I've been working with a couple of colleagues who author OS X malware catalogs and we have been unable to find any information on subject "root kit". According to the latest RKHunter script it consists of a kernel extension named "Tagroot.kext" which is found in /System/Library/Extensions/. Can anybody provide details of the infection vector or impact of this malware? A sample would also help.
As a follow-up question, I'm wondering about RKHunter's philosophy on the treatment of OS X "rootkits". There are currently 42 uniquely named OS X malwares identified in this list <http://www.thesafemac.com/mmg-catalog/>, some having multiple variants. RKHunter only looks for three of them plus Togroot and there are no "Darwin" specific rootkit checks. I realize that many of them would not strictly be considered to be "rootkits", but I'm unclear as to which one should be. For instance, the variants of "OSX Inqtana" all seem to be user files, with none installed in the system. -Al- -- Al Varnell Mountain View, CA ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
