Additional for Mac Viruses


From http://www.iantivirus.com/threats/  The blog format makes reading more difficult. Go to the original to view it more easily.

Threat List, Macintosh

All threats | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

116 threats found.

Name Threat Level Description
Adware.OSX.Cosmac High Adware.OSX.Cosmac is a proof-of-concept adware sample for Mac OS X. This malware can be installed without requiring root privileges and can hook into every application so that everytime the user access these applications, Cosmac will launch the Safari web browser.
Application.OSX.BackTrack High BackTrack is a keylogger program from Modesitt Software. This program stores user activity in an SQLite database file. In addition to being a keylogger, this program also tracks user activity and records such as application name, window name, date and time. It is able to create separate databases for every application and window used. This program is portable and it does not require installation.
Application.OSX.EasyCrack Low Application.OSX.EasyCrack is iAntiVirus detection for EasyCrackwithJohn application. This is a password cracker and the author describes it as a utility to crack a password of a user of another connected Mac.
Application.OSX.eWatch High Application.OSX.eWatch is a keylogger and also a remote access tool designed to remotely monitor users’s computer activity. It can capture screenshots, log all users’ keystrokes, enumerate all running processess and monitor internet browsing activities.
Application.OSX.KeyboardSpy High Keyboard Spy a keylogger from AlphaOmega Software. This keylogger can record all keystrokes and save them to a log file. Keyboard Spy is portable and does not require installation to function.
Application.OSX.KeyloggerX High KeyloggerX is freeware keylogger program designed to work in OS X. This application usually arrives as KeyloggerX.dmg.sit (768,805 bytes) which contains the KeyloggerX executable, Disclaimer.rtf and Read Me.rtf. The document explains that this application will create log files in the User Preference folder. However, upon execution this program stays in the background and fails to create the said folder and files.
Application.OSX.KeyRecorderX High KeystrokeRecorder X is a keylogger created by CampSoftware. This keylogger can record users’ keystrokes and capture screen shots. It has a stealth feature making it invisible from the dock, invisible in the force quit menu and invisible in process viewer. It can also encrypt the log files, plus send log files and screen shots through email and track active applications.
Application.OSX.LogKext High Application.OSX.LogKext is a powerful freeware kernel base keylogger in Mac OS X. It has a full stealth capability, where its user can controll its functionality by a command-line client called logKextClient. This keylogger is capable to log every single keystrokes of the user.
Application.OSX.Loselose.A High Application.OSX.Loselose.A is a gaming application for the Mac which also deletes files on your hard drive as you kill aliens.
Application.OSX.MonitorerX High Monitorer X is a keylogger created by Burning-Bytes. This keylogger can discreetly record every single keystroke into a log file. It has also an option to capture screen shots, and this feature can be triggered or activated through user specified keywords. So it will capture the current screen everytime the user types in one of the specified keywords.
Application.OSX.MonitorerXMan Low Application.OSX.MonitorerXMan is a managing application that helps the user organize all text logs and screenshots created by MonitorerX Pro. This tool is currently distributed as freeware.
Application.OSX.MonitorerXPro High MonitorerX Pro is a keylogger and spyware tool created by Burning-Bytes. This software can record every single keystroke in background. Its stealth features include invisibility from the dock, invisible in the force quit menu and invisible at startup. It creates a log file everytime the user starts the computer and organizes these files according to date and time. It can also capture screen shots everytime the user types in a specific keyword. This version is called “Pro” because of the MonitorerX Pro Manager feature, where it manages all the log files and screenshots by user and date.
Application.OSX.RemoteControl High MacRemoteControl is a freeware application designed to work as a remote access and administration tool. This application can remotely access another macintosh using the TCP/IP protocol. Once it is connected, this tool can list all running process, quit or launch applications, restart, shut down or sleep the machine and activate OSXvnc. This tool was initially designed for personal use by the author but later it was made available to the public.
Application.OSX.Spy High Spy is a freeware application from SilverNetworks.net. This application has a server component which allows a user to remotely access a macintosh through a normal web browser. It also has Spy Tracker where it can list, see and access all Spy servers. Another feature of this tool is that it can log information, display remote computer information and handle file transfers.
Application.OSX.SpyMe High SpyMe is a remote management tool from Readpixel.com. This software allows you to manage and monitor multiple remote macintosh machines simultaneosly. It employes a client-server technology, where the server is installed on remote computers and the client component is on the managing side. This SpyMe client can send keyboard and mouse actions, capture screenshots, automatic wake up the server, handle file transfers and control multiple SpyMe servers. It also has an optional SpyMe Daemon which requires root privileges to run in background. A feature of this tool is to silently launch the server component every each login or fast user switch. The latest version of this software has an Internet Caf
Application.OSX.TypeAgent High TypeAgent is keylogging software from TypeAgent.com. This software can track and record all keystrokes entered into Instant Messaging, Browsing Activities, Emails, Documents and more generally any application running on your Mac. Furthermore, the user has an option to set the logs directory, activation hot key, password protection, uninstallation and option to run in hidden mode.
Application.OSX.TypeRecorderX High TypeRecorder X is keylogging software produced by Rampellsoft.com. This keylogger can discreetly monitors and records every keystroke in a log file. The vendor describes this software as essential backup tool in the event of system failure, power loss, or if any work is accidentally deleted or modified.
Backdoor.MacOS.Sub7Server High Backdoor.MacOS.Sub7Server is the SubSeven server component for Mac OS classic. This application is usually installed on the victim’s machine. Once installed, it opens a port allowing any subseven attacker to gain remote access to the system and perform various tasks.
Backdoor.OSX.CarbonKeys High CarbonKeys is an open-source program that employs client-server technology. The server component handles keystroke monitoring, it records all entered keystrokes and waits for a remote connection from the client program. The client component communicates with the server and is able to download keystroke logs as well as screen shots on command. The server component is usually found on the victim’s computer, while the attacker communicates through the client program.
Backdoor.OSX.HellRaiser High HellRaiser is a backdoor trojan. This tool employs standard backdoor client-server techniques. The server is usually installed on the victim’s computer while the client controls the server. The installation package also contains a configuration plugin where the remote controller can specify initial server parameters such as port number, password, smtp settings and other behaviour. The server component runs in background and it is hidden from the dock.
Backdoor.OSX.IService.a High Backdoor.OSX.IService.a has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac.
Backdoor.OSX.IService.b High Backdoor.OSX.IService.b has the capability of connecting to a remote server over the internet. Once connected, it may receive commands from the remote attacker which may then be executed on the affected Mac.
Backdoor.OSX.IService.c High Backdoor.OSX.IService.c has the capability of connecting to a remote server over the internet. Once installed, it may download additional components to an infected Mac.
Backdoor.OSX.Sub7Client High Backdoor.OSX.Sub7Client is the SubSeven OSX client component. This client tool allows the user to remotely connect and control another computer in the network. It has a graphical interface where user has to input the IP address and specify the port number of the server. This component is usually installed on the attackers machine.
Backdoor.OSX.Termite High Termite is a client-server terminal tool designed to remotely execute unix commands. This software package contains the Terminte server for OSX and OS9. These server programs come with another binary included which is called ServerEdit. ServerEdit manages the users’ settings such as port number and the password. Termite servers can be remotely accessed using the Termite client for OSX and Windows. The server component can be easily installed since it is portable and does not require installation. The remote controller (Termite client) can manage and access multiple macintosh machines simultaneously and perform remote tasks using unix commands.
Backdoor.OSX.Winjack High Winjack is a freeware client-server remote administration tool from DigitalCalamity.org. This tool allows Mac OS X users to remotely access Windows based machines. The client component runs on OS X while the server is installed on the remote Windows machine. This tool has a powerful feature where it can manipulate files, applications and even the registry. It can also send messages, open URLs, create folders, shut down and restart the machine, capture screen shots, view running processes and transfer files. The Winjack server creates a registry entry to automatically launch itself at every system startup.
Backdoor.OSX.Xover High Xover is a freeware client-server remote administration tool from DigitalCalamity. The server component is usually installed on the target machine allowing a remote user to access the computer.
DDoS.OSX.CometShower Medium DDoS.OSX.CometShower is a client-server program designed to perform distributed denial of service attack to a specific IP address. The client program is the host attacker while the server component can be installed and run to multiple machines and different networks whoever wishes to participate on the attack. The server connects to the client program and the host sets the IP address and port of the targetted machine. Both the server and client program works in Mac OS X.
Eicar_Test_Files Low The European Institute of Computer Anti-virus Research (EICAR) together with Antivirus and Internet Security vendors around the world has developed a standard test file which customers may use to test their antivirus installation. The detection name Eicar_Test_File is NOT A VIRUS. It a harmless test file designed to help customers check whether their antivirus product is properly installed and working.
Email-Flooder.OSX.Mema High Email-Flooder.OSX.Mema is a powerful and distructive mail-bomber used to perform Denial of Service attacks. This tool can mail-bomb multiple email addresses and connect to multiple SMTP servers simultaneously. It can open up to 500 simultaneous connections. The user can also set annoymous mode or use random names. It can also construct its own subject, message body and file attachment. The mail-bombing parameters define the number of emails from 1 to never ending mail-bombing and specify specific date and time of attack.
Email-Flooder.OSX.Propaganda Low Emal-Flooder.OSX.Propaganda is a powerful email flooder/spammer that can connect to a list of SMTP servers and create up to 500 multiple connection at a time. The tool provides an option to construct the content of the email body, create arbitrary recipient names and add multiple attachments.
Email-Flooder.OSX.Torrent Low Email-Flooder.OSX.Torrent is an email bomber/flooder tool designed to work in Mac OS X. The tool provides the attacker an option to construct email content, specify SMTP Server, add multiple attachment and specify the number of email attack that will be sent. Since this tool can only perform targetted attack, it is also possible that some security analysts may use this tool for penetration testing.
Exploit.EvilGrade.a Low Exploit.EvilGrade is a multiplatform exploit tool that allows it to take advantage of poor upgrade implementations by injecting fake updates.
Exploit.Exploit.OSX.CVE-2007-0059 Low Exploit.OSX.CVE-2007-0059 is a proof of concept code that exploits a flaw in Apple Quicktime 3 to 7.1.3’s quicktime movie (.mov) file with an HREF track (HREFTrack).
Exploit.Exploit.OSX.CVE-2007-6166 Low Exploit.OSX.CVE-2007-6166 is a proof of concept code that exploits a flaw in Apple Quicktime versions before 7.3.1’s RTSP response handling of long content type headers.
Exploit.OSX.ARDAgent Low Exploit.OSX.ARDAgent is iAntiVirus’ detection for malicious code that exploits a vulnerability in Apple Remote Desktop.It takes advantage of a flaw in ARDAgent, a component of Apple Remote Desktop, and allows malicious programs to execute code when run locally, or remotely as root.
Exploit.OSX.CVE-2003-0201 Low Exploit.OSX.CVE-2003-0201 is iAntiVirus detection for malicious code that exploits CVE-2003-0201 vulnerability. It exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8 and it is capable of exploiting Mac OS X PowerPC systems.
Exploit.OSX.CVE-2004-0430 Low Exploit.OSX.CVE-2004-0430 is iAntiVirus detection for malicious code that exploits CVE-2004-0430 vulnerability. It exploits a stack overflow in the AppleFileServer service found in Mac OS X.
Exploit.OSX.CVE-2004-0695 Low Exploit.OSX.CVE-2004-0695 is a proof of concept code that exploits a flaw in the FTP service for 4D WebSTAR 5.3.2 and earlier which allows remote attackers to execute arbitrary code via a long FTP command.
Exploit.OSX.CVE-2005-0043 Low Exploit.OSX.CVE-2005-0043 is a proof-of-concept code that exploits a security flaw in Apple iTunes 4.7 which allows remote attackers to execute arbitrary code via a long URL in .m3u or .pls playlist files.
Exploit.OSX.CVE-2006-0848 Low Exploit.OSX.CVE-2006-0848 is iAntiVirus detection for malicious code that exploits CVE-2006-0848 vulnerability. It exploit Safari’s “Safe file” feature which is a bug in Apple Mac OS X metadata handling.
Exploit.OSX.CVE-2007-0395 Low Exploit.OSX.CVE-2007-0395 is iAntiVirus detection for malicious code that exploits CVE-2007-0395 vulnerability. It exploits a command execution vulnerability found in Mail.app application and affects Mac OS X 10.5.0.
Exploit.OSX.CVE-2007-2446 Low Exploit.OSX.CVE-2007-2446 is iAntiVirus detection for malicious code that exploits CVE-2007-2446 vulnerability. It exploits LSA RPC service of the Samba daemon.
Exploit.OSX.CVE-2007-5863 Low Exploit.OSX.CVE-2007-5863 is iAntiVirus detection for malicious code that exploits CVE-2007-5863 vulnerability. It exploits the feature Distribution Packages used in Apple Software Update.
Exploit.OSX.Evasion.a Low Exploit.OSX.Evasion.a is a proof-of-concept code that exploits a known vulnerability in MAC OS X’s Java Virtual Machine. It allows malicious code to execute outside of the Java sandbox with the permissions of the executing user.
Exploit.OSX.Small High Exploit.OSX.Small is a proof-of-concept program that exploits Mac OS X’s /usr/bin/passwd.
Exploit.OSX.Smid.b Medium Exploit.OSX.Smid.b is an expolits that takes advantage of the CVE-2009-3867 vulnerability. It allows a remote attacker to execute arbitrary code.
Hacktool.MacOS.UGMPortScanner High Hacktool.MacOS.UGMPortScanner is designed to scan and list target machines open and active ports. This tool is designed to work only with classic Mac OS.
Hacktool.OSX.AimSniff Low Hacktool.OSX.AimSniff is a small utility tool designed to capture AIM user IP address running in Mac OS X.
Hacktool.OSX.BrutalGift High Hacktool.OSX.BrutalGift is a powerful ftp and pop3 brute force cracker designed to work in Mac OS X. It can scan and crack up to 500 connection at the same time. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.Cyanide Low Hacktool.OSX.Cyanide is a hacking tool with multiple featues such as email bomber, port attacker, IRC flooder bot, FTP brute force attacker and port scanner. This tool also has network utility functions such as ping, lookup, traceroute and whois. It can also protect itself by watching certain ports for possible attacks.
Hacktool.OSX.Heirophant High Hacktool.OSX.Heirophant is a network utility tool designed to work in Mac OS X. It is capable to scan websites for web links, scan and ping specific IP address for open ports, create remote connection through telnet, proxy tool, construct crafted strings and use it to perform port flooding attack over TCP protocol. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.iChatSniff High iChatSniff is a program that extracts iChat audio sessions from a pcap-formated packet dump. A malicious user is able to use this tool to eavesdrop on iChat audio sessions.
Hacktool.OSX.macKrack High macKrack is a freeware password cracker for Mac OS X. It supports Crypt, MD5, SHA-1 and Salted SHA-1 algorithms. It uses both dictionary and keyspace brute force attacks to recover passwords. The latest version supports the cracking of zip archive passwords.
Hacktool.OSX.MacSmurf High MacSmurf is a tool used to perform Denial of Service attacks on a network. It does this by sending a large volumes of ICMP echo requests, and broadcasting them to machines on the network. The attack can invisibly redirect the broadcast ICMP packet to a targetted host. This tool may also be used by some security analysts for penetration testing.
Hacktool.OSX.ManOfTheMiddle High ManOfTheMiddle is a tool used to perform man-in-the-middle attacks, allowing the user to monitor and potentially tamper with data flowing between 2 hosts. Although this tool can be used for malicious purposes, some security analysts legitimately use this tool to perform penetration testing.
Hacktool.OSX.SYNer Low Hacktool.OSX.SYNer is a malicious tool designed to perform SYN flood exploit in TCP protocol. This tool uses a series of spoofed SYN-tagged TCP packets to hide the attacker real identity. The attack attempts to overload the target network which causes it to stop accepting incoming connection.
Hacktool.OSX.UnderHand High Hacktool.OSX.UnderHand is a client-server program that can connect and communicate to its victims’ machine through its trojan server component. The trojan server has an option to run in hidden mode. Once the server is installed, the client can execute arbitrary shell command to the victims’ machine.
Hacktool.OSX.ZapAttack Medium Hacktool.OSX.ZapAttack is a hacker tooll design to perform denial of service attack. It has multiple features such as Mass Connector, Muti Flooder, Port Flooder, UDP Flooder, Port Scanner, Port Checker and IP Resolver. The amplification server is a component program usually installed to another machine. It aims to assist the attacker amplify the attack.
Perl.OSX.RSPlug.a High Perl.OSX.RSPlug.a is a malicious PERL script targeted for MAC users. It downloads and runs another malicious script in the victim’s computer.
Port-Flooder.OSX.Tsunami Low Port-Flooder.OSX.Tsunami is a small utility tool designed to remotely connect to a specific port, construct crafted packet and peform port flooding attack. The attacker can either use TCP or UDP protocol.
RogueAntiSpyware.OSX.Imunizator Medium RogueAntiSpyware.OSX.Imunizator is a rebranded version of RogueAntiSpyware.OSX.MacSweeper. This version contains exactly the same functionality and looks of MacSweeper except the name was changed to Imunizator. Rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces a download of the file/installation package.
RogueAntiSpyware.OSX.MacSweeper Medium RogueAntiSpyware.OSX.MacSweeper is a rogue application which uses deceptive sales and marketing techniques to get onto the users’ system. It poses no threat and it does not have the capability to propagate or spread itself. However, rogues usually arrive as an advertisement which redirects the user and forces to download file/installation package.
Rootkit.MacOS.Weapox High Rootkit.MacOS.Weapox is a kernel based rootkit designed to work on Mac OS X (both PowerPC and Intel-based) machines. This tool can execute a root shell, elevate processes euid to 0, hide specified ports from netstat and hide login info from w and who commands.
Trojan-PSW.OSX.Corpref.A High Trojan-PSW.OSX.Corpref.A is a password stealing Trojan masquerading as a poker game program. It targets Mac OS X users.
Trojan.MacOS.ChinaTalk High Trojan.MacOS.ChinaTalk is a destructive trojan which deletes all user directories. It usually arrives disguised as a MacinTalk sound driver. It’s code contains the following strings “A Phalcon/Skzm production”.
Trojan.MacOS.Nvp High Virus.MacOS.Nvp is a malicious trojan that disguises itself as an application called ‘New Look’ in order to get onto the user’s system. Once installed, this trojan modifies the system and prevents vowels from being entered using the keyboard. The malicious code contains strings, indicating the names of tha authors.
Trojan.MacOS.Tetracycle High Trojan.MacOS.Tetracycle is a malicious trojan secretly installed by Virus.MacOS.Mbdf.A.
Trojan.MacOS.Tweesh.a High Trojan.MacOS.Tweesh.a is a malicious trojan horse that may represent security risk for the compromised system.
Trojan.OSX.DNSChanger High Trojan.OSX.DNSChan is a malicious trojan that uses social engineering techniques to entice users to manually install the program. This trojan disguises itself as a video codec and associates itself with shared and free download videos. It was first seen and linked to porn sites but later it was also linked to funny videos. The mode of delivery of this trojan is typically via spam blogs (splogs), malicious banner Ads, poisoned Google search results and pay-per-install programs.
Trojan.OSX.DNSChanger.C High Trojan.OSX.DNSChanger.C is a malicious trojan that entices the user to download and manually install a fake video codec.
Trojan.OSX.DNSChanger.D High Trojan.OSX.DNSChanger.D is a trojan that entices users to download and install a fake video codec.
Trojan.OSX.DNSChanger.E High Trojan.OSX.DNSChanger.E is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.DNSChanger.F High Trojan.OSX.DNSChanger.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.HellRTS High Trojan.OSX.HellRTS has the capabilities to perform malicious backdoor routines, and is built using RealBasic.
Trojan.OSX.Lamzev.a High Trojan.OSX.Lamzev.a is a Trojan horse that opens a back door on the compromised computer.
Trojan.OSX.RSPlug.A High Trojan.OSX.RSPlug.A is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.B High Trojan.OSX.RSPlug.B is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.C High Trojan.OSX.RSPlug.C is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.D High Trojan.OSX.RSPlug.D is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.E High Trojan.OSX.RSPlug.E is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.F High Trojan.OSX.RSPlug.F is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.G High Trojan.OSX.RSPlug.G is a Trojan horse that modifies the Domain Name System (DNS) settings of the affected system.
Trojan.OSX.RSPlug.K High Trojan.OSX.RSPlug.K is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.M High Trojan.OSX.RSPlug.M is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.N High Trojan.OSX.RSPlug.N is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.O High Trojan.OSX.RSPlug.O is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.P High Trojan.OSX.RSPlug.P is a Trojan horse that changes the DNS settings on the compromised computer.
Trojan.OSX.RSPlug.Q High Trojan.OSX.RSPlug.Q is a Trojan horse that changes the DNS settings on the compromised computer.
Virus.MacOS.Anti High Virus.MacOS.Anti is self-replicating virus that infects application files on System 6.
Virus.MacOS.Cdef High Virus.MacOS.Cdef is a self-replicating virus which infects desktop files used by System 6. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow down and consequently crash.
Virus.MacOS.Code1 High Virus.MacOS.Code1 is a destructive virus which infects Mac OS classic system files and applications. This virus has known payload which renames the user’s infected hard drive to Trent Saburo on the 31st of October of every year.
Virus.MacOS.Code252 High Virus.MacOS.Code252 also known as D-Day Virus is a malicious program that infects Mac OS classic system files and applications. It carries a non-destructive payload where it can perform certain tasks like displaying a text message, opening a window or even removing itself. This payload is triggered every 6th of June and 31st of December. Strings indicate a message will be displayed when the payload is activated “Ha Ha Ha Ha Ha Ha Ha You have a virus Now erasing all disk! P.S. Have a nice day (Click to continue!)”.
Virus.MacOS.Code32767 High Virus.MacOS.Code32767 is a malicious program that infects files found on Mac OS system classic. This virus was named Code32767 because it modifies the infected file to point to its malicious code which is at code 32767.
Virus.MacOS.Code9811 High Virus.MacOS.Code9811 is malicious program which infects ‘APPL’ type applications found on Mac OS classic. This virus carries a non-destructive payload where it draws a worm all over the users’ screen at a specific time and date. Code indicates that this virus will display this message “You have been hacked by Praetorians!”.
Virus.MacOS.Flag High Virus.MacOS.Flag is a self-replicating virus that infects application files on Mac OS classic.
Virus.MacOS.Init17 High Virus.MacOS.Init17 is a destructive virus that infects Mac OS classic system and application files. The virus resides in INIT 17 resources.
Virus.MacOS.Init1984 High Virus.MacOS.Init1984 is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload where it attempts to rename all files to random names and also change file information on every Friday which falls on the 13th day of any month.
Virus.MacOS.Init29 High Virus.MacOS.Init29 is a destructive virus which tries to infect Mac OS classic systems, applications and data files by adding or overwriting the INIT 29 resource.
Virus.MacOS.Init666 High Virus.MacOS.Init666 is a destructive virus that infects classic Mac OS system and application files.
Virus.MacOS.Init9403 High Virus.MacOS.Init9403 is a destructive virus that infects classic Mac OS system applications and the Finder. Upon execution, this virus creates a file named “Preferenze” in the Extensions folder. This allows the virus to execute at every system start up. After a certain number of infections, it overwrites the startup volume and disk information.
Virus.MacOS.InitM High Virus.MacOS.InitM is a destructive virus that infects all .INIT files found on Mac OS classic. This virus carries a destructive payload whicht attempts to rename all files and folders to random names and changes file creation and modification dates to January 1, 1904.
Virus.MacOS.Mbdf High Virus.MacOS.Mbdf is a destructive virus that infects classic Mac OS system files and applications such as Finder. This virus does not have a malicious payload, instead it searches for system files and appends MBDF resources with IDs of 0 and 1. The infection takes time to infect all system files, but the machine will start to show non-responsive behaviour which subsequently resolves to a forced restart. This action will damage system files, and the only solution is to reinstall the affected files. This virus was first seen on the internet associated with shareware games such as “Ten Tile Puzzle” and “Obnoxious Tetris”.
Virus.MacOS.Mdef High Virus.MacOS.Mdef is a self-replicating virus that infects classic Mac OS files. It does not have a malicious or destructive payload, instead it infects macintosh resources that is responsible for drawing menus. The infected machine will start to show non-responsive behaviour once a pull down menu is clicked.
Virus.MacOS.Nvir High Virus.MacOS.Nvir is a destructive virus which infects classic Mac OS system files and applications such as Finder. The infection causes system slow down, hangs and crashes.
Virus.MacOS.Scores High Virus.MacOS.Scores is a malicious program that infects Mac OS classic system files and applications, specifically Notepad and Scrapbook. After a number of infections, this virus will start infecting any application when it is opened. The infection causes the system slowdowns and crashes.
Virus.MacOS.Sevendust High Virus.MacOS.Sevendust is a self-replicating virus that infects classic Mac OS applications and system files. Some variant of this virus carries a non-destructive payload where it attempts to delete all non-executable application from the StartupItems during a specific time and day of the month. It appends MDEF resource to all infected application and INIT resource for the system files.
Virus.MacOS.T4 High Virus.MacOS.T4 is a destructive virus that infects System 7 system files, applications and the Finder. The infection causes system slowdowns and crashes. After a certain number of infections, the payload will display this message “Application is infected with the T4 virus”.
Virus.MacOS.Wdef High Virus.MacOS.Wdef is a self-replicating virus that infects desktop files used by the System 6 Finder. Although this virus does not have any destructive payload, the infection can affect the system causing it to slow and consequently crash.
Virus.MacOS.Zuc High Virus.MacOS.Zuc is a self-replicating virus that infects application files in classic Mac OS. This virus carries an annoying payload where the cursor will display unusual behaviour after a certain period of time of infection.
Virus.OSX.Leap High Virus.OSX.Leap is an instant messaging worm which propagates via the iChat application, and also a destructive virus which tries to infect other binary files by overwriting their code. This malware was designed to work on Mac OS X running on PowerPC machines.
Worm.iPhoneOS.Ikee.b High Worm.iPhoneOS.Ikee.b is a worm that spreads through jailbroken iPhones by using the default SSH password. It steals sensitive information on the compromised device and has the capability to connect to a BotNet server.
Worm.MacOS.Autostart High Worm.MacOS.Autostart is a malicious worm that propagates by infecting the boot sector of removable volumes. Some variants of this worm drop a file named DB on the infected removable media and make a copy of themselves named Desktop Print Spooler in the Extentions folder, allowing it automatically run during system startup. This worm was designed to work on classic Mac OS (PowerPC).
Worm.OSX.Inqtana High Worm.OSX.Inqtana is a proof-of-concept worm that exploits a Mac OS X BlueTooth Directory Traversal Vulnerability.
Worm.OSX.Renepo High Worm.OSX.Renepo is also known as “Opener”. This is a malicious bash shell script design to work on Mac OS X. This worm installs and copies itself to StartupItems. It then disables the built-in OSX firewall, prevents Apple updates and disables accounting applications. It can also turn on services and gathers detailed user information pasword hashes, user name from netinfo, keychain files and system configuration information. It also modifies limewire settings, deletes log files, creates an additional admin user, creates cron jobs and more. It also connects to the infernet to download hacktools such as John The Ripper and Dsniff. This worm propagates by dropping a copy of itself to shared folders.
Worm.OSX.Tored.a High Worm.OSX.Tored.a is a MAC OSX worm written in RealBasic which attempts to spread via email and network shares. It also opens a backdoor on the compromised computer.
Quick Links for Windows® Are you looking for spyware protection?   |   Free antivirus for Windows?  |   Or a free personal firewall?  |   Or a registry cleaner?  |   Or behavioral antivirus?
About  |   Features  |   Screenshots  |   Free Download  |   Purchase  |   Lost code  |   Forum  |   Threats  |   FAQ  |   Contact Copyright © 2008 PC Tools. All rights reserved
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: