NEWS FROM THE LAB - Tuesday, February 21, 2006

More OS X malware Posted by Jarno @ 11:12 GMT

Today we received two more samples of Mac OS X malware.

OSX/Inqtana.B and OSX/Inqtana.C are close variants to original OSX/Inqtana.A. About the only difference between variants is the technique by which the worm will start on the infected machine after user has accepted OBEX file transfers.

The startup routines on Inqtana.B and Inqtana.C will most likely work also on OS X 10.3.

Like Inqtana.A the .B and .C are locked to certain bluetooth addresses and are time limited to 24. February 2006, so they will not be able to replicate on any real environment and will work only in specially crafted lab. However it is possible that some virus author will create similar worms that are not intentionally limited, so please make sure that your OS X is up to date.