What the Devil(Robber)?

Written by

It occurs to me that while I wrote here about the interesting but apparently work-in-progress OSX/Tsunami (or Kaiten) port from Linux to OSX a while back, I haven't had the chance to mention the even more interesting (at least in terms of sophistication) OS X Devilrobber here, even in passing. OK, consider it mentioned. ;-)

This is actually a good time to mention it, since it so happens that F-Secure have added some significant detail to our knowledge of the malware today based on analysis of three samples uploaded by the same user to Pirate Bay, hidden in legitimate but torrented applications.

A feature I wasn't previously aware of is that it includes port mapping to UPnP-capable gateway devices: as Brod points out, this is presumably to allow its ports to be accessed from outside the network, a feature previously encountered in Win32/Conficker.

I've added this link and F-Secure's threat database entry to the Mac Virus malware descriptions page, which includes several other relevant resources.

What’s hot on Infosecurity Magazine?