funsec mailing list archives

Re: Sophos OSX/Inqtana-B False Positive - Maybe

From: "Fergie" <fergdawg () netzero net>
Date: Tue, 21 Feb 2006 16:21:33 GMT

That was kind of timely:

 More Mac OS X Malware Identified
 http://www.f-secure.com/weblog/#00000819

- ferg


-- "Todd Towles" <toddtowles () brookshires com> wrote:

Virus:  'OSX/Inqtana-B' detected in
/System/Library/Extensions/AppleAltiVecDVDDriver.bundle/Contents/MacOS/m
p2decv.bundle/Contents/Resources/mp2decvbin2
        File deleted

Virus:  'OSX/Inqtana-B' detected in
/System/Library/Extensions/AppleVADriver.bundle/Contents/Resources/mp2de
cvbin3
        File deleted

Virus:  'OSX/Inqtana-B' detected in /Applications/Microsoft Office
2004/Office/ShMem.bundle/Contents/MacOS/ShMem
        Error deleting the infected file

Virus:  'OSX/Inqtana-B' detected in /Library/Printers/PPD
Plugins/AdobePDFPDE.plugin/Contents/MacOS/AdobePDFPDE
        File deleted

----------------------------------------------------------

We are getting a sample to Sophos right now..just FYI.

-Todd


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Sophos OSX/Inqtana-B False Positive - Maybe Todd Towles (Feb 21)
- <Possible follow-ups>
- Re: Sophos OSX/Inqtana-B False Positive - Maybe Fergie (Feb 21)
- RE: Sophos OSX/Inqtana-B False Positive - Maybe Todd Towles (Feb 21)
- RE: Sophos OSX/Inqtana-B False Positive - Maybe Fergie (Feb 21)