Sophos Stories November 5, 2012

Use Sophos antivirus? Watch out

Tim Bray notes a post on Neohapsis:

A working exploit for Sophos 8.0.6 on Mac is available, however the techniques used in the exploit easily transfer to Windows and Linux, due to multiple critical implementation flaws described in the paper. Testcases for the other flaws described in the paper are available on request.

Sophos responded with a post on the multiple vulnerabilities, and it responded over and over that “Sophos has seen no evidence of this vulnerability being exploited in the wild.” But, is that really good enough? How about issuing a fix in the two plus months that they’ve known about these issues?  It only takes one wild exploit.

Sophos gave 9to5Mac the following comment:

Some were fixed last month, and for others we started rolling out patches to our users today.  :-)

Users of Sophos products should be automatically updated, but if anyone wants to be sure they can initiate a manual update.

Sophos Stories July 26, 2012

Morcut/Crisis Mac malware capable of monitoring location, webcam, address book, more

We told you yesterday about the Trojan named “Crisis“, also being referred to as “OSX/Morcut-A”, discovered for OS X, but it is considered low risk for users. Today, we get some more details about the trojan with security company Sophos explaining the Morcut Malware features code for controlling the following:

  • mouse coordinates
  • instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
  • location
  • internal webcam
  • clipboard contents
  • key presses
  • running applications
  • web URLs
  • screenshots
  • internal microphone
  • calendar data & alerts
  • device information
  • address book contents

The malware appears to have been specifically created with spying on the user as its goal. There have not been any reported cases of infected users, though, so the threat is still considered low risk.

Powered by WordPress.com VIP