Monday, February 28, 2011
New Baby Trojan: Trojan.OSX.MusMinim.a
aka Blackhole RAT
(aka darkComet, aka MusMinim)
But of course it has a bunch of other names, in keeping with the chaotic nature of the computer security community, which has agreed upon a malware naming convention but rarely bothers with it because of the vast array of competitive egos in the business as well as a general lack of professionalism. As for me, I'm going to use its proper name, I expect Intego also will, and I hope you will too.
[Update: Intego are only calling the Trojan 'Black Hole RAT'. Sigh.... But at least Intego have indicated this is only a hacking tool, (as is the 'Hellraiser' malware), not much of a threat. You can read their analysis HERE. Intego point out a further description of the Trojan HERE.]
Sophos provide their take onTrojan.OSX.MusMinim.a in this article:
Mac OS X backdoor Trojan, now in beta?
RAT stands for Remote Administration Tool, (NOT 'Remote Access Trojan' as Sophos calls it; Thank you to Intego for the correction). In other words it creates a back door into the infected computer. Because it is strictly a Trojan horse (as is technically all Mac malware at this point in time), it requires user failure in order to be installed.
Therefore, the Number 2 Rule of Computing:
Always verify the validity of software you install.
And what is the Number 1 Rule of Computing?
Always make a backup.
That way you always have a fall back in case your machine becomes infected or dies.
I'll be writing more about Trojan.OSX.MusMinim.a in an upcoming summary of the 28 current Mac OS X malware.