Thursday, August 27, 2009

A Primer on Trojan Horses and Their Aliases

There actually is a standard naming system for malware. But very few anti-malware developers care. Therefore, we end up with a bunch of names for exactly the same malware. The CNET POS article mentioned previously, not worth reading HERE, demonstrates the problem. Here are some translations. I list the standard name first, then the extraneous names after:

The Trojan.OSX.RSPlug series is aka "DNSChanger" and "Jahlav" and "Puter".

Trojan.OSX.Lamzev is aka "Malez"

Trojan.OSX.PokerStealer is aka "Corpref"

The Trojan.OSX.iServices series is the fourth current Trojan type for Mac OS X. I'm unaware of any aliases so far.

Scan backward through my previous posts for coverage on each of these Trojans.

Count with me!

As of today:
  • The RSPlug series has variants A through P. That equals 16 variants. (When I checked last week there were 13 variants, so some mean old crackers have been very busy).
  • The Lamzev Trojan has no variants. Add 1.
  • The iServices series has variants A through C. That equals 3 variants. (The C variant is recent).
  • The PokerStealer Trojan has no variants. Add 1.

Count them all together and what do we got?

The number 21!
That's 21 Trojans!


I am using the iAntiVirus Threat Database maintained by PC Tools as my source. Their list of Mac malware has flaws, but at least they have one. Who else bothers? Certainly not Intego! (Ahem! hint! hint!)

Just for comparison: I was hanging out at the ClamXav forum yesterday and someone pointed out that as of June there were 574,043 malware signatures in ClamAV. Let's see... take away 21... that's somewhere around 574,022 Windows malware in the wild. A little more math and that comes to 1 Mac OS X malware for every 27,334 Windows malware. Wait! Wait! What was that?!

1 : 27,334!

So who was the dope who thought up that 'security by obscurity' myth?
I don't think so.

No comments:

Post a Comment