RE: Sophos OSX/Inqtana-B False Positive - Maybe

["Todd Towles" <toddtowles () brookshires com>]

It was a false positive, therefore the fix has caused a much larger
problem than the trojan, since the vulnerability was fixed in 2005.

Low-risk trojan with a high-risk fix...

-Todd 

> -----Original Message-----
> From: Fergie [mailto:fergdawg () netzero net] 
> Sent: Tuesday, February 21, 2006 10:22 AM
> To: Todd Towles
> Cc: funsec () linuxbox org
> Subject: Re: [funsec] Sophos OSX/Inqtana-B False Positive - Maybe
>
> That was kind of timely:
>
>  More Mac OS X Malware Identified
>  http://www.f-secure.com/weblog/#00000819
>
> - ferg
>
>
> -- "Todd Towles" <toddtowles () brookshires com> wrote:
>
> Virus:        'OSX/Inqtana-B' detected in
> /System/Library/Extensions/AppleAltiVecDVDDriver.bundle/Conten
> ts/MacOS/m
> p2decv.bundle/Contents/Resources/mp2decvbin2
>       File deleted
>
> Virus:        'OSX/Inqtana-B' detected in
> /System/Library/Extensions/AppleVADriver.bundle/Contents/Resou
> rces/mp2de
> cvbin3
>       File deleted
>
> Virus:        'OSX/Inqtana-B' detected in 
> /Applications/Microsoft Office
> 2004/Office/ShMem.bundle/Contents/MacOS/ShMem
>       Error deleting the infected file
>
> Virus:        'OSX/Inqtana-B' detected in /Library/Printers/PPD
> Plugins/AdobePDFPDE.plugin/Contents/MacOS/AdobePDFPDE
>       File deleted
>
> ----------------------------------------------------------
>
> We are getting a sample to Sophos right now..just FYI.
>
> -Todd
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet  
> fergdawg () netzero net or fergdawg () sbcglobal net  ferg's tech 
> blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.