From NAI - MacOS/MW2004

Risk Assessment : Low

Trojan Information

Discovery Date: 05/13/2004
Origin: Unknown
Length: 104,989 bytes
Type: Trojan
SubType: Macintosh
Minimum DAT: 4362 (05/19/2004)
Updated DAT: 4371 (06/30/2004)
Minimum Engine: 4.2.40
Description Added: 05/13/2004
Description Modified: 05/18/2004 7:02 PM (PT)

Trojan Characteristics:

This trojan was distributed in a file called “Microsoft Word 2004 OSX Web Install”, hence the name. (Note – the name can be easily changed and alone can be an indicator of neither malware presence nor absence).

The trojan contains a short malicious OS-X script (unix script, in fact). When run the program executes this malicious script which performs a recursive deletion of all the files belonging to the current user. This deletes the trojan file too.
It is a simple trojan of “bang-you-are-dead” type and it is not using any vulnerabilities in mac os-X.

This trojan is not a threat on any Macintosh computers running OS Version 9 or below.

Symptoms

The trojan file carries the following icon:

Finder reports:

Microsoft Word 2004 OSX
Application
108 kb on disk (104,989 bytes)

This entry was posted on Saturday, January 21st, 2006 at 8:38 am and is filed under OS X Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.