RE: mac trojan in-the-wild

["David Harley" <david.a.harley () gmail com>]

> err doesn't virustotal only detect windows viruses?

Strictly speaking, VT doesn't detect anything. It just reports what certain
scanners report. (I know that sounds patronizing: bear with me...) But a
couple of those scanners should detect Mac malware. VirusBarrier isn't one
of the scanners they use, though, and I haven't yet seen anything on this on
the McAfee, Sophos or Symantec web sites. But that may only mean that those
vendors haven't been able to secure a sample through "normal" channels --
Intego are long-established, but strictly Mac and a bit out of the
mainstream. 

> They dont have virex listed in the scanners, but ClamAV could 
> be the BSD version.. I guess

I don't think ClamAV does Mac-specific malware, generally, even ClamXav
which is just the Clam engine on a Mac platform. 

If you respond to this, please don't go all anti-AV on me tonight: I've been
mauled enough for one evening, and I'm just trying to help... 

--
David Harley
AVIEN Interim Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk  

> -----Original Message-----
> From: funsec-bounces () linuxbox org 
> [mailto:funsec-bounces () linuxbox org] On Behalf Of Dude VanWinkle
> Sent: 31 October 2007 22:30
> To: Gadi Evron
> Cc: funsec () linuxbox org
> Subject: Re: [funsec] mac trojan in-the-wild
>
> On 10/31/07, Gadi Evron <ge () linuxbox org> wrote:
> >
> http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-trojan.h
> > tml
>
> > Not surprisingly (it is, after all, a Mac virus), VirusTotal has zero
> detection on this

>

> -JP
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.