Mac Bot Missed by Anit-Virus Detection
SANS is reporting on a newly analyzed IRC bot that has been compiled for Mac OS, FreeBSD and Linux. The fact that such bots run on these platform isn't news, but the rate at which is was detected is interesting:
About 75% of the AV programs detected the bot on FreeBSD and Linux versions but the Mac detection rate was a different story:
Finally, the Darwin version was a bit of a shock – 0 detections in total (!). Since it was a Mach-O executable for PPC, my guess is that AV programs didn't know how to parse the file format and just thought of it as data.
Not a problem for non-PPC platforms but the AV programs aren't preventing this thing from spreading and eventually landing on a vulnerable Mac. For more on Mac malware, check out this podcast.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
