85.255.112.81 | iThreats

Latest Threat: MacCinema

March 17, 2009 Methusela Cebrian Ferrer 4 comments

MacCinema is the latest OS X threat. It’s not really new, it is an update of MacAccess although this time it uses different strings and clever obfuscation but overall the installation and behavior remains the same.

preinstall

So, here’s the fixed one…

fixed This will output script below…

Notice the IP Address “213.163.64.78″- This is the backdoor IP which executed through cronjob. The backdoor is responsible for executing or installing “DNSChanger” which will change or add malicious DNS entries : 85.255.112.81, es : 85.255.112.114

integostrikesagain Notice “enialbdivad 777 nigeb”, obviously we have to fix again …. davidblaine

To fill up our curiosity, here’s the final deobfuscated script.

final

To remove this threat, just follow MacAccess removal instruction.

Categories: malware report, OS X Tags: 213.163.64.78, 85.255.112.114, 85.255.112.81, davidblaine 777, dnschanger, integostrikesagain, latest OS X threat, MacCinema, os x backdoor

	Scott on How to Remove Starfield
	Ratan on Summary of ASF File Speci…
	loewenherz.cc… on Summary of ASF File Speci…
	N. Cheatham on Analysis of OSX Starfield
	Rudolf Jockers on Just a note…

M	T	W	T	F	S	S
« Oct
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

iThreats

Archive

Latest Threat: MacCinema

Threat Researcher

Twitter Updates

Pictures of the Day

AV Blogroll

Home

Latest Advisories

Top Posts

Recent Comments

Recent Posts

Meta

Archives

Reference

Follow “iThreats”