OSX/OpinionSpy [Threat Name] go to Threat

OSX/OpinionSpy.A [Threat Variant Name]

Category trojan
Size 470352 B
Detection created Mar 23, 2011
Signature database version 5977
Aliases OSX/OpinionSpy (McAfee)
  Spyware:OSX/OpinionSpy.A (F-Secure)
  Trojan:MacOS_X/OpinionSpy.A (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan is usually bundled within installation packages of various legitimate software.


The trojan is usually found in the following folder:

  • /Library/Application Support/Mozilla/Extensions/

The following filename is used:

  • {ec8030f7-c20a-464f-9b0e-13a3a9e97384}

The trojan displays the following dialog box:

Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


It listens on TCP port 8254 .


It can execute the following operations:

  • monitor network traffic
  • send gathered information

The trojan monitors network traffic on the following ports:

  • 443 (HTTPS)
  • 80 (HTTP)
  • 1049
  • 1863 (Instant messaging)
  • 1935 (RTMP)
  • 1353 (RTMPS)

The trojan collects information related to the following applications:

  • Firefox
  • Safari
  • iChat
  • AIM
  • GoogleTalk
  • MSN Messenger
  • Yahoo! Messenger

Please enable Javascript to ensure correct displaying of this content and refresh this page.