Welcome to BrightSite by bright.net Internet Services
bright.net Anti-Virus Page
Navigation
Recent Entries
¤ "Fake Antivirus" - Removal Tool Now Available
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
Links
Antivirus Programs
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
Virus News
OSX/Leap (Mac OS X)
OSX/Leap is an instant messaging worm propagating via iChat on PowerPC-based machines running Mac OS X.
It sends itself to people on the user's buddy list in the form of a .tgz archive (which is stored locally in the /tmp folder). It will likely be received as:
* latestpics.tgz
Within the .tgz archive, the worm masquerades as a JPEG image.
Symptoms
Applications may fail to run correctly, as the hook installed by the worm fails to correctly return control to the hooked process due to incorrectly written code.
Method Of Infection
The worm loads an apphook into the local system library, which will then be injected into the address spaces of processes as they load. This will then hook to the virus code which will attempt to send out copies of the worm.
The file being distributed is called "latestpics.tgz" , having a filesize of 40.893 bytes decimal. Inside this file are 2 other files embedded:
* "._latestpics " , filesize 43.694 bytes decimal
* "latestpics " , filesize 39.596 bytes decimal
The first file ._latestpics is used to create a fake jpeg icon. The file latestpics is the malicious file.
It attempts to masquerade as a jpeg image file to trick the user into executing it.
Leap requires user interaction in order to infect a machine, as the user receiving an instant message containing the worm will have to extract the executable from the archive and then run as admin. When run, it appears immediately that it is not a harmless jpeg file but in fact a malicious binary file. It runs in command/shell mode calling a terminal session for it to execute. The default message "Welcome to Darwin! " can be seen.
It tries to copy itself to the /tmp directory and creates the "apphook.bundle" Input Manager.
Once done, at the bottom of the command/shell mode terminal some more visual info appears:
* ;exit
* logout
* [Process completed]
NOTE: This virus only affects systems running Mac OS X and requires users to enter their system's Admin password. User's should be cautious of any file/program that requires this password to be entered.
It sends itself to people on the user's buddy list in the form of a .tgz archive (which is stored locally in the /tmp folder). It will likely be received as:
* latestpics.tgz
Within the .tgz archive, the worm masquerades as a JPEG image.
Symptoms
Applications may fail to run correctly, as the hook installed by the worm fails to correctly return control to the hooked process due to incorrectly written code.
Method Of Infection
The worm loads an apphook into the local system library, which will then be injected into the address spaces of processes as they load. This will then hook to the virus code which will attempt to send out copies of the worm.
The file being distributed is called "latestpics.tgz" , having a filesize of 40.893 bytes decimal. Inside this file are 2 other files embedded:
* "._latestpics " , filesize 43.694 bytes decimal
* "latestpics " , filesize 39.596 bytes decimal
The first file ._latestpics is used to create a fake jpeg icon. The file latestpics is the malicious file.
It attempts to masquerade as a jpeg image file to trick the user into executing it.
Leap requires user interaction in order to infect a machine, as the user receiving an instant message containing the worm will have to extract the executable from the archive and then run as admin. When run, it appears immediately that it is not a harmless jpeg file but in fact a malicious binary file. It runs in command/shell mode calling a terminal session for it to execute. The default message "Welcome to Darwin! " can be seen.
It tries to copy itself to the /tmp directory and creates the "apphook.bundle" Input Manager.
Once done, at the bottom of the command/shell mode terminal some more visual info appears:
* ;exit
* logout
* [Process completed]
NOTE: This virus only affects systems running Mac OS X and requires users to enter their system's Admin password. User's should be cautious of any file/program that requires this password to be entered.
February 17th, 2006
bright.net does not support nor endorse these programs but have found some of them helpful. Many of the programs and links found on this page are for third-party applications and are to be used at your own risk. Should you encounter problems with the tools, you may need to consult a computer technician for further assistance.