14 DAY TRIAL // Intego, the self-touted “Mac security expert,” has posted a new advisory on its website, claiming it has proof of a yet-non-existent piece of malware. Intego has named the new proof-of-concept malware OSX/Tored.A, and has updated its flagship security app for Mac with a new malware class. The company itself notes that, “There is no real threat from this malware.”
Titled “OSX/Tored.A Proof of Concept Malware,” the exploit was discovered on April 22, 2009, and is listed as presenting a “very low” level of risk. Intego reveals it has come across what it calls a “proof-of-concept malware,” dubbing it “OSX/Tored.A.” According to the security expert, “This malware is an application created with RealBasic, a version of the BASIC programming language available for Mac OS X, Windows and Linux. The malware in question is a self-contained application, which contains RealBasic code and a runtime needed for that code to execute.”
The company goes on to explain how the malware does its thing. “The malware attempts to copy itself to the System folder and the System/Library/StartupItems folder, renaming itself ‘applesystem’ or ‘systemupdate,’” Intego tells.
“It obtains e-mail addresses from Address Book, and sends e-mails to recent recipients containing a copy of the malware, but does so with an SMTP server that is currently non-existent,” the company outlines. “This malware also attempts to create a botnet, and records some keystrokes, and attempts to copy itself to other disks that are mounted,” Intego adds.
“While this malware is currently not in the wild, Intego finds the use of RealBasic, and its runtime, to be a novel approach to malware,” the advisory reads on. “Because of this, Intego has created a new malware class for VirusBarrier X5. However, the code in this malware is faulty, and it does not work correctly, so there is no real threat from this malware,” Intego admits.
Nevertheless, the security firm still posts some “means of protection,” encouraging readers of its newest advisory to run Intego VirusBarrier X5. Intego shares that VirusBarrier's definitions dated April 28, 2009 or later detect this malware.