Sophos, a world leader in protecting businesses against spam and
viruses, is advising Mac OS X administrators of an anti-security
worm known as "Renepo". The worm does not have prodigious spreading
powers (for example, it does not use peer-to-peer sharing, email or
instant messaging to spread), but is full of anti-security
programming.
For example, Renepo will turn off the OS X firewall and other
security software; will download and install hacker tools for
password sniffing and cracking; will make key system directories
world-writeable; and will create an admin-level user for later
system abuse. Renepo also turns off accounting and logging to help
hide its presence.
"You do not want this thing in your OS X network," said Paul
Ducklin, Asia Pacific Head of Technology for Sophos. "Renepo makes
such a wide range of security-related changes that all security
bets are off once you have been compromised. Because Renepo
attempts to harvest user, configuration and password data for a
wide range of applications, including FTP servers, web servers,
browsers, the VNC remote control program and the operating system
itself, it represents a huge security headache rolled into a single
shell script."
As Ducklin points out however, there is a silver lining: "The
Renepo virus is not in the wild, and can therefore be considered a
shot across the bows rather than a clear and present danger.
Hopefully, its existence will be a timely warning to any Mac users
who still assume they are safe because the bad guys aren't
interested in the Mac platform."
Technical details are available online.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.