Re: [Littlesnitch-talk] LittleSnitchCTL - command line tool and security holes

Wed, 05 Oct 2005 10:57:33 -0700

*** The security hole in LittleSnitch is not pure speculation. A virus already has taken advantage of it! *** 

Hi everyone,
I was looking to see what the web had to say about LittleSnitch's security (googling with the terms "LittleSnitch Security") and something very interesting came up from Symantec's virus description page (http://securityresponse.symantec.com/avcenter/venc/data/ sh.renepo.b.html) 


"SH.Renepo.B is a data-collecting script virus that only runs on Mac  
OS X systems.

[...] When the virus is executed, it does the following: [...]

15. Looks for LittleSnitch software (a shareware Firewall program  
with application control) and tries to terminate the process, when  
LittleSnitch attempts to perform network access."


So I decided to search around a bit more to see what I could find.

These are my findings. They are not exactly structured, but a lot of  
information can be found on these sites.


This information is well documented on many sites such as:
    http://www.sophos.com/virusinfo/analyses/shrenepoa.html
    http://vil.nai.com/vil/content/v_129163.htm
    http://secunia.com/virus_information/12889/unixopener/


*** Objective Development was aware of this for over a year but  
seamed to have decided not to act! ***

   http://www.mail-archive.com/littlesnitch-talk@obdev.at/msg00132.html

(Note that they never mention in the mailinglist post that the opener  
kills the LittleSnitch daemon!)


The opener was featured on:
    http://www.arnnet.com.au/index.php/id;1771656169;fp;2;fpid;1

    http://www.businessweek.com/technology/content/oct2004/ 
tc20041028_9388_tc056.htm

    http://www.macintouch.com/opener.html
    http://freaky.staticusers.net/ugboard/viewtopic.php?t=14713

More information about the SH.Renepo.B virus :
    http://www.google.com/search?rls=en&q=SH.Renepo.B
    http://www.google.com/search?rls=en&q=SH.Renepo.B+LittleSnitch

Current Aliases used for this Virus:
    SH.Renepo (CA)
    SH.Renepo.B (Symantec)
    SH/Renepo-A (Sophos)
    SH/Renepo.A (Panda)
    Worm.MacOS.Opener.a (Kaspersky)
    MacOS.Renepo.A
    MacOS.Renepo.B
    MAC_RENEPO.B
    Unix/Opener.worm



OBDev, it's time to react. The users who bought your product want the  
security they deserve!


Matthieu Lalonde
http://snitchctl.smurfturf.net/
_______________________________________________
Littlesnitch-talk mailing list
Littlesnitch-talk@obdev.at
http://at.obdev.at/mailman/listinfo/littlesnitch-talk






















					Reply via email to