Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OSX.Inqtana.A

Okay, I was sort of off, the Bluetooth problem was actually patched a little before 10.4.2, when Security Update 2005-006 came out.

10.4.2 and later version updates roll in all the security stuff.

CAN-2005-1333 is the vulnerability of interest for that reported worm.
 
eva01 said:
any reason why people keep posting things that were patched in 10.4.2?
Click to expand...

surprisingly, not everyone patches their system. it's fairly rampant in the windows world, but it does happen in the mac world too.
 
jhu said:
surprisingly, not everyone patches their system. it's fairly rampant in the windows world, but it does happen in the mac world too.
Click to expand...

well that is their own problem and they deserve whatever they get for not updating their system for secuirty reasons.
 
eva01 said:
any reason why people keep posting things that were patched in 10.4.2?
Click to expand...

If this was patched in 10.4.2 then either Apple is super fast, or Symantec is way behind the times...
OSX.Inqtana.A
Discovered on: February 17, 2006
Last Updated on: February 17, 2006 03:37:39 PM
Click to expand...
 
mrgreen4242 said:
If this was patched in 10.4.2 then either Apple is super fast, or Symantec is way behind the times...
Click to expand...

way way behind the times i am guessing :p

cause i am pretty sure apple says in their security updates. what can happen if this particular vulnerability happens. Just like in every secuirty update.
 
eva01 said:
way way behind the times i am guessing :p

cause i am pretty sure apple says in their security updates. what can happen if this particular vulnerability happens. Just like in every secuirty update.
Click to expand...

Heh. Pretty funny... I only noticed this because I'm a sys admin (Windows network :mad: ) and was following up on some stuff at Symantec's site and was suprised to see two OSX listings on the new alerts list...

Just out of curiousity, as I can't find anything with google for OSX.Inqtana.A and Symantecs site still lists it as being investigated, how do you guys know that this explouts the flaw patch in 20005-006?
 
Ah, so it is a new worm/virus/whatever, but not a new security vulnerability. That clears it up, thanks. Sorry if all this was talked about already... :)
 
mrgreen4242 said:
Ah, so it is a new worm/virus/whatever, but not a new security vulnerability. That clears it up, thanks. Sorry if all this was talked about already... :)
Click to expand...

Until Symantec tells people exactly what it does and where it came from I'm calling this salesmanship.

[edit] they now have info on what it does.Which is really nothing but have yet to say where it is/was or started from [/edit]
 
Peace said:
Until Symantec tells people exactly what it does and where it came from I'm calling this salesmanship.
Click to expand...

The F-Secure site that iMeowbot posted has a pretty good explination.
 
Sigh.

Do you all realize there have been dozens of trojans in the past five years for OS X? The point is that none of them spread as there are no mechanisms in the OS for silent and automatic infection. The Mac platform remains unplagued by viruses and trojans, but it has always been possible to infect your machine with something if you download it and run it yourself.

I can't wait until this meaningless hooplah blows over.
 
mrgreen4242 said:
The F-Secure site that iMeowbot posted has a pretty good explination.
Click to expand...


Thanks I saw that but thought Meow was referring to the old vulnerability and not the "proof of concept worm"

Which BTW nobody has yet said where it came from..that I know of other than symantec..
And I have always questioned their motives..
 
Peace said:
Which BTW nobody has yet said where it came from..that I know of other than symantec..
Click to expand...
That's pretty standard, for the so-called "white hat" exploit writers to remain anonymous. Typically they write their stuff so that it intentionally won't be very harmful.
 
I'm still waiting for the Windows anti-virus software makers to figure out what Brenda is. I had to get rid of it years ago manually but only McAfee even had a clue that it existed. :D

I'm glad to see that they're jumping on everything. Now, if Symantec would create software that didn't make a Mac worse, that would be real help from them.
 
This is entirely a proof of concept. It hasn't been seen in the wild, and it expires on the 24th of this month. Anyway, I don't think it would be very successful. How many Macs are routinely around other Macs with bluetooth on (outside of multiple Macs owned by the same person)?
 
mduser63 said:
This is entirely a proof of concept. It hasn't been seen in the wild, and it expires on the 24th of this month. Anyway, I don't think it would be very successful. How many Macs are routinely around other Macs with bluetooth on (outside of multiple Macs owned by the same person)?
Click to expand...

Not only that, but in order to become infected with this proof-of-concept, the user must accept not one, not two, but three PUSH requests.

Now that wouldn't be suspicious....
 
eva01 said:
well that is their own problem and they deserve whatever they get for not updating their system for secuirty reasons.
Click to expand...

That's a real Hobson's choice then, for a Powerbook G4 15" or 17" owner sitting at 10.3.8. Do I uprade my system to 10.3.9 or 10.4 that has been shown to destroy the lower memory socket of a certain percentage of Powerbooks, like my out of warranty model, or do I stay with an OS that is known to be working and take the chance of some exploit?
 
Please help! I have a question: When I went to my Symantec widget today, it told me about the OSX/Inqtana.A worm. I clicked on the link given within the widget that took me to the Symantec Security Response page. As I was reading about this worm, Norton popped up and said that it had quarantined the OSX/Inqtana.A worm, which was found in my cache of Safari. After doing some research, that message only popped every time I visited the Symantec page regarding the OSX/Inqtana.A worm. Why is this happening? Can someone people help me? What is going on? When I look in the quarantined list, there are cache files there that have been isolated.

Thank you.
Worried Jason...
 
So in other words, Norton is mistaking its own company's description of a worm that doesn't exist in the wild as the worm itself!! That's hilarious!

Sorry Jason, I'm laughing at Norton, not you. There is no way you could have a real infection in your Web cache, that program would only get to you through a Bluetooth link.
 
JasonRyde said:
Please help! I have a question: When I went to my Symantec widget today, it told me about the OSX/Inqtana.A worm. I clicked on the link given within the widget that took me to the Symantec Security Response page. As I was reading about this worm, Norton popped up and said that it had quarantined the OSX/Inqtana.A worm, which was found in my cache of Safari. After doing some research, that message only popped every time I visited the Symantec page regarding the OSX/Inqtana.A worm. Why is this happening? Can someone people help me? What is going on? When I look in the quarantined list, there are cache files there that have been isolated.

Thank you.
Worried Jason...
Click to expand...
Here's how you remove it:
1) open you Applications folder
2) Drag anything with the name "Norton" in it to the trash
3) empty the trash
:D
 
iMeowbot said:
So in other words, Norton is mistaking its own company's description of a worm that doesn't exist in the wild as the worm itself!! That's hilarious!

Sorry Jason, I'm laughing at Norton, not you. There is no way you could have a real infection in your Web cache, that program would only get to you through a Bluetooth link.
Click to expand...

Counterfit said:
Here's how you remove it:
1) open you Applications folder
2) Drag anything with the name "Norton" in it to the trash
3) empty the trash
:D
Click to expand...


So does this mean that I do not have anything to worry about? I did a scan of my Users folder and it found another one. Here was it's location:Where: /Users/username/Library/Caches/Norton AntiVirus 12/12/1518771144-2593876682.cache

Why is this showing up now? Is this coming from Norton's site, did I do anything wrong?

Thanks
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back