Opener Malware

Posted on

“Opener” Malware

There’s now a real [malware program] out there for Mac OS X that can do some real damage. It doesn’t seem to be too destructive although it does delete some UNIX commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it “Opener.”

My system was a responding a bit slowly and a check of my /var/log files showed that they were _all_ empty and had the same mod date. The Activity Monitor showed a process called “john” eating almost an entire processor.

Some further looking showed an unknown startupitem in /Library/StartupItems/ called “opener”. The executable file is a well-commented bash program. It scans for passwords for every user, processes the hashed info using your own Mac, turns on file sharing, and puts all this stuff into an invisible folder called .info on each users Public folder.

It does much, much more but it’s important that a warning get out quickly.

One thought on “Opener Malware

  1. http://freaky.staticusers.net/ugboard/viewtopic.php?t=10712&start=150

    This is a script, not a virus, worm or trojan. The ability to run scripts is not a vulnerability and exists on all versions of Windows and Macintosh computers.

    This particular script is a shell script and can’t even be run by double clicking it… this is not a threat unless you have already compromised the security of your system by allowing others to physically access it or by using weak passwords AND changing permissions on your StartupItems folder.

Comments are closed.