*** The security hole in LittleSnitch is not pure speculation. A
virus already has taken advantage of it! ***
Hi everyone,
I was looking to see what the web had to say about LittleSnitch's
security (googling with the terms "LittleSnitch Security") and
something very interesting came up from Symantec's virus description
page (http://securityresponse.symantec.com/avcenter/venc/data/
sh.renepo.b.html)
"SH.Renepo.B is a data-collecting script virus that only runs on Mac
OS X systems.
[...] When the virus is executed, it does the following: [...]
15. Looks for LittleSnitch software (a shareware Firewall program
with application control) and tries to terminate the process, when
LittleSnitch attempts to perform network access."
So I decided to search around a bit more to see what I could find.
These are my findings. They are not exactly structured, but a lot of
information can be found on these sites.
This information is well documented on many sites such as:
http://www.sophos.com/virusinfo/analyses/shrenepoa.html
http://vil.nai.com/vil/content/v_129163.htm
http://secunia.com/virus_information/12889/unixopener/
*** Objective Development was aware of this for over a year but
seamed to have decided not to act! ***
http://www.mail-archive.com/littlesnitch-talk@obdev.at/msg00132.html
(Note that they never mention in the mailinglist post that the opener
kills the LittleSnitch daemon!)
The opener was featured on:
http://www.arnnet.com.au/index.php/id;1771656169;fp;2;fpid;1
http://www.businessweek.com/technology/content/oct2004/
tc20041028_9388_tc056.htm
http://www.macintouch.com/opener.html
http://freaky.staticusers.net/ugboard/viewtopic.php?t=14713
More information about the SH.Renepo.B virus :
http://www.google.com/search?rls=en&q=SH.Renepo.B
http://www.google.com/search?rls=en&q=SH.Renepo.B+LittleSnitch
Current Aliases used for this Virus:
SH.Renepo (CA)
SH.Renepo.B (Symantec)
SH/Renepo-A (Sophos)
SH/Renepo.A (Panda)
Worm.MacOS.Opener.a (Kaspersky)
MacOS.Renepo.A
MacOS.Renepo.B
MAC_RENEPO.B
Unix/Opener.worm
OBDev, it's time to react. The users who bought your product want the
security they deserve!
Matthieu Lalonde
http://snitchctl.smurfturf.net/
_______________________________________________
Littlesnitch-talk mailing list
Littlesnitch-talk@obdev.at
http://at.obdev.at/mailman/listinfo/littlesnitch-talk