Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Eblaster software removal and other issues

RolandSC

Anyone got experience of how to remove Eblaster and bolt ons from Mac system? It was installed by someone checking up on the users and was thus a "permitted" install. I don't believe the software provider when they say it is remotely removed, plus they have been getting text messages off of the Iphone when it connects to the Mac which wasn't a feature of the software. FInal thought the mail reports, now seen, do not look like the ones in the web advertising.

I suspect then that a version that is much more aggressive has been installed and is still running. Is it right to be worried? How can I manually check for this or any other threats come to that? WIll Sophos product find it and kill it? DO Trojans like this spread across a Mac network as easily as they do in the Windows world?

Questions questions.

:1003133


This thread was automatically locked due to age.
Parents
  • 0

    It's not quite as dire as all that; these aren't being "installed" on a remote machine via email -- they're purely being "received" via email, at which point Sophos detects the malicious files and blocks it from access.  Safari is a bit more dangerous, as a zipped pkg file will automatically run on download, and Safari can be set to autodownload the zip.  This means that as soon as a security hole is found in one of the filetypes that get automatically run, there will be a problem, but so far pretty much everything in the wild needs the human element to actually run anything malicious.

    The potential is definitely there though, now that the FakeAV affiliate gangs are turning to OS X for revenue.  They're currently using 6-year-old attack techniques, but as the malware authors gain competency on par with where they are on Windows, OS X will have the exact same issues, even if the volume of unique attacks is smaller.

    :1003171
Reply
  • 0

    It's not quite as dire as all that; these aren't being "installed" on a remote machine via email -- they're purely being "received" via email, at which point Sophos detects the malicious files and blocks it from access.  Safari is a bit more dangerous, as a zipped pkg file will automatically run on download, and Safari can be set to autodownload the zip.  This means that as soon as a security hole is found in one of the filetypes that get automatically run, there will be a problem, but so far pretty much everything in the wild needs the human element to actually run anything malicious.

    The potential is definitely there though, now that the FakeAV affiliate gangs are turning to OS X for revenue.  They're currently using 6-year-old attack techniques, but as the malware authors gain competency on par with where they are on Windows, OS X will have the exact same issues, even if the volume of unique attacks is smaller.

    :1003171
Children
No Data