trifinite.blog
The trifinite.blog is a weblog that is maintained by the trifinite.group. Every now and then you will find new entries here. You can add this weblog to your RSS-Feed reader by importing this URI.
| InqTana Bluetooth Worm |
|
Trifinite.group member Kevin has published a paper detailing the techniques he used in the development of the InqTana Bluetooth worm that targets vulnerable Mac OS X systems. There has been significant confusion surrounding this worm, so here are some salient points:
- The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
- There is no conspiracy, AV vendors and Apple were notified about Kevin's progress in developing this worm in advance of making details publicly available
- Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
- InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently
Kevin's paper is available at http://www.digitalmunition.com/InqTanaThroughTheEyes.txt. Comments can be directed to the BlueTraq mailing list. Our sympathies to those organizations who were affected by the false-positive signatures published by overzealous AV companies.
|
| Posted by Joshua Wright on Thu, February 23, 2006 at 01:11 PM
| Comments (0)
| TrackBack (1)
|
Trackback Pings
TrackBack URL for this entry:
/cgi-bin/mt/mt-tb.cgi/71
Listed below are links to weblogs that reference InqTana Bluetooth Worm:
» InqTana Bluetooth Worm from The Lazy Genius
Trifinite.group member Kevin has published a [Read More]
Tracked on February 23, 2006 04:32 PM
Post a comment
Thanks for signing in,
.
Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)
|
