Home > Malwares > Latest OS X threat Krowi installs “DivX”

Latest OS X threat Krowi installs “DivX”

January 27, 2009 Leave a comment Go to comments

krowib_iconLatest update of threat Krowi was found in Adobe Photoshop cracker installer. 

Not much difference with “iWorkServices” except with the repackaging and name. However, this should serve as a reminder to be extra careful in downloading stuff!   

 

krowibstrings

Once installed, you’ll find these files and port activity below.

divx

How to Remove? It’s the same as the previous instruction except that you have to change the name from “iWorkServices” to “DivX”.

Categories: Malwares Tags: , , , ,
  1. Steve
    January 27, 2009 at 9:20 am | #1
    Reply | Quote

    Hello researchers,

    This threat removal method leaves out the backdoor executable inside the “/var/tmp/” folder with a random name beginning by “tmp.”

    That folder isn’t removed by os x when you restart your Mac according to Apple’s documentation.

    • Methusela Cebrian Ferrer
      January 27, 2009 at 11:10 am | #2
      Reply | Quote

      Hi Steve,

      I appreciate this feedback, I’ll check this and update this article if required. Thanks!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: