The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

InqTana Bluetooth Worm

Posted by Xavier Ashe on February 23, 2006

Trifinite.group member Kevin has published a paper
detailing the techniques he used in the development of the InqTana
Bluetooth worm that targets vulnerable Mac OS X systems. There has been
significant confusion surrounding this worm, so here are some salient
points:

  • The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
  • There is no conspiracy, AV vendors and Apple were notified about
    Kevin's progress in developing this worm in advance of making details
    publicly available
  • Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
  • InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently

Kevin's paper is available at http://www.digitalmunition.com/InqTanaThroughTheEyes.txt. Comments can be directed to the BlueTraq
mailing list. Our sympathies to those organizations who were affected
by the false-positive signatures published by overzealous AV companies.

From the trifinite.blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: