More on OSX/OpinionSpy
The OSX/OpinionSpy/PremierOpinion story has unfolded rather more slowly than we're accustomed to seeing in the world of Windows (where PremierOpinion has been flagged as adware, spyware or "possibly unwanted" for quite a while.
As far as the 7Art screensavers are concerned, the last time I checked, the screensavers themselves seemed to be clean, and allowing access to PremierOpinion was optional. I don't have access to a Mac right now, but I'll check again when I do.
In the meantime, I've added a section on OSX/OpinionSpy to the slow-growing malware information database at http://macviruscom.wordpress.com/apple-malware-descriptions/. It's not a detailed analysis, but it includes several links to much fuller information.
David Harley CITP FBCS CISSP
ESET Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
http://amtso.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/
http://chainmailcheck.wordpress.com
http://smallbluegreenblog.wordpress.com/
2 Responses to “More on OSX/OpinionSpy”
Leave a Reply
- David Harley (745)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (60)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (30)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
June 14th, 2010 at 5:06 am
ESET added detection for HellRTS quite quickly, but still no Sig update for Opinionspy? Why not?
I search on the ThreatSense updates page everyday for the term " OSX" and the HellRTS is the latest OSX threat that has been added.
June 15th, 2010 at 5:36 am
I’ll check the status. But you can’t really go by the updates page to tell you what we detect. The last time I checked, some relevant links were flagged generically. Remember that this is a porting of a long-existing Windows program.