RE: MacOSX wormOct 27 2004 08:25AM Steven Trewick (STrewick joplings co uk) (1 replies)
Well, the reg
http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/says
says the malware "contains a variety of destructive
functionality including a keylogger and backdoor components."
The Symantec write up linked from the article
http://www.sophos.com/virusinfo/analyses/shrenepoa.htmlhas
lists side effects including "Deletes files off the computer",
and "Modifies passwords", both of which could be considered
destructive actions.
Perhaps the semantics in the reg article are a bit off, but
I hardly think they can be accused of spreading FUD.
You could always email them and ask for clarification,
they are a fairly approachable lot.
As for the AV industry, I see no reason why they should downplay
the threat (quite the opposite surely ?), but since the Symantec
write up classifeis it as worm, and claims it spreads by file shares,
and the user write ups at http://www.macintouch.com/opener.html
suggest something different again, perhaps the combined effect
*becomes* FUD
Same old same old.
Steve
> -----Original Message-----
> From: H Carvey [mailto:keydet89 (at) yahoo (dot) com [email concealed]]
> Sent: 26 October 2004 17:09
> To: focus-virus (at) securityfocus (dot) com [email concealed]
> Subject: MacOSX worm
>
>
>
>
> SF has a Register article about Opener/Renepo-A. The article
> describes this as a "rootkit" (the term is, in fact, used in
> the title of the article), yet Sophos (linked in the article)
> classifies it as a worm. Neither the Register article nor
> the Sophos write up describe any rootkit-like capabilities.
>
> Here's the Symantec writeup:
> http://www.sarc.com/avcenter/venc/data/macos.renepo.b.html
>
> The Register article calls the "rootkit" "destructive", yet
> doesn't describe any destructive capabilities. However, the
> Symantec writeup does.
>
> So...what's the real deal? Is the media spreading FUD, or is
> the A/V community downplaying the effectiveness of this bit
> of malware?
>
> Thanks,
>
> Harlan Carvey
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
>
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed.
joplings.co.uk
Well, the reg
http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/says
says the malware "contains a variety of destructive
functionality including a keylogger and backdoor components."
The Symantec write up linked from the article
http://www.sophos.com/virusinfo/analyses/shrenepoa.htmlhas
lists side effects including "Deletes files off the computer",
and "Modifies passwords", both of which could be considered
destructive actions.
Perhaps the semantics in the reg article are a bit off, but
I hardly think they can be accused of spreading FUD.
You could always email them and ask for clarification,
they are a fairly approachable lot.
As for the AV industry, I see no reason why they should downplay
the threat (quite the opposite surely ?), but since the Symantec
write up classifeis it as worm, and claims it spreads by file shares,
and the user write ups at http://www.macintouch.com/opener.html
suggest something different again, perhaps the combined effect
*becomes* FUD
Same old same old.
Steve
> -----Original Message-----
> From: H Carvey [mailto:keydet89 (at) yahoo (dot) com [email concealed]]
> Sent: 26 October 2004 17:09
> To: focus-virus (at) securityfocus (dot) com [email concealed]
> Subject: MacOSX worm
>
>
>
>
> SF has a Register article about Opener/Renepo-A. The article
> describes this as a "rootkit" (the term is, in fact, used in
> the title of the article), yet Sophos (linked in the article)
> classifies it as a worm. Neither the Register article nor
> the Sophos write up describe any rootkit-like capabilities.
>
> Here's the Symantec writeup:
> http://www.sarc.com/avcenter/venc/data/macos.renepo.b.html
>
> The Register article calls the "rootkit" "destructive", yet
> doesn't describe any destructive capabilities. However, the
> Symantec writeup does.
>
> So...what's the real deal? Is the media spreading FUD, or is
> the A/V community downplaying the effectiveness of this bit
> of malware?
>
> Thanks,
>
> Harlan Carvey
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
>
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed.
joplings.co.uk
[ reply ]