April 26, 2005 7:13 AM PDT
Sophos describes Mac/Cowhand-A "virus"
Sophos has posted a vague description of a new potential proxy Trojan for Mac OS X called "Mac/Cowhand-A."
Sophos says Mac/Cowhand-A may:
"copy itself to the user's Preferences folder. In order to run itself on startup, the Trojan may add itself to the user's Startup Items."
allowing outside, unauthorized access.
Sophos has already posted a virus identity (.ide) file for the new potential security breach (for use with the company's Sophos Anti-Virus software).
Resources
mentioned this, let alone have a way to disinfect it already . . . makes me
suspicious. They need a lot of good press right now to counter all their bad
press and suddenly this OSX virus pops out of the woodwork . . . hmmmm.
As I understand it this virus comes on a CD in the mail, then the SysAdmin
has to apply it. But Sophos can stand there and say "Don't do that!"
And as stated by Sophos it is only a proof of concept which doesn't even work.
Another FUD story.
//Rob
What bad press has Sophos received in recent months? Or are you confusing
them with Intego?
As far as I'm concerned, Sophos is the best anti-virus product available for
the Mac, not to mention Windows, UNIX...etc. Beats Symantec and especially
Virex by far. Unfortunately, it isn't sold to individual purchasers.
---
Gann Matsuda
Intego is a good mac dev, IMO.
They made one bad PR move, but their softs are excellent.
Macs don't need anti-virus for now, that's all.
Btw, "Cowfight Underhand Trojan Server", named "Mac/Cowhand-A" by Sophos,
exists for more than a year and is detected and blocked by Net Barrier et Virus
Barrier for that long. (source:macbidouille.com)
Sophos is "just" a year late.
Hey, Sophos has just discovered an older thing.CowFight has been released last year !
That's a good antivirus software :-)
thought I was going mad but I ended up zero-formatting all my drives ... plus
it spread across an airport network without exchanging files ... i know i'm not
deluding myself ... researched it for ages and came across this
www.cowfight.com
Too close to be a coincidence .. Scary!
its use of "virus" and I would hope the editors will change the
headline.<br>MacInTouch (www.macintouch.com) has a writeup
about this malware posted today (04/26) that includes more complete and
accurate information regarding this situation.
Who knows-maybe some of them covertly engage in virus 'make-work' projects to create a need for their wares...after all, we now live in a GOP ethically-challenged country where this sort of stuff is SOP...
Do you suppose we can leave out the political rants and stick to to topic at
hand? We don't want to fill this space with a flame war.
"Who knows-maybe some of them covertly engage in virus 'make-work'
projects to create a need for their wares...after all, we now live in a GOP
ethically-challenged country where this sort of stuff is SOP..."
But Sophos lives in Great Britain. And Sophos really doesn't need the Mac
market...the Windows mess keeps them very busy...we get 6 to 10 updates
from them on a given day [I see the email...installation is automated] (some
are just improvements in detection).
It would be nice if Sophos let us know what services this thing tries to act as a
proxy server for. (They are very often vague when they first post information
about something new...check back in a few days and they usualy have filled in
more information. In defining days, remember that the day shift works while
we sleep.)
- by Cowicide April 27, 2005 1:06 AM PDT
- YAWN.... so, any widespread EXPLOITS yet? NONE? BYE.
- Like this Reply to this comment
-
(12 Comments)