A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #6545  by Xylitol
 Thu May 26, 2011 10:31 am
Found that on MDL, not tested.

locs:
99.30.139.110/macbookprotection.com/download.php
199.30.139.110/mstoolonline.com/download.php
199.30.139.110/macbooksecurity.com/download.php
199.30.139.111/mstoolonline.com/download.php
Attachments
archive password: xylibox
(3.52 MiB) Downloaded 71 times
archive password: xylibox
(3.52 MiB) Downloaded 62 times
 #6547  by bitx
 Thu May 26, 2011 3:09 pm
Xylitol wrote:Found that on MDL, not tested.

locs:
99.30.139.110/macbookprotection.com/download.php
199.30.139.110/mstoolonline.com/download.php
199.30.139.110/macbooksecurity.com/download.php
199.30.139.111/mstoolonline.com/download.php
Thanks Xylitol! That's the "Mac Security". Can't find the new one "Mac Guard".

Image
 #6555  by bitx
 Fri May 27, 2011 11:48 am
EP_X0FF wrote:IMHO the only one thing they change - window title.
Yes, they have changed the name, but the newest version "Mac Gaurd" no longer requires administrative credentials. They now install into areas of the system that only require standard user privilege, according to Sophos Labs.