My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Application.OSX.Cosmac.A

VERY LOW
VERY LOW
aprox 45Kb
(OSX/Cosmac.a)

Symptoms

     Random opened webpages without user interaction.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel RADU, Senior Virus Researcher

Technical Description:

     Application is a proof-of-concept designed to show new ways to attack MacOSX.

     File is copied in "/Library/InputManagers/" . This is used to deploy input servers for use with the Cocoa text input management system. Once copied in that directory it will be loaded by all newly created processes.

    Once loaded it tires to create a file "/tmp/macrocosm" and set it's attributes as executable. If file is already present it means that it is already started and thus return to host.

    It opens a random (harmless) internet webpage from a predefined list containing:
      * http://www.digitalmunition.com;
      * http://www.symantec.com/nav/nav_mac;
      * http://www.sophos.com/products/es/endpoint/sav-mac.html;
      * http://www.intego.com/virusbarrier;
      * http://www.clamxav.com;
      * http://www.mcafee.com/enterprise/products/anti_virus/file_servers_desktops/virex.htm;
      * http://docs.info.apple.com/article.html?artnum=61798;
      * http://www.securityfocus.com.