents of a folder and save it as /tmp/launch-0rp.dat.
Then upload the file /tmp/launch-0rp.dat.
Get the file size of a file
Download a file from a URL
Execute a command via the shell
Delete a file
Download a file and save it as /tmp/xntaskz.gz.
Decompress the downloaded file to /tmp/xntaskz.
Execute the following command:/tmp/CurlUpload -f /tmp/xntaskz
以上
--
嗨嗨每個人
我的專長:迅速解毒 當機處理 資料救援 取回帳號 系統規劃 資訊整合
系統規劃:經濟,高效能,低污染,節約能源,(降低噪音震動,電磁波,廢熱,積塵,輻射)
省空間,使用舒適感佳,溫暖的鍵盤與滑鼠 (抗手冰冷) 鄉民說收卡是為了培養EQ
--
All Comments