hey_moe
June 1st, 2010, 16:24
Mac security firm Intego has issued a warning about a Mac twist on a two-year-old Windows spyware app that sends a variety of potentially sensitive information to external servers. Dubbed "OSX/OpinionSpy," the spyware is installed along with a number of widely available third-party Mac OS X screensaver modules, as well as with at least one shareware tool to strip audio tracks from Flash videos.
OSXOpinionSpy, aka PremierOpinion, claims in some cases to be a tool to help collect browsing habits for "market research," while in other cases it installs without any notification. The application runs in the background with root permissions, opening an HTTP backdoor. It scans any attached volumes, sending encrypted information to a number of servers, and can also examine packets coming and going from an infected Mac, potentially grabbing information from other computers on a local network. Finally, it injects code into running versions of Safari, Firefox and iChat, sending a variety of information—e-mail addresses, iChat message headers and URLs, as well as other data—back to command servers.
Intego warns that, given the scope of data that the application collects, it could include a variety of sensitive information. "This data may include personal data, such as user names, passwords, credit card numbers, web browser bookmarks, history and much more," according to a statement released by Intego.
The spyware is downloaded and installed by the installers for MishInc FLV To Mp3, as well as a few dozen screensaver modules made by 7art-screensavers. All of these also appear on common Mac OS X shareware sites like MacUpdate and Softpedia.
Removing the original application won't remove the spyware; Intego's VirusBarrier has been updated to identify and remove it, however. Your safest course of action is to be cautious when installing software from unknown sources. Aside from healthy skepticism, though, an up-to-date malware scanner may be the only tool that can protect you from such spyware that masquerades as legitimate software. As the Mac platform increases in popularity, such malware has the potential to become more widespread. SOURCE : ARSTECHNICA
OSXOpinionSpy, aka PremierOpinion, claims in some cases to be a tool to help collect browsing habits for "market research," while in other cases it installs without any notification. The application runs in the background with root permissions, opening an HTTP backdoor. It scans any attached volumes, sending encrypted information to a number of servers, and can also examine packets coming and going from an infected Mac, potentially grabbing information from other computers on a local network. Finally, it injects code into running versions of Safari, Firefox and iChat, sending a variety of information—e-mail addresses, iChat message headers and URLs, as well as other data—back to command servers.
Intego warns that, given the scope of data that the application collects, it could include a variety of sensitive information. "This data may include personal data, such as user names, passwords, credit card numbers, web browser bookmarks, history and much more," according to a statement released by Intego.
The spyware is downloaded and installed by the installers for MishInc FLV To Mp3, as well as a few dozen screensaver modules made by 7art-screensavers. All of these also appear on common Mac OS X shareware sites like MacUpdate and Softpedia.
Removing the original application won't remove the spyware; Intego's VirusBarrier has been updated to identify and remove it, however. Your safest course of action is to be cautious when installing software from unknown sources. Aside from healthy skepticism, though, an up-to-date malware scanner may be the only tool that can protect you from such spyware that masquerades as legitimate software. As the Mac platform increases in popularity, such malware has the potential to become more widespread. SOURCE : ARSTECHNICA