In this section

• Home
• Press office
• News archive
• Articles
• 2004
• 10

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

27 October 2004

"Renepo" worm brings broad-spectrum anti-security attacks to Mac OS X

Sophos, a world leader in protecting businesses against spam and viruses, is advising Mac OS X administrators of an anti-security worm known as "Renepo". The worm does not have prodigious spreading powers (for example, it does not use peer-to-peer sharing, email or instant messaging to spread), but is full of anti-security programming.

For example, Renepo will turn off the OS X firewall and other security software; will download and install hacker tools for password sniffing and cracking; will make key system directories world-writeable; and will create an admin-level user for later system abuse. Renepo also turns off accounting and logging to help hide its presence.

"You do not want this thing in your OS X network," said Paul Ducklin, Asia Pacific Head of Technology for Sophos. "Renepo makes such a wide range of security-related changes that all security bets are off once you have been compromised. Because Renepo attempts to harvest user, configuration and password data for a wide range of applications, including FTP servers, web servers, browsers, the VNC remote control program and the operating system itself, it represents a huge security headache rolled into a single shell script."

As Ducklin points out however, there is a silver lining: "The Renepo virus is not in the wild, and can therefore be considered a shot across the bows rather than a clear and present danger. Hopefully, its existence will be a timely warning to any Mac users who still assume they are safe because the bad guys aren't interested in the Mac platform."

Technical details are available online.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com