Destroyer Worm Mac OS

Destroyer Worm Mac OS

June 02 2021

Destroyer Worm Mac OS

Nearly three years after the last Macintosh-specific virus appeared on the scene, a new piece of Macintosh malware (code designed with malicious intent) has appeared. The worm, which is designed to overwrite data files, has spread rapidly in the desktop publishing community in Hong Kong, where it was first spotted. (Unlike a virus, which must attach itself to other software in order to function, a worm executes by itself.)

Nuke Destroyer 1.0 for Mac can be downloaded from our website for free. This free Mac app is an intellectual property of Job and Esther Technologies. Our built-in antivirus scanned this Mac download and rated it as 100% safe. Nuke Destroyer for Mac lies within Games, more precisely Arcade. RELATED: Mac OS X Isn't Safe Anymore: The Crapware / Malware Epidemic Has Begun Malwarebytes makes well-regarded security utilities for Windows. Malwarebytes originally expanded into the Mac security software arena by purchasing and rebranding a popular application named “Adware Medic” that we and others have used successfully in the past.

Mac

The worm, which anti-virus analysts have dubbed Autostart-9805, takes advantage of a feature in QuickTime 2.0 and later that enables CD-ROMs to start a program immediately upon insertion. In QuickTime 2.5 and later, the QuickTime Settings control panel lets the user disable this feature.

Destroyer Worm Mac Os X

Inner Workings — Analysts say the worm can be transmitted via almost any HFS or HFS+ disk volume, including floppy disks, most removable cartridge drives, magneto-optical disks, recordable CD disks, hard disks, and even mountable DiskCopy or ShrinkWrap disk image files. The worm only operates on a PowerPC system running the Mac OS, and will only initially infect a computer that’s running QuickTime 2.0 or later with the CD-ROM AutoPlay feature enabled.

Infected disks contain an invisible application file named DB of type APPL and creator ???? in the root directory, and the AutoPlay attribute is set in the disk’s boot blocks. When the infected disk is mounted, the DB application launches and copies itself to the Extensions folder of the active System Folder. The copy, also an invisible file, is named Desktop Print Spooler and its type is appe (don’t confuse this file with the visible and legitimate Desktop Printer Spooler extension). The worm then restarts the computer, and reloads into memory via the invisible Desktop Print Spooler, which runs as a faceless background application and doesn’t appear in the Application menu.

Destroy your desktop as you wish. With the keys 1 to 9 you may select the following weapons: 1: Use a hammer to smash the screen. 2: Cut the desktop with a chainsaw. 3: Shoot with a machine gun. 4: Make it sizzle with your flamethrower. 5: Put stamps on the desktop. 6: Let the termites work for you. Anvir Virus Destroyer free download - Desktop Destroyer, Multi Virus Cleaner 2011, Symantec Virus Definitions & Security Updates (32-bit), and many more programs.

About every thirty minutes, the worm examines all mounted volumes, and attempts to infect any that aren’t infected by copying itself back to the root directory as DB with AutoPlay enabled. It then searches mounted volumes for files whose names end with 'data', 'cod', or 'csa' and whose data forks are larger than 100 bytes, or files ending with 'dat' that are larger than about 2 MB. When it finds such a file, the worm overwrites approximately the first 1 MB of the data fork with garbage.

Are You Infected? So far, anti-virus experts don’t believe AutoStart-9805 has spread much beyond the desktop publishing community in Hong Kong, so it should be possible to keep it from spreading much farther. Check with your anti-virus utility publisher for the latest updates, keeping in mind that outdated virus definition files are useless! Visible symptoms you can check for include:

  • The system unexpectedly restarts after mounting a volume, which is when the initial infection occurs.

  • The application name DB flashes briefly in the menu bar when the application launches.

  • A disk volume contains an invisible application file named DB in the root directory, or the invisible Desktop Print Spooler file in the Extensions folder. Use ResEdit, Norton Disk Editor, the Mac OS Find File utility (press Option while clicking on the Name menu to reveal a Visibility item), or a similar tool to search for invisible files.

  • A process named Desktop Print Spooler is visible when using tools like Process Watcher or MacsBug.

  • Extensive, unexplained disk activity every 30 minutes.

Prevention — The risk of a new infection can be effectively eliminated by disabling the CD-ROM AutoPlay feature in the QuickTime Settings control panel in QuickTime 2.5 or later, though this will not help if the system is already infected. It also will not prevent an infected Mac from creating the invisible DB files on a system whose volumes are shared on a network. Versions of QuickTime prior to 2.5 lack the means to disable the AutoPlay feature, so Apple’s QuickTime group recommends upgrading to QuickTime 2.5 if you have an older release. Disabling Audio CD AutoPlay is unnecessary, as ordinary audio CDs cannot carry this worm.

<ftp://ftp.info.apple.com/Apple_Support_Area/ Apple_SW_Updates/US/Macintosh/System/ QuickTime/Older_QuickTime/> https://casino-online-betfair-poker-streams-fpfaq.peatix.com.

Destroyer Worm Mac Os Download

Utilities — Dr. Solomon’s Anti-virus Toolkit and Virex have been updated to handle this worm, and Symantec expects to release an update for SAM. John Norstad’s freeware Disinfectant cannot detect this problem, so he recommends using an up-to-date commercial utility that does. He plans to make an announcement soon as to whether Disinfectant will be updated to handle Autostart-9805.

<http://www.drsolomon.com/products/avtk/ps_ mac.html>
<http://www.drsolomon.com/products/virex/>
<http://www.symantec.com/sam/>
<ftp://ftp.nwu.edu/pub/disinfectant/>

Mac

Destroyer Worm Mac Os 11

Ocean highway patrol mac os. Apple’s QuickTime evangelist Charles Wiltgen expressed the company’s delight that 'the commercial utility vendors have responded to this as quickly as they have.' Wiltgen encourages QuickTime users to disable the CD-ROM AutoPlay feature unless they have a specific need for it, and to obtain and use a current anti-virus utility.

Destroyer Worm Mac OS

Leave a Reply

Cancel reply