On 27 nov. 06, at 17:05, Derek Chesterfield wrote:
> Well, it could just be an example of an InputManager, which would
> be nothing new. I non-Admin user can create an InputManager bundle
> in ~/Library/InputManagers, which would get loaded for every app
> that user launches. An Admin user (even without authenticating) can
> create one in /Library/InputManagers, which would get loaded for
> all users. Affects Cocoa apps only.
>
> See <http://db.tidbits.com/article/08430> for info about the
> dangers of InputManagers.
>
> On 25 Nov 2006, at 14:50, Sûnnet Beskerming wrote:
>
You're right. That's an InputManager.
But InputManagers are only called when a Cocoa Application starts.
Not carbon apps nor command tools.
We named it OSX.Popup.gen
Finally, Machoman and Macarena ARE alias of the same malware.
(Machoman and Macarena are on the same CD, just google for them)
--
Philippe Devallois
VirusBarrier Team
On 27 nov. 06, at 17:05, Derek Chesterfield wrote:
> Well, it could just be an example of an InputManager, which would
> be nothing new. I non-Admin user can create an InputManager bundle
> in ~/Library/InputManagers, which would get loaded for every app
> that user launches. An Admin user (even without authenticating) can
> create one in /Library/InputManagers, which would get loaded for
> all users. Affects Cocoa apps only.
>
> See <http://db.tidbits.com/article/08430> for info about the
> dangers of InputManagers.
>
> On 25 Nov 2006, at 14:50, Sûnnet Beskerming wrote:
>
You're right. That's an InputManager.
But InputManagers are only called when a Cocoa Application starts.
Not carbon apps nor command tools.
We named it OSX.Popup.gen
Finally, Machoman and Macarena ARE alias of the same malware.
(Machoman and Macarena are on the same CD, just google for them)
--
Philippe Devallois
VirusBarrier Team
[ reply ]