Apple OSX.LEAP.B virus

  • Thread starter Thread starter Tom Emmelot
  • Start date Start date
T

Tom Emmelot

Hi,

On:

http://members.chello.nl/t.emmelot/

My full story about the Apple OSX.LEAP.B infection!

Hope that somebody give some rumor about this, so that people that got
also a infection can get rid of it!

We helped to clear 4 infections so far, but there must be many more!!

Take out the battery and do a full wipe on the MAC is the only way to
get rid of it!

Regards >*< TOM >*<
 
omg! apple getting a virus? this is unheard of! whats next it will now need
a virus protection too-
tsk tsk
See they say - Nothing is ever perfect
thanks tom
robin
 
Viruses are not new for Macs, but there have been very few in the last 5
years or so, and none widespread.

Do you think your original infection came in via Apple's update service, as
the stuff in that document claims?

When did this start?
 
that is because the mac is not as popular as the pc
and most large businesses do not have macs
why would a hacker want to hit a small business that has macs?
they would not get very much notoriaty. they would not be blasted all over
the tv, radio, internet
Now if they hacked into IBM or Microsoft or the Pentigon, then they would
get the hooha that they want.
If macs every became used as much as the pc is, then Mac would be as
vunerable as the pc is now
Until Macs come down in price, you will not see this.
also people do not like change.
If you buy a Mac you have to learn an entire OS and most people do not have
the time nor the patience to do this.
robin
 
Hi Bill,

Yes it came with Apple Update.
I think the server or the files on the server where infected for a short
period, the same on the Adobe update server.
The Virus was already known by Apple and there was a intern Memo that
describe the wiping of the virus of the HDD but the battery story that
was my idea!
That the virus could do so match on the server (MS 2003 SP2)Symantec Av
version 10 Running on it.
Was a horror some day's!

Regards >*< TOM >*<


Bill Sanderson schreef:
 
Here's the Readme.txt for the exploit:

http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
..:: DESCRIPTION

ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations
by injecting fake updates.

* How does it work?

It works with modules, each module implements the structure needed to emulate a false update of
specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.
Click to expand...

So far, these are the "implemeted modules" that are vulnerable:
Implemented modules:
-------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit
Click to expand...

So, a Windows User with iTunes installed *may* still be vulnerable IF
they have not installed last month's DNS update, KB951978:

MS08-037: Description of the security update for DNS in Windows Server
2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008
http://support.microsoft.com/kb/951748

Apple had to rerelase it's update for the DNS vulnerability because the
first one did *not* mitigate the vulnerability.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
 
Hi Steve,


Thanks for this info!


Kind Regards >*< TOM >*<


Steve Wechsler [MVP] schreef:
Here's the Readme.txt for the exploit:

http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
..:: DESCRIPTION

ISR-evilgrade: is a modular framework that allow us to take advantage
of poor upgrade implementations
by injecting fake updates.

* How does it work?
It works with modules, each module implements the structure needed to
emulate a false update of specific applications/systems. Evilgrade
needs the manipulation of the victim dns traffic.
Click to expand...

So far, these are the "implemeted modules" that are vulnerable:
Implemented modules:
-------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit
Click to expand...

So, a Windows User with iTunes installed *may* still be vulnerable IF
they have not installed last month's DNS update, KB951978:

MS08-037: Description of the security update for DNS in Windows Server
2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008
http://support.microsoft.com/kb/951748

Apple had to rerelase it's update for the DNS vulnerability because the
first one did *not* mitigate the vulnerability.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============


Tom said:
Hi Bill,

Yes it came with Apple Update.
I think the server or the files on the server where infected for a
short period, the same on the Adobe update server.
The Virus was already known by Apple and there was a intern Memo that
describe the wiping of the virus of the HDD but the battery story that
was my idea!
That the virus could do so match on the server (MS 2003 SP2)Symantec
Av version 10 Running on it.
Was a horror some day's!

Regards >*< TOM >*<


Bill Sanderson schreef:
Click to expand...
Click to expand...
 
Back
Top