Latest OS X threat Krowi installs “DivX”

Home > Malwares > Latest OS X threat Krowi installs “DivX”

Latest OS X threat Krowi installs “DivX”

January 27, 2009 Methusela Cebrian Ferrer Leave a comment Go to comments

krowib_icon Latest update of threat Krowi was found in Adobe Photoshop cracker installer.

Not much difference with “iWorkServices” except with the repackaging and name. However, this should serve as a reminder to be extra careful in downloading stuff!

krowib strings

Once installed, you’ll find these files and port activity below.

divx

How to Remove? It’s the same as the previous instruction except that you have to change the name from “iWorkServices” to “DivX”.

Categories: Malwares Tags: Adobe cracker, Adobe photoshop crack key, Adobe trojan, DivX, iwork trojan latest

Comments (2) Trackbacks (0) Leave a comment Trackback

Steve

January 27, 2009 at 9:20 am | #1

Reply | Quote

Hello researchers,

This threat removal method leaves out the backdoor executable inside the “/var/tmp/” folder with a random name beginning by “tmp.”

That folder isn’t removed by os x when you restart your Mac according to Apple’s documentation.

Methusela Cebrian Ferrer

January 27, 2009 at 11:10 am | #2

Reply | Quote

Hi Steve,

I appreciate this feedback, I’ll check this and update this article if required. Thanks!

No trackbacks yet.

New Offer from Rogue “iMunizator” How To Remove “iWorkServices”

M	T	W	T	F	S	S
« Dec				Feb »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Threat Researcher

Latest OS X threat Krowi installs “DivX”

Blog Stats

Twitter Updates

Reference

Author

AV Blogroll

Latest Advisories

Top Posts

Recent Posts

Meta

Spam Blocked

Archives