Name |
Threat Level |
Description |
Adware.OSX.Cosmac |
|
Adware.OSX.Cosmac is a proof-of-concept adware sample for Mac OS X. This malware can be installed without requiring root privileges and can hook into every application so that everytime the user access these applications, Cosmac will launch the Safari web browser. |
Application.OSX.BackTrack |
|
BackTrack is a keylogger program from Modesitt Software. This program stores user activity in an SQLite database file. In addition to being a keylogger, this program also tracks user activity and records such as application name, window name, date and time. It is able to create separate databases for every application and window used. This program is portable and it does not require installation. |
Application.OSX.EasyCrack |
|
Application.OSX.EasyCrack is iAntiVirus detection for EasyCrackwithJohn application. This is a password cracker and the author describes it as a utility to crack a password of a user of another connected Mac. |
Application.OSX.eWatch |
|
Application.OSX.eWatch is a keylogger and also a remote access tool designed to remotely monitor users’s computer activity. It can capture screenshots, log all users’ keystrokes, enumerate all running processess and monitor internet browsing activities. |
Application.OSX.KeyboardSpy |
|
Keyboard Spy a keylogger from AlphaOmega Software. This keylogger can record all keystrokes and save them to a log file. Keyboard Spy is portable and does not require installation to function. |
Application.OSX.KeyloggerX |
|
KeyloggerX is freeware keylogger program designed to work in OS X. This application usually arrives as KeyloggerX.dmg.sit (768,805 bytes) which contains the KeyloggerX executable, Disclaimer.rtf and Read Me.rtf. The document explains that this application will create log files in the User Preference folder. However, upon execution this program stays in the background and fails to create the said folder and files. |
Application.OSX.KeyRecorderX |
|
KeystrokeRecorder X is a keylogger created by CampSoftware. This keylogger can record users’ keystrokes and capture screen shots. It has a stealth feature making it invisible from the dock, invisible in the force quit menu and invisible in process viewer. It can also encrypt the log files, plus send log files and screen shots through email and track active applications. |
Application.OSX.LogKext |
|
Application.OSX.LogKext is a powerful freeware kernel base keylogger in Mac OS X. It has a full stealth capability, where its user can controll its functionality by a command-line client called logKextClient. This keylogger is capable to log every single keystrokes of the user. |
Application.OSX.Loselose.A |
|
Application.OSX.Loselose.A is a gaming application for the Mac which also deletes files on your hard drive as you kill aliens. |
Application.OSX.MonitorerX |
|
Monitorer X is a keylogger created by Burning-Bytes. This keylogger can discreetly record every single keystroke into a log file. It has also an option to capture screen shots, and this feature can be triggered or activated through user specified keywords. So it will capture the current screen everytime the user types in one of the specified keywords. |
Application.OSX.MonitorerXMan |
|
Application.OSX.MonitorerXMan is a managing application that helps the user organize all text logs and screenshots created by MonitorerX Pro. This tool is currently distributed as freeware. |
Application.OSX.MonitorerXPro |
|
MonitorerX Pro is a keylogger and spyware tool created by Burning-Bytes. This software can record every single keystroke in background. Its stealth features include invisibility from the dock, invisible in the force quit menu and invisible at startup. It creates a log file everytime the user starts the computer and organizes these files according to date and time. It can also capture screen shots everytime the user types in a specific keyword. This version is called “Pro” because of the MonitorerX Pro Manager feature, where it manages all the log files and screenshots by user and date. |
Application.OSX.RemoteControl |
|
MacRemoteControl is a freeware application designed to work as a remote access and administration tool. This application can remotely access another macintosh using the TCP/IP protocol. Once it is connected, this tool can list all running process, quit or launch applications, restart, shut down or sleep the machine and activate OSXvnc. This tool was initially designed for personal use by the author but later it was made available to the public. |
Application.OSX.Spy |
|
Spy is a freeware application from SilverNetworks.net. This application has a server component which allows a user to remotely access a macintosh through a normal web browser. It also has Spy Tracker where it can list, see and access all Spy servers. Another feature of this tool is that it can log information, display remote computer information and handle file transfers. |
Application.OSX.SpyMe |
|
SpyMe is a remote management tool from Readpixel.com. This software allows you to manage and monitor multiple remote macintosh machines simultaneosly. It employes a client-server technology, where the server is installed on remote computers and the client component is on the managing side. This SpyMe client can send keyboard and mouse actions, capture screenshots, automatic wake up the server, handle file transfers and control multiple SpyMe servers. It also has an optional SpyMe Daemon which requires root privileges to run in background. A feature of this tool is to silently launch the server component every each login or fast user switch. The latest version of this software has an Internet Caf |
Application.OSX.TypeAgent |
|
TypeAgent is keylogging software from TypeAgent.com. This software can track and record all keystrokes entered into Instant Messaging, Browsing Activities, Emails, Documents and more generally any application running on your Mac. Furthermore, the user has an option to set the logs directory, activation hot key, password protection, uninstallation and option to run in hidden mode. |
Application.OSX.TypeRecorderX |
|
TypeRecorder X is keylogging software produced by Rampellsoft.com. This keylogger can discreetly monitors and records every keystroke in a log file. The vendor describes this software as essential backup tool in the event of system failure, power loss, or if any work is accidentally deleted or modified. |
Backdoor.MacOS.Sub7Server |
|
Backdoor.MacOS.Sub7Server is the SubSeven server component for Mac OS classic. This application is usually installed on the victim’s machine. Once installed, it opens a port allowing any subseven attacker to gain remote access to the system and perform various tasks. |
Backdoor.OSX.CarbonKeys |
|
CarbonKeys is an open-source program that employs client-server technology. The server component handles keystroke monitoring, it records all entered keystrokes and waits for a remote connection from the client program. The client component communicates with the server and is able to download keystroke logs as well as screen shots on command. The server component is usually found on the victim’s computer, while the attacker communicates through the client program. |
Backdoor.OSX.HellRaiser |
|
HellRaiser is a backdoor trojan. This tool employs standard backdoor client-server techniques. The server is usually installed on the victim’s computer while the client controls the server. The installation package also contains a configuration plugin where the remote controller can specify initial server parameters such as port number, password, smtp settings and other behaviour. The server component runs in background and it is hidden from the dock. |
Backdoor.OSX.IService.a |
|
Backdoor.OSX.IService.a has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac. |
Backdoor.OSX.IService.b |
|
Backdoor.OSX.IService.b has the capability of connecting to a remote server over the internet. Once connected, it may receive commands from the remote attacker which may then be executed on the affected Mac. |
Backdoor.OSX.IService.c |
|
Backdoor.OSX.IService.c has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac. |
Backdoor.OSX.Sub7Client |
|
Backdoor.OSX.Sub7Client is the SubSeven OSX client component. This client tool allows the user to remotely connect and control another computer in the network. It has a graphical interface where user has to input the IP address and specify the port number of the server. This component is usually installed on the attackers machine. |
Backdoor.OSX.Termite |
|
Termite is a client-server terminal tool designed to remotely execute unix commands. This software package contains the Terminte server for OSX and OS9. These server programs come with another binary included which is called ServerEdit. ServerEdit manages the users’ settings such as port number and the password. Termite servers can be remotely accessed using the Termite client for OSX and Windows. The server component can be easily installed since it is portable and does not require installation. The remote controller (Termite client) can manage and access multiple macintosh machines simultaneously and perform remote tasks using unix commands. |
Backdoor.OSX.Winjack |
|
Winjack is a freeware client-server remote administration tool from DigitalCalamity.org. This tool allows Mac OS X users to remotely access Windows based machines. The client component runs on OS X while the server is installed on the remote Windows machine. This tool has a powerful feature where it can manipulate files, applications and even the registry. It can also send messages, open URLs, create folders, shut down and restart the machine, capture screen shots, view running processes and transfer files. The Winjack server creates a registry entry to automatically launch itself at every system startup. |
Backdoor.OSX.Xover |
|
Xover is a freeware client-server remote administration tool from DigitalCalamity. The server component is usually installed on the target machine allowing a remote user to access the computer. |
DDoS.OSX.CometShower |
|
DDoS.OSX.CometShower is a client-server program designed to perform distributed denial of service attack to a specific IP address. The client program is the host attacker while the server component can be installed and run to multiple machines and different networks whoever wishes to participate on the attack. The server connects to the client program and the host sets the IP address and port of the targetted machine. Both the server and client program works in Mac OS X. |
Eicar_Test_Files |
|
The European Institute of Computer Anti-virus Research (EICAR) together with Antivirus and Internet Security vendors around the world has developed a standard test file which customers may use to test their antivirus installation. The detection name Eicar_Test_File is NOT A VIRUS. It a harmless test file designed to help customers check whether their antivirus product is properly installed and working. |
Email-Flooder.OSX.Mema |
|
Email-Flooder.OSX.Mema is a powerful and distructive mail-bomber used to perform Denial of Service attacks. This tool can mail-bomb multiple email addresses and connect to multiple SMTP servers simultaneously. It can open up to 500 simultaneous connections. The user can also set annoymous mode or use random names. It can also construct its own subject, message body and file attachment. The mail-bombing parameters define the number of emails from 1 to never ending mail-bombing and specify specific date and time of attack. |
Email-Flooder.OSX.Propaganda |
|
Emal-Flooder.OSX.Propaganda is a powerful email flooder/spammer that can connect to a list of SMTP servers and create up to 500 multiple connection at a time. The tool provides an option to construct the content of the email body, create arbitrary recipient names and add multiple attachments. |
Email-Flooder.OSX.Torrent |
|
Email-Flooder.OSX.Torrent is an email bomber/flooder tool designed to work in Mac OS X. The tool provides the attacker an option to construct email content, specify SMTP Server, add multiple attachment and specify the number of email attack that will be sent. Since this tool can only perform targetted attack, it is also possible that some security analysts may use this tool for penetration testing. |
Exploit.EvilGrade.a |
|
Exploit.EvilGrade is a multiplatform exploit tool that allows it to take advantage of poor upgrade implementations by injecting fake updates. |
Exploit.Exploit.OSX.CVE-2007-0059 |
|
Exploit.OSX.CVE-2007-0059 is a proof of concept code that exploits a flaw in Apple Quicktime 3 to 7.1.3’s quicktime movie (.mov) file with an HREF track (HREFTrack). |
Exploit.Exploit.OSX.CVE-2007-6166 |
|
Exploit.OSX.CVE-2007-6166 is a proof of concept code that exploits a flaw in Apple Quicktime versions before 7.3.1’s RTSP response handling of long content type headers. |
Exploit.OSX.ARDAgent |
|
Exploit.OSX.ARDAgent is iAntiVirus’ detection for malicious code that exploits a vulnerability in Apple Remote Desktop.It takes advantage of a flaw in ARDAgent, a component of Apple Remote Desktop, and allows malicious programs to execute code when run locally, or remotely as root. |
Exploit.OSX.CVE-2003-0201 |
|
Exploit.OSX.CVE-2003-0201 is iAntiVirus detection for malicious code that exploits CVE-2003-0201 vulnerability. It exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8 and it is capable of exploiting Mac OS X PowerPC systems. |
Exploit.OSX.CVE-2004-0430 |
|
Exploit.OSX.CVE-2004-0430 is iAntiVirus detection for malicious code that exploits CVE-2004-0430 vulnerability. It exploits a stack overflow in the AppleFileServer service found in Mac OS X. |
Exploit.OSX.CVE-2004-0695 |
|
Exploit.OSX.CVE-2004-0695 is a proof of concept code that exploits a flaw in the FTP service for 4D WebSTAR 5.3.2 and earlier which allows remote attackers to execute arbitrary code via a long FTP command. |
Exploit.OSX.CVE-2005-0043 |
|
Exploit.OSX.CVE-2005-0043 is a proof-of-concept code that exploits a security flaw in Apple iTunes 4.7 which allows remote attackers to execute arbitrary code via a long URL in .m3u or .pls playlist files. |
Exploit.OSX.CVE-2006-0848 |
|
Exploit.OSX.CVE-2006-0848 is iAntiVirus detection for malicious code that exploits CVE-2006-0848 vulnerability. It exploit Safari’s “Safe file” feature which is a bug in Apple Mac OS X metadata handling. |
Exploit.OSX.CVE-2007-0395 |
|
Exploit.OSX.CVE-2007-0395 is iAntiVirus detection for malicious code that exploits CVE-2007-0395 vulnerability. It exploits a command execution vulnerability found in Mail.app application and affects Mac OS X 10.5.0. |
Exploit.OSX.CVE-2007-2446 |
|
Exploit.OSX.CVE-2007-2446 is iAntiVirus detection for malicious code that exploits CVE-2007-2446 vulnerability. It exploits LSA RPC service of the Samba daemon. |
Exploit.OSX.CVE-2007-5863 |
|
Exploit.OSX.CVE-2007-5863 is iAntiVirus detection for malicious code that exploits CVE-2007-5863 vulnerability. It exploits the feature Distribution Packages used in Apple Software Update. |
Exploit.OSX.Evasion.a |
|
Exploit.OSX.Evasion.a is a proof-of-concept code that exploits a known vulnerability in MAC OS X’s Java Virtual Machine. It allows malicious code to execute outside of the Java sandbox with the permissions of the executing user. |
Exploit.OSX.Small |
|
Exploit.OSX.Small is a proof-of-concept program that exploits Mac OS X’s /usr/bin/passwd. |
Exploit.OSX.Smid.b |
|
Exploit.OSX.Smid.b is an expolits that takes advantage of the CVE-2009-3867 vulnerability. It allows a remote attacker to execute arbitrary code. |
Hacktool.MacOS.UGMPortScanner |
|
Hacktool.MacOS.UGMPortScanner is designed to scan and list target machines open and active ports. This tool is designed to work only with classic Mac OS. |
Hacktool.OSX.AimSniff |
|
Hacktool.OSX.AimSniff is a small utility tool designed to capture AIM user IP address running in Mac OS X. |
Hacktool.OSX.BrutalGift |
|
Hacktool.OSX.BrutalGift is a powerful ftp and pop3 brute force cracker designed to work in Mac OS X. It can scan and crack up to 500 connection at the same time. This tool may also be used by some security analysts for penetration testing. |
Hacktool.OSX.Cyanide |
|
Hacktool.OSX.Cyanide is a hacking tool with multiple featues such as email bomber, port attacker, IRC flooder bot, FTP brute force attacker and port scanner. This tool also has network utility functions such as ping, lookup, traceroute and whois. It can also protect itself by watching certain ports for possible attacks. |
Hacktool.OSX.Heirophant |
|
Hacktool.OSX.Heirophant is a network utility tool designed to work in Mac OS X. It is capable to scan websites for web links, scan and ping specific IP address for open ports, create remote connection through telnet, proxy tool, construct crafted strings and use it to perform port flooding attack over TCP protocol. This tool may also be used by some security analysts for penetration testing. |
Hacktool.OSX.iChatSniff |
|
iChatSniff is a program that extracts iChat audio sessions from a pcap-formated packet dump. A malicious user is able to use this tool to eavesdrop on iChat audio sessions. |
Hacktool.OSX.macKrack |
|
macKrack is a freeware password cracker for Mac OS X. It supports Crypt, MD5, SHA-1 and Salted SHA-1 algorithms. It uses both dictionary and keyspace brute force attacks to recover passwords. The latest version supports the cracking of zip archive passwords. |
Hacktool.OSX.MacSmurf |
|
MacSmurf is a tool used to perform Denial of Service attacks on a network. It does this by sending a large volumes of ICMP echo requests, and broadcasting them to machines on the network. The attack can invisibly redirect the broadcast ICMP packet to a targetted host. This tool may also be used by some security analysts for penetration testing. |
Hacktool.OSX.ManOfTheMiddle |
|
ManOfTheMiddle is a tool used to perform man-in-the-middle attacks, allowing the user to monitor and potentially tamper with data flowing between 2 hosts. Although this tool can be used for malicious purposes, some security analysts legitimately use this tool to perform penetration testing. |
Hacktool.OSX.SYNer |
|
Hacktool.OSX.SYNer is a malicious tool designed to perform SYN flood exploit in TCP protocol. This tool uses a series of spoofed SYN-tagged TCP packets to hide the attacker real identity. The attack attempts to overload the target network which causes it to stop accepting incoming connection. |
Hacktool.OSX.UnderHand |
|
Hacktool.OSX.UnderHand is a client-server program that can connect and communicate to its victims’ machine through its trojan server component. The trojan server has an option to run in hidden mode. Once the server is installed, the client can execute arbitrary shell command to the victims’ machine. |
Hacktool.OSX.ZapAttack |
|
Hacktool.OSX.ZapAttack is a hacker tooll design to perform denial of service attack. It has multiple features such as Mass Connector, Muti Flooder, Port Flooder, UDP Flooder, Port Scanner, Port Checker and IP Resolver. The amplification server is a component program usually installed to another machine. It aims to assist the attacker amplify the attack. |
Perl.OSX.RSPlug.a |
|
Perl.OSX.RSPlug.a is a malicious PERL script targeted for MAC users. It downloads and runs another malicious script in the victim’s computer. |
Port-Flooder.OSX.Tsunami |
|
Port-Flooder.OSX.Tsunami is a small utility tool designed to remotely connect to a specific port, construct crafted packet and peform port flooding attack. The attacker can either use TCP or UDP protocol. |
RogueAntiSpyware.OSX.Imunizator |
|
RogueAntiSpyware.OSX.Imunizator is a rebranded version of RogueAntiSpyware.OSX.MacSweeper. This version contains exactly the same functionality and looks of MacSweeper except the name was changed to Imunizator. Rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces a download of the file/installation package. |
RogueAntiSpyware.OSX.MacSweeper |
|
RogueAntiSpyware.OSX.MacSweeper is a rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces to download file/installation package. |
Rootkit.MacOS.Weapox |
|
Rootkit.MacOS.Weapox is a kernel based rootkit designed to work on Mac OS X (both PowerPC and Intel-based) machines. This tool can execute a root shell, elevate processes euid to 0, hide specified ports from netstat and hide login info from w and who commands. |
Trojan-PSW.OSX.Corpref.A |
|
Trojan-PSW.OSX.Corpref.A is a password stealing Trojan masquerading as a poker game program. It targets Mac OS X users. |
Trojan.MacOS.ChinaTalk |
|
Trojan.MacOS.ChinaTalk is a destructive trojan which deletes all user directories. It usually arrives disguised as a MacinTalk sound driver. It’s code contains the following strings “A Phalcon/Skzm production”. |
Trojan.MacOS.Nvp |
|
Virus.MacOS.Nvp is a malicious trojan that disguises itself as an application called ‘New Look’ in order to get onto the user’s system. Once installed, this trojan modifies the system and prevents vowels from being entered using the keyboard. The malicious code contains strings, indicating the names of tha authors. |
Trojan.MacOS.Tetracycle |
|
Trojan.MacOS.Tetracycle is a malicious trojan secretly installed by Virus.MacOS.Mbdf.A. |
Trojan.MacOS.Tweesh.a |
|
Trojan.MacOS.Tweesh.a is a malicious trojan horse that may represent security risk for the compromised system. |
Trojan.OSX.DNSChanger |
|
Trojan.OSX.DNSChan is a malicious trojan that uses social engineering techniques to entice users to manually install the program. This trojan disguises itself as a video codec and associates itself with shared and free download videos. It was first seen and linked to porn sites but later it was also linked to funny videos. The mode of delivery of this trojan is typically via spam blogs (splogs), malicious banner Ads, poisoned Google search results and pay-per-install programs. |
Trojan.OSX.DNSChanger.C |
|
Trojan.OSX.DNSChanger.C is a malicious trojan that entices the user to download and manually install a fake video codec. |
Trojan.OSX.DNSChanger.D |
|
Trojan.OSX.DNSChanger.D is a trojan that entices users to download and install a fake video codec. |
Trojan.OSX.DNSChanger.E |
|
Trojan.OSX.DNSChanger.E is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.DNSChanger.F |
|
Trojan.OSX.DNSChanger.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.HellRTS |
|
Trojan.OSX.HellRTS has the capabilities to perform malicious backdoor routines, and is built using RealBasic. |
Trojan.OSX.Lamzev.a |
|
Trojan.OSX.Lamzev.a is a Trojan horse that opens a back door on the compromised computer. |
Trojan.OSX.RSPlug.A |
|
Trojan.OSX.RSPlug.A is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.RSPlug.B |
|
Trojan.OSX.RSPlug.B is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.RSPlug.C |
|
Trojan.OSX.RSPlug.C is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.RSPlug.D |
|
Trojan.OSX.RSPlug.D is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.E |
|
Trojan.OSX.RSPlug.E is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.F |
|
Trojan.OSX.RSPlug.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.RSPlug.G |
|
Trojan.OSX.RSPlug.G is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system. |
Trojan.OSX.RSPlug.K |
|
Trojan.OSX.RSPlug.K is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.M |
|
Trojan.OSX.RSPlug.M is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.N |
|
Trojan.OSX.RSPlug.N is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.O |
|
Trojan.OSX.RSPlug.O is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.P |
|
Trojan.OSX.RSPlug.P is a Trojan horse that changes the DNS settings on the compromised computer. |
Trojan.OSX.RSPlug.Q |
|
Trojan.OSX.RSPlug.Q is a Trojan horse that changes the DNS settings on the compromised computer. |
Virus.MacOS.Anti |
|
Virus.MacOS.Anti is self-replicating virus that infects application files on System 6. |
Virus.MacOS.Cdef |
|
Virus.MacOS.Cdef is a self-replicating virus which infects desktop files used by System 6. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow down and consequently crash. |
Virus.MacOS.Code1 |
|
Virus.MacOS.Code1 is a destructive virus which infects Mac OS classic system files and applications. This virus has known payload which renames the user’s infected hard drive to Trent Saburo on the 31st of October of every year. |
Virus.MacOS.Code252 |
|
Virus.MacOS.Code252 also known as D-Day Virus is a malicious program that infects Mac OS classic system files and applications. It carries a non-destructive payload where it can perform certain tasks like displaying a text message, opening a window or even removing itself. This payload is triggered every 6th of June and 31st of December. Strings indicate a message will be displayed when the payload is activated “Ha Ha Ha Ha Ha Ha Ha You have a virus Now erasing all disk! P.S. Have a nice day (Click to continue!)”. |
Virus.MacOS.Code32767 |
|
Virus.MacOS.Code32767 is a malicious program that infects files found on Mac OS system classic. This virus was named Code32767 because it modifies the infected file to point to its malicious code which is at code 32767. |
Virus.MacOS.Code9811 |
|
Virus.MacOS.Code9811 is malicious program which infects ‘APPL’ type applications found on Mac OS classic. This virus carries a non-destructive payload where it draws a worm all over the users’ screen at a specific time and date. Code indicates that this virus will display this message “You have been hacked by Praetorians!”. |
Virus.MacOS.Flag |
|
Virus.MacOS.Flag is a self-replicating virus that infects application files on Mac OS classic. |
Virus.MacOS.Init17 |
|
Virus.MacOS.Init17 is a destructive virus that infects Mac OS classic system and application files. The virus resides in INIT 17 resources. |
Virus.MacOS.Init1984 |
|
Virus.MacOS.Init1984 is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload where it attempts to rename all files to random names and also change file information on every Friday which falls on the 13th day of any month. |
Virus.MacOS.Init29 |
|
Virus.MacOS.Init29 is a destructive virus which tries to infect Mac OS classic systems, applications and data files by adding or overwriting the INIT 29 resource. |
Virus.MacOS.Init666 |
|
Virus.MacOS.Init666 is a destructive virus that infects classic Mac OS system and application files. |
Virus.MacOS.Init9403 |
|
Virus.MacOS.Init9403 is a destructive virus that infects classic Mac OS system applications and the Finder. Upon execution, this virus creates a file named “Preferenze” in the Extensions folder. This allows the virus to execute at every system start up. After a certain number of infections, it overwrites the startup volume and disk information. |
Virus.MacOS.InitM |
|
Virus.MacOS.InitM is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload whicht attempts to rename all files and folders to random names and changes file creation and modification dates to January 1, 1904. |
Virus.MacOS.Mbdf |
|
Virus.MacOS.Mbdf is a destructive virus that infects classic Mac OS system files and applications such as Finder. This virus does not have a malicious payload, instead it searches for system files and appends MBDF resources with IDs of 0 and 1. The infection takes time to infect all system files, but the machine will start to show non-responsive behaviour which subsequently resolves to a forced restart. This action will damage system files, and the only solution is to reinstall the affected files. This virus was first seen on the internet associated with shareware games such as “Ten Tile Puzzle” and “Obnoxious Tetris”. |
Virus.MacOS.Mdef |
|
Virus.MacOS.Mdef is a self-replicating virus that infects classic Mac OS files. It does not have a malicious or destructive payload, instead it infects macintosh resources that is responsible for drawing menus. The infected machine will start to show non-responsive behaviour once a pull down menu is clicked. |
Virus.MacOS.Nvir |
|
Virus.MacOS.Nvir is a destructive virus which infects classic Mac OS system files and applications such as Finder. The infection causes system slow down, hangs and crashes. |
Virus.MacOS.Scores |
|
Virus.MacOS.Scores is a malicious program that infects Mac OS classic system files and applications, specifically Notepad and Scrapbook. After a number of infections, this virus will start infecting any application when it is opened. The infection causes the system slowdowns and crashes. |
Virus.MacOS.Sevendust |
|
Virus.MacOS.Sevendust is a self-replicating virus that infects classic Mac OS applications and system files. Some variant of this virus carries a non-destructive payload where it attempts to delete all non-executable application from the StartupItems during a specific time and day of the month. It appends MDEF resource to all infected application and INIT resource for the system files. |
Virus.MacOS.T4 |
|
Virus.MacOS.T4 is a destructive virus that infects System 7 system files, applications and the Finder. The infection causes system slowdowns and crashes. After a certain number of infections, the payload will display this message “Application is infected with the T4 virus”. |
Virus.MacOS.Wdef |
|
Virus.MacOS.Wdef is a self-replicating virus that infects desktop files used by the System 6 Finder. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow and consequently crash. |
Virus.MacOS.Zuc |
|
Virus.MacOS.Zuc is a self-replicating virus that infects application files in classic Mac OS. This virus carries an annoying payload where the cursor will display unusual behaviour after a certain period of time of infection. |
Virus.OSX.Leap |
|
Virus.OSX.Leap is an instant messaging worm which propagates via the iChat application, and also a destructive virus which tries to infect other binary files by overwriting their code. This malware was designed to work on Mac OS X running on PowerPC machines. |
Worm.iPhoneOS.Ikee.b |
|
Worm.iPhoneOS.Ikee.b is a worm that spreads through jailbroken iPhones by using the default SSH password. It steals sensitive information on the compromised device and has the capability to connect to a BotNet server. |
Worm.MacOS.Autostart |
|
Worm.MacOS.Autostart is a malicious worm that propagates by infecting the boot sector of removable volumes. Some variants of this worm drop a file named DB on the infected removable media and make a copy of themselves named Desktop Print Spooler in the Extentions folder, allowing it automatically run during system startup. This worm was designed to work on classic Mac OS (PowerPC). |
Worm.OSX.Inqtana |
|
Worm.OSX.Inqtana is a proof-of-concept worm that exploits a Mac OS X BlueTooth Directory Traversal Vulnerability. |
Worm.OSX.Renepo |
|
Worm.OSX.Renepo is also known as “Opener”. This is a malicious bash shell script design to work on Mac OS X. This worm installs and copies itself to StartupItems. It then disables the built-in OSX firewall, prevents Apple updates and disables accounting applications. It can also turn on services and gathers detailed user information pasword hashes, user name from netinfo, keychain files and system configuration information. It also modifies limewire settings, deletes log files, creates an additional admin user, creates cron jobs and more. It also connects to the infernet to download hacktools such as John The Ripper and Dsniff. This worm propagates by dropping a copy of itself to shared folders. |
Worm.OSX.Tored.a |
|
Worm.OSX.Tored.a is a MAC OSX worm written in RealBasic which attempts to spread via email and network shares. It also opens a backdoor on the compromised computer. |