[OS X TeX] OT: effective Macintosh Trojan in the wild

Bruno Voisin bvoisin at mac.com
Fri May 6 03:43:45 EDT 2005 

Le 6 mai 05 à 02:28, Alain Schremmer a écrit :

> A couple of days ago I renewed my subscription to Norton Antivirus.  
> Today, I got "hit by the Hacktool". I am glad I saw the previous  
> exchange so I did not panick and since I kept it I will now know  
> what to do.

It seems the problem has finally got wider exposure on the web, as  
more and more people were being hit by it. A piece of information  
that I found most helpful is this post on the Apple discussion forums  
<http://discussions.info.apple.com/webx?14@959.nYYyaGphRcw.0@. 
68ae26a7/99>.

As it turns out, Hacktool.Underhand isn't a virus or Trojan, but  
simply a bug in Norton AV's latest virus definition file, which was  
too broad and identified legitimate background system maintenance  
tasks, such as management of swap files, as viral. Symantec has  
finally acknowledged the problem and released yesterday (May 5) a  
corrected virus definition <http://securityresponse.symantec.com/ 
avcenter/download/pages/US-NMC.html>.

> Still, I don't like that and I was wondering if you would say what  
> you are using instead.

At present I'm not using anything: I simply take care to never open  
(or forward to other people) an email attachment before checking from  
other sources that it is legitimate; and (but that's more antiscam  
than antivirus) to always look at the source of email messages  
containing hyperlinks, before clicking on them, to infer from the  
html code whether the hyperlinks actually do what they pretend to be  
doing.

But that's just stopgap measures: I would prefer to have an antivirus  
running, and I'm waiting for an update to be released, compatible  
with Tiger. Though, as a Virex user, I must confess that, after a  
brief trial period, I had disabled background scanning and scanning  
of mounted volumes, to only leave scan-on-demand, for performance  
issues (and because I don't like very much to have background-running  
software, other than the OS, to avoid unhappy interference).

Or maybe Apple did suppress Virex from .Mac on purpose, and is  
working on a home-brand antivirus software, to be announced at  
Steve's WWDC keynote?

Bruno Voisin--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>

More information about the MacOSX-TeX mailing list