Threat Encyclopedia

OSX_LOSEGAM.A

Malware type: Others

Aliases: No Alias Found

In the wild: Yes

Destructive: Yes

Language: English

Platform: Mac OS X

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

High

Distribution potential:

Low

Description: 

This malware uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it is bundled as a gaming application.

OSX_LOSEGAM.A Behavior Diagram

Malware Overview

This malware may be downloaded from certain remote sites.

It arrives as a MacOS X application bundle. This package contains a malicious executable file contained in the MacOS directory detected as OSX_LOSEGAM.A.

This malicious Mac OS X application is a game called Lose/Lose. Lose/Lose is a game with real life consequences. Each alien in the game is created based on a random file on the player's computer. If the player kills the alien, the file it is based on is deleted. If the players ship is destroyed, the application itself is deleted.

For additional information about this threat, see:

Description created: Oct. 27, 2009 6:02:44 AM GMT -0800


TECHNICAL DETAILS


File type: Other

Memory resident:  Yes

Size of malware: 3,691,880 Bytes

Initial samples received on: Oct 26, 2009

Payload 1: Deletes files

Details:

This malware may be downloaded from the following remote site:

  • http://www.{BLOCKED}fj.net/art/2009/loselose/loselose.zip

It also arrives as a MacOS X application bundle.

This package contains a malicious executable file contained in the MacOS folder detected as OSX_LOSEGAM.A.

This malicious Mac OS X application is a game called Lose/Lose. Lose/Lose is a game with real life consequences. Each alien in the game is created based on a random file on the players computer. If the player kills the alien, the file it is based on is deleted. If the players ship is destroyed, the application itself is deleted.

It runs on Mac OS X.

Analysis By: Jasper Manuel


SOLUTION


Minimum scan engine version needed: 8.900

Pattern file needed: 6.581.00

Pattern release date: Oct 28, 2009


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

 Step 1: Scan your computer with your Trend Micro product to delete files detected as OSX_LOSEGAM.A

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.




Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories

Connect with us on