Nice, this will tell the FBI exactly who to chase :-)
TargetingEdge claims the software isn't malware, but based on the following, this is like claiming Wilbur in Charlottes Web isn't a pig. According to Amit Serper, who wrote the analysis of the code: Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters
As for OSX.Pirrit malware, it runs under root privileges, creates autoruns and generates random names for itself on each install. Plus, there are no removal instructions and some of its components mask themselves to appear like they’re legitimate and from Apple. And don’t forget that TargetingEdge used domains that appeared to be generated by some sort of DGA and made many attempts to hide any link between the domains and TargetingEdge.Slashdot starts a good thread: Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com)
CyberReason's analysis of the code can be found here
Amit - If I run into you in Boston area, let me buy you a beer!
No comments:
Post a Comment