Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This is Trend Micro's detection for a worm that affects Macintosh computers running on Mac OSX 10.4.
This worm spreads via an instant messaging application, Apple iChat, and arrives using the file name LATESTPICS.TGZ. The said file, however, does not run automatically but has to be double-clicked so that it is uncompressed. When uncompressed, it drops its main executable component named LATESTPICS, as well as a hidden resource file named _LATESTPICS, which uses the JPEG icon as a stealth mechanism. LATESTPICS must again be double-clicked for this worm to be able to execute its routines.
Users are therefore advised to refrain from running or clicking on unknown files from instant messengers, especially if it comes from a questionable source.
In order to perform its propagation routine, this worm first attempts to install itself as an application hook named Input Manager. It does the said action by deleting any existing APPHOOK folders. It then replaces the said folders with its own APPHOOK folder containing certain files.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 16, 2006 7:39:36 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
