PDA

View Full Version : Security help, possible malware?




JamesP.
Sep 26, 2012, 01:19 PM
Updated to ML 10.8.2

When i open Skype it try to allow incoming connection to port 57502.
Both times Little Snitch caught it.
Below are two images.

http://i49.tinypic.com/2r71uux.jpg

http://i48.tinypic.com/2cwt07k.jpg
skype asks when I log in each time.
I would have no contacts from either russia or isa.

Only irish or english.


I turned on Skype again and immediately again got another popup from little snitch showing
------------------------
Skype
wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

IP Address 2.198.37.244
Reverse DNS Name No Reverse Name

--------------------------------------
restarted it again and gave this one
Skype
wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

IP Address 87.9.221.109
Reverse DNS Name host109-221-dynamic.9-87-r.retail.telecomitalia.it

Any ideas on why these seem be connecting from all over.
And it happens each time I login, not anyone talking to me.

Here is little snitch before open Skype
http://i46.tinypic.com/2viimxi.jpg

Processes:
http://i48.tinypic.com/24pju6a.png


Another question...

Is this a possible cause?
http://www.zdnet.com/new-mac-malware-spies-on-you-via-adium-firefox-safari-skype-7000001665/

and
Can I do a OS overwrite but keep my files?



mrapplegate
Sep 26, 2012, 02:03 PM
Updated to ML 10.8.2

When i open Skype it try to allow incoming connection to port 57502.
Both times Little Snitch caught it.
Below are two images.

http://i49.tinypic.com/2r71uux.jpg

http://i48.tinypic.com/2cwt07k.jpg
skype asks when I log in each time.
I would have no contacts from either russia or isa.

Only irish or english.


I turned on Skype again and immediately again got another popup from little snitch showing
------------------------
Skype
wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

IP Address 2.198.37.244
Reverse DNS Name No Reverse Name

--------------------------------------
restarted it again and gave this one
Skype
wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

IP Address 87.9.221.109
Reverse DNS Name host109-221-dynamic.9-87-r.retail.telecomitalia.it

Any ideas on why these seem be connecting from all over.
And it happens each time I login, not anyone talking to me.

Here is little snitch before open Skype
http://i46.tinypic.com/2viimxi.jpg

Processes:
http://i48.tinypic.com/24pju6a.png


Another question...

Is this a possible cause?
http://www.zdnet.com/new-mac-malware-spies-on-you-via-adium-firefox-safari-skype-7000001665/

and
Can I do a OS overwrite but keep my files?

I would just delete Skype and download it again. Did you download it from skype.com?

munkery
Sep 26, 2012, 02:38 PM
OS X/Crisis doesn't work in Mac OS X 10.8

http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/

Quotes from article:

It does not run on the new Mountain Lion 10.8.

This threat has not yet been found in the wild, and so far there is no indication that this Trojan has infected users so right now the threat is considered to be a low risk.

Given the purpose of Skype, these connections are most likely normal connections for it to function as intended.

I would recommend deleting Little Snitch because that type of firewall doesn't actually have that much utility beyond making users paranoid.

Any malware that installs with sufficient privileges has the ability to create an exception for itself in the firewall rules. Some examples of Mac malware have done this against Little Snitch in the past.