trifinite.logo
 trifinite.org | trifinite.blog | trifinite.group | trifinite.stuff | trifinite.trust | trifinite.downloads | trifinite.album | trifinite.links



Recent Articles
A little web thing...
Attacking NFC Mobile Phones
HID Attack
Bluetooth® Trademark Violation
Slides for PocketPC MMS Attack

Categories
Personal
trifinite.group
trifinite.misc
trifinite.org
trifinite.stuff

Archives
October 2008
September 2008
May 2008
January 2007
October 2006
August 2006
June 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
December 2003
November 2003
October 2003

Syndicate this site (XML)
Powered by
Movable Type 3.1

trifinite.blog

The trifinite.blog is a weblog that is maintained by the trifinite.group. Every now and then you will find new entries here. You can add this weblog to your RSS-Feed reader by importing this URI.


InqTana Bluetooth Worm

Trifinite.group member Kevin has published a paper detailing the techniques he used in the development of the InqTana Bluetooth worm that targets vulnerable Mac OS X systems. There has been significant confusion surrounding this worm, so here are some salient points:

  • The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
  • There is no conspiracy, AV vendors and Apple were notified about Kevin's progress in developing this worm in advance of making details publicly available
  • Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
  • InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently

Kevin's paper is available at http://www.digitalmunition.com/InqTanaThroughTheEyes.txt. Comments can be directed to the BlueTraq mailing list. Our sympathies to those organizations who were affected by the false-positive signatures published by overzealous AV companies.

Posted by Joshua Wright on Thu, February 23, 2006 at 01:11 PM | Comments (0) | TrackBack (1)

Trackback Pings

TrackBack URL for this entry:
/cgi-bin/mt/mt-tb.cgi/71

Listed below are links to weblogs that reference InqTana Bluetooth Worm:

» InqTana Bluetooth Worm from The Lazy Genius

Trifinite.group member Kevin has published a

[Read More]

Tracked on February 23, 2006 04:32 PM

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?


 ... because infinite is sometimes not enough ... (c) 2004 by trifinite.group