Tuesday, December 2, 2008

Trojan OSX.Lamzev.A

As of last week, Mac OS X has a second piece of malware. It is a Trojan horse officially called OSX.Lamzev.A. (It is also erroneously known as OSX.TrojanKit.Malez).

Detection and removal of this malware is built into the latest versions of the FREEWARE anti-malware programs ClamXav and iAnti-Virus.

So what is the strategy this time? To quote ZDNet:
OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor.
. . .
Other antivirus vendors noted that Lamzev could be disguised as a piece of legitimate software and used to trick users into creating the backdoor themselves.
Theoretically, this will become another piece of social engineering / wetware error malware where the user is tricked into installing it. Therefore, as usual, always verify that anything you install is legitimate software. Check it out at any of the well known shareware distribution sites like VersionTracker.com, MacUpdate.com, TuCows.com or MajorGeeks.com. All of these sites have human users and reviewers who can tell you what's legitimate. If you can't verify an application, don't install it! Also, if you want to be extra safe, work only inside a 'Standard' Mac OS X account, not an Administrator account.

I'm going to keep an eye on this Trojan to see what damage it can do. If it is a true 'backdoor' to Mac OS X, a cracker can do anything they like with your Mac. We'll see with time if this becomes a problem. For now, the anti-malware distributors consider it only a minor threat. Just run your usual FREEWARE anti-malware apps once a week, at least, to clean it out if somehow you've installed it.

No comments:

Post a Comment