Monday, February 28, 2011

New Baby Trojan: Trojan.OSX.MusMinim.a
aka Blackhole RAT
(aka darkComet, aka MusMinim)

A new baby Trojan has arrived on the Mac OS X platform, as discovered by Sophos. It is the 28th currently known active malware for Mac OS X (according to my counting). Transforming the Sophos name for the Trojan into the proper naming convention, its official name is 'supposed' to be:

Trojan.OSX.MusMinim.a

But of course it has a bunch of other names, in keeping with the chaotic nature of the computer security community, which has agreed upon a malware naming convention but rarely bothers with it because of the vast array of competitive egos in the business as well as a general lack of professionalism. As for me, I'm going to use its proper name, I expect Intego also will, and I hope you will too.

[Update: Intego are only calling the Trojan 'Black Hole RAT'. Sigh.... But at least Intego have indicated this is only a hacking tool, (as is the 'Hellraiser' malware), not much of a threat. You can read their analysis HERE. Intego point out a further description of the Trojan HERE.]

Sophos provide their take onTrojan.OSX.MusMinim.a in this article:

Mac OS X backdoor Trojan, now in beta?

RAT stands for Remote Administration Tool, (NOT 'Remote Access Trojan' as Sophos calls it; Thank you to Intego for the correction). In other words it creates a back door into the infected computer. Because it is strictly a Trojan horse (as is technically all Mac malware at this point in time), it requires user failure in order to be installed.

Therefore, the Number 2 Rule of Computing:

Always verify the validity of software you install.

And what is the Number 1 Rule of Computing?

Always make a backup.

That way you always have a fall back in case your machine becomes infected or dies.

I'll be writing more about Trojan.OSX.MusMinim.a in an upcoming summary of the 28 current Mac OS X malware.
--