新病毒出現 快裝防毒軟體吧 !! - MAC
By Hedy
at 2012-03-28T11:05
at 2012-03-28T11:05
Table of Contents
日前 Trojan-Dropper:OSX/Revir.A 漏洞雖已被修復
但很快的Trojan-Dropper:OSX/Revir.C又出現了
MD5:7DBA3A178662E7FF904D12F260F0FFF3
The main binary
- detected as Trojan-Dropper:OSX/Revir.C .conft
- Contains an encrypted payload .confr
- contains a decoy JPG file. The first 2048 bytes
are also used as the RC4 key to decrypt the payload .cnf
- contains the filename to be used when creating the decoy file
http://goo.gl/5AERC 預防教學看看就好
http://goo.gl/YtGlR from f-secure.com
就我目前的了解這支病毒主要是攻擊jpg和pdf
這支病毒版本更新的速度還算蠻快的
還沒裝防毒和自動更新的人快裝吧有裝有安心
OSX_IMULER.C http://goo.gl/mf1eH 這支更凶還會更新
它會執行遠端惡意使用者指定的下列命令:
Take a screen shot
Update the C&C server name
List the contents of a folder and save it as /tmp/launch-0rp.dat.
Then upload the file /tmp/launch-0rp.dat.
Get the file size of a file
Download a file from a URL
Execute a command via the shell
Delete a file
Download a file and save it as /tmp/xntaskz.gz.
Decompress the downloaded file to /tmp/xntaskz.
Execute the following command:/tmp/CurlUpload -f /tmp/xntaskz
以上
--
嗨嗨每個人
我的專長:迅速解毒 當機處理 資料救援 取回帳號 系統規劃 資訊整合
系統規劃:經濟,高效能,低污染,節約能源,(降低噪音震動,電磁波,廢熱,積塵,輻射)
省空間,使用舒適感佳,溫暖的鍵盤與滑鼠 (抗手冰冷) 鄉民說收卡是為了培養EQ
--
但很快的Trojan-Dropper:OSX/Revir.C又出現了
MD5:7DBA3A178662E7FF904D12F260F0FFF3
The main binary
- detected as Trojan-Dropper:OSX/Revir.C .conft
- Contains an encrypted payload .confr
- contains a decoy JPG file. The first 2048 bytes
are also used as the RC4 key to decrypt the payload .cnf
- contains the filename to be used when creating the decoy file
http://goo.gl/5AERC 預防教學看看就好
http://goo.gl/YtGlR from f-secure.com
就我目前的了解這支病毒主要是攻擊jpg和pdf
這支病毒版本更新的速度還算蠻快的
還沒裝防毒和自動更新的人快裝吧有裝有安心
OSX_IMULER.C http://goo.gl/mf1eH 這支更凶還會更新
它會執行遠端惡意使用者指定的下列命令:
Take a screen shot
Update the C&C server name
List the contents of a folder and save it as /tmp/launch-0rp.dat.
Then upload the file /tmp/launch-0rp.dat.
Get the file size of a file
Download a file from a URL
Execute a command via the shell
Delete a file
Download a file and save it as /tmp/xntaskz.gz.
Decompress the downloaded file to /tmp/xntaskz.
Execute the following command:/tmp/CurlUpload -f /tmp/xntaskz
以上
--
嗨嗨每個人
我的專長:迅速解毒 當機處理 資料救援 取回帳號 系統規劃 資訊整合
系統規劃:經濟,高效能,低污染,節約能源,(降低噪音震動,電磁波,廢熱,積塵,輻射)
省空間,使用舒適感佳,溫暖的鍵盤與滑鼠 (抗手冰冷) 鄉民說收卡是為了培養EQ
--
Tags:
MAC
All Comments
By Isabella
at 2012-03-29T00:49
at 2012-03-29T00:49
By Harry
at 2012-03-29T13:16
at 2012-03-29T13:16
By Adele
at 2012-04-02T08:01
at 2012-04-02T08:01
By Selena
at 2012-04-03T14:48
at 2012-04-03T14:48
By Joseph
at 2012-04-05T02:28
at 2012-04-05T02:28
By Sarah
at 2012-04-08T17:22
at 2012-04-08T17:22
By Anthony
at 2012-04-11T16:21
at 2012-04-11T16:21
By Ida
at 2012-04-15T06:42
at 2012-04-15T06:42
By Todd Johnson
at 2012-04-19T18:18
at 2012-04-19T18:18
By Elizabeth
at 2012-04-21T21:15
at 2012-04-21T21:15
By Anthony
at 2012-04-25T05:37
at 2012-04-25T05:37
By Hedy
at 2012-04-28T02:25
at 2012-04-28T02:25
Related Posts
Macbook不能調整音量
By Caroline
at 2012-03-28T11:01
at 2012-03-28T11:01
想請問一下garageband
By Catherine
at 2012-03-28T01:55
at 2012-03-28T01:55
apple remote 是不是不支援最新 MBA
By Frederica
at 2012-03-27T23:15
at 2012-03-27T23:15
Pages 和預覽程式會當掉
By Anthony
at 2012-03-27T22:20
at 2012-03-27T22:20
iPad2螢幕保護貼與包膜心得
By Zora
at 2012-03-27T21:16
at 2012-03-27T21:16