The company, which sells anti-virus software that, conveniently, protects you against the malware they are identifying, explains that, “When launched, it creates its copy in the user’s home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.”
The malware, “also operates as a keylogger (it sends gathered keyboard input data to intruders); in addition, it steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.”
Sounds pretty scary, especially for Mac users unused to these kinds of threats. Fortunately, the precautions are pretty easy:
1. Check for the offending file in your home directory: search for and remove any files titled ”WIFIADAPT.” (If you don’t have any files with this name on your computer, there is no need to proceed with steps 2 and 3)
2. Block IP address “212.7.208.65” that the Trojan communicates with.
3. Download free trial of Dr. Web anti-virus for OS X or Linux or wait for the BackDoor.Wirenet.1 update from your anti-virus software.
courtesty Anthony Kosner at Forbes
FROM UBUNTU FORUMS:
BackDoor.Wirenet.1 Keylogger is a backdoor trojan that can run on Linux and MacOSX, stealing personal information, passwords, and banking credentials! It copies itself to the user's home directory at
It then creates a connection to a remote IP, currently
Defence and Removal:
/home/WIFIADAPTIt then creates a connection to a remote IP, currently
212.7.208.65Defence and Removal:
- Block that IP with your router / firewall.
- Delete the above directory/files.
No comments:
Post a Comment