MAAS History
Archives

Entries by drStrangeP0rk (171)

Thursday
Jul022009

RSPlug.M Variant of Old Mac Trojan

Currently it has been reported that this Trojan is making it way across the Web hiding on music sites offering music from such artist as 2Pac. Common names of links include "Fast Mp3 Music Downloader" and "MacCinema" and a host of others listed in earlier post which offer to install codecs but instead will install RSPlug.M. Users should not install any kind of video codec or software for that matter which the source is not certified as trusted either by the organization or independent verification. 

Wednesday
Jul012009

Firefox 3.5 Speed Up and New Privacy Browser Mode

Firefox 3.5 has significant improvements in speed especially when it comes to handling JavaScript heavy pages. This now puts it on par with Safari 4.0, in my case it performs better. The major security improvements includes a safe browser mode which does not store history, cookies, temp files and other information related to your browser session. There is also the addition of the Origin header for their Content Security Policy (CSP). This is an attempt to prevent drive-by-downloads and limit the threat of Cross Site Scripting (XSS). For more information connect to the reference on the Mozilla Security Blog.

Tuesday
Jun232009

Trojan Jahkav-C, more to come?

Similar to the way in which users are enticedto install helper applications on the PC, Mac users who visit sites that deliver porn, such as PornTube(which should be on your black list), may get more then they bargain for. The downloaded Trojan hasnames such as HDTVPlayer3.5.dmg, VideoCodec.dmg, macTubePlayer.dmg. This is not self replicating, the user is the defense and it contacts the attacker. When installing applications from the Web users should make sure they trust the source, especially if they need to provide their admin(root) password. Checking the hash (MD5 and SHA) can go a long way as well in ensuring that the file recieved is the intended file.

The Trojan works by using a Perl script that communicates over http allowing the infected computer to exchange data with the attacker. Users may also find a malicious shell scriptsAdobeFlash in the /Library/Internet Plug-Ins. This is a variant of OSX.RSPlug, OSX/Puper and OSX/Jahlav. 

Tuesday
Jun232009

Thunderbird 2.0.0.22

Issues have been fixed in Thinderbird including arbitrary code execution, SSL tampering, memory corruption and same-origin violations when Flash loads. Some of these issues also affected Firefox and were fixed in version 3.0.11. If you or your organization is using Thunderbird as your mail application install update 2.0.0.22.

http://www.mozillamessaging.com/en-US/thunderbird/2.0.0.22/releasenotes/

Thursday
Jun182009

IPhone OS 3.0

Apple has released the latest iPhone OS to address many vulnerabilities which can allow an attacker to cause a DoS, compromise integrity, compromise confidentiality, conduct cross site scripting attacks and execute arbitrary code. iPhone users should apply the patch immediately.