FYI: Mac trojan horse
Peter M. Brigham, MD
pmbrig at gmail.com
Mon Feb 27 17:49:19 CST 2012
Right. I already had put a little addition similar to this in my frontscript openstack handler so that every time I open a stack it tests for the presence of *.so files and, if found, sends me to the website for the instructions on how to delete the thing. Obviously, I open stacks constantly during the day (and night!), and that way I don't have to remember to check, which I would rapidly forget to do. As one of my patients said to me once, I have a mind like a steel sieve.
This is the first time in a long time I've even had to *think* about malware. Now that I've automated it, I don't have to think about it any more. At least until something new comes along.
Peter M. Brigham
pmbrig at gmail.com
On Feb 27, 2012, at 5:44 PM, Mark Schonewille wrote:
> Always when I read such articles, I can't help thinking that the antivirus software publishers have the most interest in the creation of such viruses. From the website: "You won’t be surprised to learn that Intego’s own VirusBarrier X6 software can detect Flashback if it’s installed, and even prevent it from installing in the first place." Doh. Also, this trojan only installs itself if... when... again if... and only if....
> According to that website, this is how you can check for the trojan:
> function virusCheck
> put "ls /Users/Shared/.*.so" into myShell
> return not (shell(myShell) contains "No such file or directory")
> end virusCheck
> The function returns true if the trojan is on your machine.
> Best regards,
> Mark Schonewille
> Economy-x-Talk Consulting and Software Engineering
> Homepage: http://economy-x-talk.com
> Twitter: http://twitter.com/xtalkprogrammer
> KvK: 50277553
> Download the Installer Maker Plugin 1.7 for LiveCode here http://qery.us/za
> On 27 feb 2012, at 23:20, Peter M. Brigham, MD wrote:
>> Just got this from MacWorld:
>> Intego finds new strain of Mac Flashback Trojan horse
>> -- Peter
>> Peter M. Brigham
>> pmbrig at gmail.com
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode