Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

OSX_MUSMINIM.A

ANALYSIS BY

Karl Dominguez


PLATFORM:

Mac OS X

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Backdoor

  • Destructiveness:No

  • Encrypted: No

  • In the wild: Yes

OVERVIEW


This backdoor is noteworthy because this is the new and currently under development remote administration tool (RAT) for MAC OS X platforms.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This OSX malware has a Windows counterpart, which Trend Micro detected as BKDR_MUSMINIM.A.

This is a remote administration tool (RAT) that has specific capabilities.

This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

TECHNICAL DETAILS

File Size:

Varies

File Type:

Other

Memory Resident:

Yes

Initial Samples Received Date:

26 Feb 2011

Payload:

Compromises system security, Displays a fake graphical user interface (GUI)

Arrival Details

This backdoor may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

NOTES:
Based on analysis of the codes, it has the following capabilities:

  • Execute remote shell commands
  • Show a URL using the default browser of the affected system
  • Force the user to input login credentials
  • Shutdown the remote computer
  • Restart the remote computer
  • Put the system into sleep mode
  • Send a message
  • Create a text file on the desktop
  • Display a window with a message from the attacker that can only be removed by rebooting
  • Display the following graphical user interface (GUI):

















SOLUTION

Minimum Scan Engine:

8.900

FIRST VSAPI PATTERN FILE:

7.864.05

FIRST VSAPI PATTERN DATE:

28 Feb 2011

VSAPI OPR PATTERN File:

7.865.00

VSAPI OPR PATTERN Date:

28 Feb 2011

Scan your computer with your Trend Micro product to delete files detected as OSX_MUSMINIM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.

Connect with us on