Comments on: Updates on OSX/Tsunami.A, a Mac OS X Trojan http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Pierre-Marc Bureau http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/#comment-3677 Wed, 02 Nov 2011 01:56:50 +0000 http://blog.eset.com/?p=10078#comment-3677 Hi Sean,
Since there are no clear indication in the code of OSX/Tsunami that this threat is installed by an exploit (PHP or other) and since we haven't found any dropper / installer for this threat so far, we can only make assumptions on the infection vector.
Thanks for your comment and have a good evening.

]]>
By: Gene Norris http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/#comment-3676 Tue, 01 Nov 2011 20:29:58 +0000 http://blog.eset.com/?p=10078#comment-3676 I found & re'd the plist but didn't have the logind file.  Mac OS 10.7.2, Mac Pro.

]]>
By: David Harley http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/#comment-3675 Tue, 01 Nov 2011 08:07:00 +0000 http://blog.eset.com/?p=10078#comment-3675 Hi, Sean. That’s a reasonable assumption, but it is an assumption. :)

]]>
By: Sean Sullivan http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/#comment-3674 Mon, 31 Oct 2011 13:54:06 +0000 http://blog.eset.com/?p=10078#comment-3674 Hello Pierre-Marc,
If this bot is a port from Linux, why not assume the same infection vector as for Linux? PHP exploits.
ISC Diary from 2005: "kaiten" bot in some of the recent php exploits

]]>
By: Bob http://www.welivesecurity.com/2011/10/26/updates-on-osxtsunami-a-a-mac-os-x-trojan/#comment-3673 Thu, 27 Oct 2011 17:04:46 +0000 http://blog.eset.com/?p=10078#comment-3673 Will Little Snitch prevent these sorts of malware, or are they robust enough to create a rule in LS to allow themselves access to their desired destination??

]]>