For Home

Virus Profile: OSX/Morcut

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 7/28/2012
Date Added: 7/28/2012
Origin: N/A
Length: Varies
Type: Trojan
Subtype: Macintosh
DAT Required: 6783
Removal Instructions
   
 
 
   

Description

This is a Trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc


Aliases:

  • Ikarus     -  Backdoor.OSX.Morcut
  • Kaspersky  - Backdoor.OSX.Morcut.a
  • Sophos     -     OSX/Morcut-A
  • Emsisoft   - Backdoor.OSX.Morcut!IK
  • Symantec - OSX.Crisis

Indication of Infection

Presence of above mentioned activities

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
   

Virus Characteristics

"OSX/Morcut" is a backdoor and rootkit combination installed by a cross-platform Java application which may pretend to be an Adobe updater when downloaded and runs as "Web Enhancer". 

It also opens up a port and connects to a remote server for instructions and updates. 

"OSX/Morcut" is persistent across reboots.

Upon successful installation on a machine, it will inject itself into a number of programs to spy on the infected user’s activity.  These applications include popular ones like:

  •     Skype
  •     MSN Messenger
  •     Adium
  •     Firefox

In addition to tracking all activity within the programs listed above, OSX/Morcut allows an attacker to monitor and/or control the following operations:

  •     Mouse position
  •     Location
  •     Internal Webcam & Microphone
  •     Clipboard Contents
  •     Key strokes
  •     Running applications
  •     Web addresses
  •     Screenshots
  •     Calendar Data & Alerts
  •     Device Information
  •     Address Book Contact Information
   
  • Use a browser plug-in to block execution of scripts and iframes.
  • Keep up-to-date anti-virus signatures
  • Keep software up-to-date with the latest available patches
            Java Runtime Environment
            Adobe Reader(PDF)
            Avoid visiting unwanted/suspicious websites