On Jan 22, 2009, at 3:14 PM, Dennis Peterson wrote: > Anyone have any comments on the iServices.a virus found in illegal > distributions of iLife '09? > > http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126609&intsrc=hm_list
If you have a copy, please submit it to ClamAV (or http://www.virustotal.com / http://virusscan.jotti.org). Per F-Secure's analysis at http://www.f-secure.com/v-descs/backdoor_osx_iworkserv_a.shtml , this attempts to connect to either: * 69.92.177.146:59201 (ARIN: cableone.net) * qwfojzlk.freehostia.com:1024 (aka IP 201.235.145.105, part of LACNIC:FIBERTEL.COM.AR) ...and could try to download additional stuff via P2P, although at present it looks like both IPs are down (unpingable & the ports the trojan uses are not responding), so it looks like the actual threat is being contained. Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
