A shell script just appeared in my ~/Library/Application Support directory with the name: 11014231
The contents of the file are:
nohup "$1" &
Note that I am running MacOS X 10.4.4 PPC with all patches (which I realize is different than 10.4.5 with all patches). I was logged in to my user account, which does not have "admin" or "root" privileges.
When I found this file, I had been running Safari. It had just frozen and I thought I might want to clean out the cache folder. I had several windows open in Safari but the last thing I was doing was working in Gmail. There were no new e-mails in my Gmail inbox -- I was reading old e-mails from people I know. The create and modify times on the file are 11:37am on September 12, 2005. The last access time was about the same time that my Safari crashed.
I know UNIX so I understand what the script means. What I don't know is where it came from and what malware this might be associated with. I've heard about a proof-of-concept trojan that tries to run a script but I thought it specifically called bash.
Does anyone have any ideas what thing was doing or trying to do? The system seems fine but I don't like unexplained files.
P.S.The previous thing I was doing in Safari was looking for instructions on how to configure a Mac to connect to a T-mobile HotSpot over WPA/802.1X. I have no problem using the open wireless wireless, but would like to use their secure offering. T-mobile doesn't offer instructions on how to do this -- they just offer the Windows-only "T-Mobile Connection Manager" to handle it.
The contents of the file are:
nohup "$1" &
Note that I am running MacOS X 10.4.4 PPC with all patches (which I realize is different than 10.4.5 with all patches). I was logged in to my user account, which does not have "admin" or "root" privileges.
When I found this file, I had been running Safari. It had just frozen and I thought I might want to clean out the cache folder. I had several windows open in Safari but the last thing I was doing was working in Gmail. There were no new e-mails in my Gmail inbox -- I was reading old e-mails from people I know. The create and modify times on the file are 11:37am on September 12, 2005. The last access time was about the same time that my Safari crashed.
I know UNIX so I understand what the script means. What I don't know is where it came from and what malware this might be associated with. I've heard about a proof-of-concept trojan that tries to run a script but I thought it specifically called bash.
Does anyone have any ideas what thing was doing or trying to do? The system seems fine but I don't like unexplained files.
P.S.The previous thing I was doing in Safari was looking for instructions on how to configure a Mac to connect to a T-mobile HotSpot over WPA/802.1X. I have no problem using the open wireless wireless, but would like to use their secure offering. T-mobile doesn't offer instructions on how to do this -- they just offer the Windows-only "T-Mobile Connection Manager" to handle it.