All news
Dr.Web products
Dr.Web AV-Desk
Dr.Web beta versions news
Updates of virus database
Virus alerts
Virus reviews
Real-time threats news
Promotions
Corporate news

Sign up

RSS-feeds

Information
Myths about Dr.Web
About viruses

Resources
Press center
For web-site owners

Buy
Buy from partners
Anti-virus As a Service
Buy online
License center
Contact sales

Criminals gain control over Mac with BackDoor.Olyx

June 22, 2011

Doctor Web—the leading Russian developer of anti-virus software —informs users that its virus analysts have discovered a new threat to computers running Mac OS X. BackDoor.Olyx is the second known backdoor for the operating system. If a machine is compromised by the malware, attackers get an opportunity to covertly control the computer. The backdoor receives commands from a remote server to create, transfer, rename, delete various files, as well as some other instructions.

The number of malicious programs for MAC OS X is small, especially compared with the number of threats to Windows. Until recently only one backdoor program for the OS was known—BackDoor.DarkHole. Versions of this malware exist for Mac OS X and for Windows. When launched, it enables hackers to open web pages in the default browser on the infected machine, restart the computer remotely and perform various operations with files. Now, in the Dr.Web virus database contains entries for both BackDoor.DarkHole and BackDoor.Olyx.

The program gets to a user's computer as an application designed for Macs featuring the Intel-compatible architecture, BackDoor.Olyx creates the /Library/Application Support/google/ directory on the disk to which it saves a file named startp. Then BackDoor.Olyx places the file /Library/ LaunchAgents/www.google.com.tstart.plist into the home directory, and uses the file to launch the malicious object after a system reboot.

image

After that the program moves itself to a temporary folder named google.tmp to delete the executable from its original location. As the name implies, BackDoor.Olyx operates in an infected system as a backdoor which includes downloading and running malicious files on infected machines and executing various commands in the /bin/bash shell. Thus, attackers can gain control over an infected computer without the user's knowledge.

Users of Dr.Web for Mac OS X can rest assured about the security of their computers, since the signature of the malware has already been added to the Dr.Web virus database. To prevent BackDoor.Olyx from infecting systems, users of Dr.Web for Mac OS X are recommended to enable automatic updating and scan their hard drives regularly.

Back to news
Company | News&Events | Send a virus | Online scanner | Privacy policy | Site map
[Google+] [Blog Dr.Web] [You Tube] [Twitter] [Facebook]
Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown. Doctor Web was the first company to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.


Rambler 100