Apple OS X plagued by another Trojan Virus

Apple have been hit yet again by a virus, perhaps engineered by Samsung to get back at Apple for all its patent trolling? This Trojan Horse virus attacks Apple’s Mac platform by bypassing user permissions. The virus is called “Crisis” and has been specifically engineered to make the detection and analysis of itself incredibly difficult for security experts and security programs.

The security firm Intengo have stressed a lot of awareness is required by Mac OS X users as this particular Trojan Horse can download and install itself all without any user interaction or indicators. Crisis has been tracked, back to the IP address of 176.58.100.37 (A UK IP address hosted by Linode.com), which it then calls back to every five minutes for instructions.

For those who stick to the latest version of OS X you may not have had a lucky escape since the “Crisis” virus affects the OS X 10.6 and OS X 10.7 operating systems. Crisis can install and run itself without the need for the user to enter in their password. It’s also resistant to reboots, and will run until it is detected and removed.

If Crisis is installed onto a Mac OS X user account it will install additional programs in order to hide itself. Crisis will install the following files:

/Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

When Crisis has root access, it installs two additional files:

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server

and

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/

*insert Apple Mac’s can run Crisis pun here*

Source