日前 Trojan-Dropper:OSX/Revir.A 漏洞雖已被修復 但很快的Trojan-Dropper:OSX/Revir.C又出現了 MD5:7DBA3A178662E7FF904D12F260F0FFF3 The main binary - detected as Trojan-Dropper:OSX/Revir.C .conft - Contains an encrypted payload .confr - contains a decoy JPG file. The first 2048 bytes are also used as the RC4 key to decrypt the payload .cnf - contains the filename to be used when creating the decoy file http://goo.gl/5AERC 預防教學看看就好 http://goo.gl/YtGlR from f-secure.com 就我目前的了解這支病毒主要是攻擊jpg和pdf 這支病毒版本更新的速度還算蠻快的 還沒裝防毒和自動更新的人快裝吧有裝有安心 OSX_IMULER.C http://goo.gl/mf1eH 這支更凶還會更新 它會執行遠端惡意使用者指定的下列命令： Take a screen shot Update the C&C server name List the contents of a folder and save it as /tmp/launch-0rp.dat. Then upload the file /tmp/launch-0rp.dat. Get the file size of a file Download a file from a URL Execute a command via the shell Delete a file Download a file and save it as /tmp/xntaskz.gz. Decompress the downloaded file to /tmp/xntaskz. Execute the following command:/tmp/CurlUpload -f /tmp/xntaskz 以上 -- 嗨嗨每個人 我的專長:迅速解毒 當機處理 資料救援 取回帳號 系統規劃 資訊整合 系統規劃:經濟,高效能,低污染,節約能源,(降低噪音震動,電磁波,廢熱,積塵,輻射) 省空間,使用舒適感佳,溫暖的鍵盤與滑鼠 (抗手冰冷) 鄉民說收卡是為了培養EQ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 182.235.70.42 ※ 編輯: hihieveryone 來自: 182.235.70.42 (04/02 15:45)