Mikey Campbell
The trojan, identified as Trojan-Dropper:OSX/Revir.A, opens a botnet backdoor by tricking the user into downloading and opening a Chinese language PDF file while it installs itself in the background, according to security researchers at F-Secure.
The command-and-control center of the trojan is currently a bare Apache installation that has been sitting dormant at its domain since May and is not yet capable of communicating with any backdoors. This has led researchers to believe that they have found a malware in the making.
Trojans typically mask themselves as a PDF and infect systems while the user is busy opening the file. But researchers believe that this particular sample may be stealthier than usual malware.
The new trojan differs from most Windows PDF malware in that it arrived to researchers without the usual "pdf.exe" extension or icon. Researchers note that because extension and icon data are stored and displayed differently on Macs, this sample could be more difficult to detect than Windows counterparts, as it can adopt any extension desired.
The technique of using a PDF file as a ruse for the propagation of malware has been a mainly Windows problem in the past, remaining a minimal threat to Mac users.
It is unclear how this malware is spreading, but researchers believe that the most likely mode of circulation is via e-mail attachment. The researchers suggested the author of the trojan could simply be "testing the water" to see if their creation is identified by various antivirus applications.
Christine McKee
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Andrew Orr
Amber Neely
William Gallagher
57 Comments
Remember to turn off those "Automatically Open when Finished Downloading" options in Safari, Firefox, Chrome, IE.
That goes for all three major OSs.
(Also, start Windows, MacOS, Linux feuds based on Malware misconceptions on everyone's parts.)
I'm not even going to bother to get into any PC vs Mac virus debate, but I will say that I am glad that I don't have to run any virus program on my Macs.
As for this malware mentioned in the article, if it's delivered by an email attachment, then I'd say that the main people who are most at risk of getting it are stupid people. No OS is secure enough to protect morons from their own stupidity.
I also think that in certain cases, the death penalty would be an appropriate punishment for criminals behind email spam, malware and viruses.
THIS IS NOT A VIRUS!
This is a Trojan Horse. That's a different animal. You can see a Trojan Horse ? albeit in its disguise of course ? and it requires to be opened/started by YOU to become active!
A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.
There are no viruses for OSX (yet).
So antivirus software for OSX is a crock.
There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!
don't download and install things from non-official sites got it. You think they should teach common internet protocols at schools. I mean last i checked (in california) there is still a year requirement of a computer class, such as learning to type as well as one other computer elective. They really need to start informing people on good computer usage. It's a good skill to have today.
don't download and install things from non-official sites got it. You think they should teach common internet protocols at schools. I mean last i checked (in california) there is still a year requirement of a computer class, such as learning to type as well as one other computer elective. They really need to start informing people on good computer usage. It's a good skill to have today.
That's not how this one would be delivered, if there was anything taking advantage of it. There isn't (yet) according to articles. Since this one can spoof any type of file, not just a PDF, simply use common sense. If you get an email with an attachment, perhaps an image file/picture or excel file, from someone that you don't know, or even an unexpected one from someone you might, just don't open it. Simple.