Press Releases

Browse our press release archive

25 Oct 2004

Renepo worm targets Mac OS X users, Sophos reports

An Apple iMac computerSophos, a world leader in protecting businesses against viruses and spam, is advising system administrators of a new Mac OS X worm which attempts to turn off firewall and other security software.

The SH/Renepo worm (also known as Opener) can turn off the Mac OS X firewall and other security software; will download and install hacker tools for password-sniffing and cracking; will make key system directories world-writeable; and will create an admin-level user for later system abuse. Renepo also turns off accounting and logging to help hide its presence.

"You do not want the Renepo worm anywhere near your Mac OS X network," said Graham Cluley, senior technology consultant for Sophos. "Renepo makes so many security-related changes to your systems that all bets are off once you have been compromised. Because the worm attempts to harvest user, configuration and password data for a wide range of applications, it represents a huge security headache for all administrators, creating a backdoor to leave infected computers vulnerable to further attack."

Sophos notes that the Renepo virus has not been seen in the wild to date, but can be considered a warning to Macintosh users not to be complacent about the malware threat.

"This is a shot across the bows rather than a pressing immediate danger to Mac environments," continued Cluley. "The Renepo worm reminds Mac users who may have felt smug that most viruses target the Microsoft Windows market that they should be careful not to turn a blind eye to security."

The shell script used by the Renepo worm contains a number of comments from its authors, including:

###################################################
# opener 2.4 - a startup script to turn on services and gather user info & hashes for Mac OS X
###################################################
# Originally written by DimBulb
# Additional code: hard-mac, JawnDoh!, Dr_Springfield, g@pple
# Additional ideas and advice: Zo, BSDOSX

Sophos Anti-Virus for Mac OS X has been fully updated to protect against the threat posed by the SH/Renepo worm. Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.