Home > Malwares > Latest OS X threat Krowi installs “DivX”

Latest OS X threat Krowi installs “DivX”

krowib_iconLatest update of threat Krowi was found in Adobe Photoshop cracker installer. 

Not much difference with “iWorkServices” except with the repackaging and name. However, this should serve as a reminder to be extra careful in downloading stuff!   

 

krowibstrings

Once installed, you’ll find these files and port activity below.

divx

How to Remove? It’s the same as the previous instruction except that you have to change the name from “iWorkServices” to “DivX”.

  1. Steve
    January 27, 2009 at 9:20 am

    Hello researchers,

    This threat removal method leaves out the backdoor executable inside the “/var/tmp/” folder with a random name beginning by “tmp.”

    That folder isn’t removed by os x when you restart your Mac according to Apple’s documentation.

    • Methusela Cebrian Ferrer
      January 27, 2009 at 11:10 am

      Hi Steve,

      I appreciate this feedback, I’ll check this and update this article if required. Thanks!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: