Security help, possible malware?

Discussion in 'OS X Mountain Lion (10.8)' started by JamesP., Sep 26, 2012.

  1. macrumors regular

    Joined:
    Jun 13, 2012
    #1
    Updated to ML 10.8.2

    When i open Skype it try to allow incoming connection to port 57502.
    Both times Little Snitch caught it.
    Below are two images.

    http://i49.tinypic.com/2r71uux.jpg

    http://i48.tinypic.com/2cwt07k.jpg
    skype asks when I log in each time.
    I would have no contacts from either russia or isa.

    Only irish or english.


    I turned on Skype again and immediately again got another popup from little snitch showing
    ------------------------
    Skype
    wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

    IP Address 2.198.37.244
    Reverse DNS Name No Reverse Name


    --------------------------------------
    restarted it again and gave this one
    Skype
    wants to accept an incoming connection from 2.198.37.244 on TCP port 50752

    IP Address 87.9.221.109
    Reverse DNS Name host109-221-dynamic.9-87-r.retail.telecomitalia.it


    Any ideas on why these seem be connecting from all over.
    And it happens each time I login, not anyone talking to me.

    Here is little snitch before open Skype
    http://i46.tinypic.com/2viimxi.jpg

    Processes:
    http://i48.tinypic.com/24pju6a.png


    Another question...

    Is this a possible cause?
    http://www.zdnet.com/new-mac-malware-spies-on-you-via-adium-firefox-safari-skype-7000001665/

    and
    Can I do a OS overwrite but keep my files?
     
  2. macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #2
    I would just delete Skype and download it again. Did you download it from skype.com?
     
  3. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #3
    OS X/Crisis doesn't work in Mac OS X 10.8

    http://www.intego.com/mac-security-...ed-osxcrisis-discovered-by-intego-virus-team/

    Quotes from article:

    Given the purpose of Skype, these connections are most likely normal connections for it to function as intended.

    I would recommend deleting Little Snitch because that type of firewall doesn't actually have that much utility beyond making users paranoid.

    Any malware that installs with sufficient privileges has the ability to create an exception for itself in the firewall rules. Some examples of Mac malware have done this against Little Snitch in the past.
     

Share This Page