OSX.Inqtana.A

Discussion in 'Mac Basics and Help' started by mrgreen4242, Feb 17, 2006.

  1. mrgreen4242 macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #1
  2. eva01 macrumors 601

    eva01

    Joined:
    Feb 22, 2005
    Location:
    Gah! Plymouth
    #2
  3. iGary Guest

    iGary

    Joined:
    May 26, 2004
    Location:
    Randy's House
    #3
    Oh, there will be all kind of hoax Trojans and Viruses, now.
     
  4. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #4
    Okay, I was sort of off, the Bluetooth problem was actually patched a little before 10.4.2, when Security Update 2005-006 came out.

    10.4.2 and later version updates roll in all the security stuff.

    CAN-2005-1333 is the vulnerability of interest for that reported worm.
     
  5. jhu macrumors 6502a

    jhu

    Joined:
    Apr 4, 2004
    #5
    surprisingly, not everyone patches their system. it's fairly rampant in the windows world, but it does happen in the mac world too.
     
  6. eva01 macrumors 601

    eva01

    Joined:
    Feb 22, 2005
    Location:
    Gah! Plymouth
    #6
    well that is their own problem and they deserve whatever they get for not updating their system for secuirty reasons.
     
  7. mrgreen4242 thread starter macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #7
    If this was patched in 10.4.2 then either Apple is super fast, or Symantec is way behind the times...
     
  8. eva01 macrumors 601

    eva01

    Joined:
    Feb 22, 2005
    Location:
    Gah! Plymouth
    #8
    way way behind the times i am guessing :p

    cause i am pretty sure apple says in their security updates. what can happen if this particular vulnerability happens. Just like in every secuirty update.
     
  9. mrgreen4242 thread starter macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #9
    Heh. Pretty funny... I only noticed this because I'm a sys admin (Windows network :mad: ) and was following up on some stuff at Symantec's site and was suprised to see two OSX listings on the new alerts list...

    Just out of curiousity, as I can't find anything with google for OSX.Inqtana.A and Symantecs site still lists it as being investigated, how do you guys know that this explouts the flaw patch in 20005-006?
     
  10. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #10
    F-Secure give a proper explanation.
     
  11. mrgreen4242 thread starter macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #11
    Ah, so it is a new worm/virus/whatever, but not a new security vulnerability. That clears it up, thanks. Sorry if all this was talked about already... :)
     
  12. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #12
    Until Symantec tells people exactly what it does and where it came from I'm calling this salesmanship.

    [edit] they now have info on what it does.Which is really nothing but have yet to say where it is/was or started from [/edit]
     
  13. mrgreen4242 thread starter macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #13
    The F-Secure site that iMeowbot posted has a pretty good explination.
     
  14. slb macrumors 6502

    Joined:
    Apr 15, 2005
    Location:
    New Mexico
    #14
    Sigh.

    Do you all realize there have been dozens of trojans in the past five years for OS X? The point is that none of them spread as there are no mechanisms in the OS for silent and automatic infection. The Mac platform remains unplagued by viruses and trojans, but it has always been possible to infect your machine with something if you download it and run it yourself.

    I can't wait until this meaningless hooplah blows over.
     
  15. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #15

    Thanks I saw that but thought Meow was referring to the old vulnerability and not the "proof of concept worm"

    Which BTW nobody has yet said where it came from..that I know of other than symantec..
    And I have always questioned their motives..
     
  16. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #16
    That's pretty standard, for the so-called "white hat" exploit writers to remain anonymous. Typically they write their stuff so that it intentionally won't be very harmful.
     
  17. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #17
    I'm still waiting for the Windows anti-virus software makers to figure out what Brenda is. I had to get rid of it years ago manually but only McAfee even had a clue that it existed. :D

    I'm glad to see that they're jumping on everything. Now, if Symantec would create software that didn't make a Mac worse, that would be real help from them.
     
  18. mduser63 macrumors 68040

    mduser63

    Joined:
    Nov 9, 2004
    Location:
    Salt Lake City, UT
    #18
    This is entirely a proof of concept. It hasn't been seen in the wild, and it expires on the 24th of this month. Anyway, I don't think it would be very successful. How many Macs are routinely around other Macs with bluetooth on (outside of multiple Macs owned by the same person)?
     
  19. cnakeitaro macrumors 6502

    Joined:
    Jan 16, 2006
    Location:
    Virginia Beach
  20. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #20
    Not only that, but in order to become infected with this proof-of-concept, the user must accept not one, not two, but three PUSH requests.

    Now that wouldn't be suspicious....
     
  21. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #21
    That's a real Hobson's choice then, for a Powerbook G4 15" or 17" owner sitting at 10.3.8. Do I uprade my system to 10.3.9 or 10.4 that has been shown to destroy the lower memory socket of a certain percentage of Powerbooks, like my out of warranty model, or do I stay with an OS that is known to be working and take the chance of some exploit?
     
  22. JasonRyde macrumors newbie

    Joined:
    Feb 17, 2006
    #22
    Please help! I have a question: When I went to my Symantec widget today, it told me about the OSX/Inqtana.A worm. I clicked on the link given within the widget that took me to the Symantec Security Response page. As I was reading about this worm, Norton popped up and said that it had quarantined the OSX/Inqtana.A worm, which was found in my cache of Safari. After doing some research, that message only popped every time I visited the Symantec page regarding the OSX/Inqtana.A worm. Why is this happening? Can someone people help me? What is going on? When I look in the quarantined list, there are cache files there that have been isolated.

    Thank you.
    Worried Jason...
     
  23. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #23
    So in other words, Norton is mistaking its own company's description of a worm that doesn't exist in the wild as the worm itself!! That's hilarious!

    Sorry Jason, I'm laughing at Norton, not you. There is no way you could have a real infection in your Web cache, that program would only get to you through a Bluetooth link.
     
  24. Counterfit macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #24
    Here's how you remove it:
    1) open you Applications folder
    2) Drag anything with the name "Norton" in it to the trash
    3) empty the trash
    :D
     
  25. JasonRyde macrumors newbie

    Joined:
    Feb 17, 2006
    #25

    So does this mean that I do not have anything to worry about? I did a scan of my Users folder and it found another one. Here was it's location:Where: /Users/username/Library/Caches/Norton AntiVirus 12/12/1518771144-2593876682.cache

    Why is this showing up now? Is this coming from Norton's site, did I do anything wrong?

    Thanks
     

Share This Page