OSX_IMULER.A
Mac OS
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This backdoor may be downloaded by other malware/grayware from remote sites.
TECHNICAL DETAILS
102,400 bytes
ELF
Yes
23 Sep 2011
Arrival Details
This backdoor may be downloaded by the following malware/grayware from remote sites:
- OSX_REVIR.A
Installation
This backdoor drops the following files:
- /users/%User%/library/LaunchAgents/checkvir.plist
It drops the following copies of itself into the affected system:
- /users/%User%/library/LaunchAgents/checkvir
NOTES:
This backdoor attempts to connect to its command and control (C&C) server www.{BLOCKED}akan.org. If the connection is successful, it may perform the following:
- Capture screenshots
- Upload file
Currently, the said server is inaccessible.
SOLUTION
9.200
Step 1
Remove the malware/grayware file that dropped/downloaded OSX_IMULER.A
-
OSX_REVIR.A
Step 2
Restart in normal mode and scan your computer with your Trend Micro product for files detected as OSX_IMULER.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
NOTES:
Note: Follow this step after removing the related malware:
Terminating Malware Process
- Go to Applications> Utilities> Activity Monitor and terminate the following process using the Quit Process button:
- checkvir
Did this description help? Tell us how we did.