Author : Ag_Raed
Location : Tunisia
??? ???? ??????? ??????
Bism ellah al ra7men al ra7im
This is OSX.Raedbot a.k.a OSX.Tored-Fam the very first mac os X botnet the very first mac os X email-worm , a Proof-Of-Concept
malware written in RealBasic specialy for mac os which i have coded one year ago and decided to share the source code after its
high media-attention
The purpose of c0ding this malware is to present a novel approach to mac os X malwares however this malware contains a feature never seen before in the malware history it is able to run accross
multiple platforms Windows , Linux and Mac OS x and this represents a Cross-Platform innovation .
*** The worm's features are :
- Copy itself with random name to : System folder
Shared folders
StartUp folder
Preferences folder
- Rootkit functionnality : hiding and locking itself
- Using its own SMTP engine to Mass-Mail its self to all emails located on the local address book ( bug in Tored.A fiXed )
- Propagates through network shares and removable drives
- Propagates throught iChat ( The AppleScriptMBS should been included to the project )
- Try to erase and to terminate all files or proccess which its names contain " Anti " , " Virus " or " Malware " character via Spotlight desktop-search
- Connect back to a server to act as a bot
_____________________________________
*** The Bot's features are :
_ Download and eXecute additionnal files from a remote HTTP server
_ Update itself
_ Uses the computer's speech synthesizer to pronounce a specifie text string remotely
_ Start/Stop keylogging remotely ( Online keylogger to steal sensitive informations )
_ Open a specifie URL with default web browser remotely
_ Scan harddrives to list all files and directory remotely
_ Perform DDos attacks
_ Provides a remote desktop functionality
_ Perform spamming over mails and ability to configure the mails options ( subjects , messages .. ) remotely
_ Perform IM spamming over iChat and ability to configure the IM messages remotely ( Via AppleScript )
_ eXecute remote shell commands remotely
_ eXecute a file remotely
_ eXecute an AppleScript c0de remotely
_ Search a specifie file remotely via Spotlight desktop-search
_ Listen to a specifie port
_ Establish new connections
_ Redirect the botnet to another server
_______________________________________
To be sure this malware never spreaded as media and AVers pretend , this was only a deal between me and my self to c0de an advanced
mac os X malware and i have realy too many more important project to accomplish , n0thing more !!! so you take your responsiblity
if you spread it , this is only for EDUCATIONAL purposes DONT FUCK !
- s0rry for the bad english -
*** Great ThanX to : ( ' * ' describe the friendly relation and the size of greets )
Metalkid ( ******** )
Synge ( ****** )
HichemTahri ( *** )
zer0p ( *** )
fAMINE ( *** )
Noteworthy ( ** )
Squezer ( ** )
Sky0ut ( ** )
GenetiX ( ** )
DrWhax ( ** )
Cyneox ( * )
Benny ( * )
izee ( * )
WarGame ( * )
Retr0 a.k.a wahankh (* )
Urgo32 ( * )
Dr3f a.k.a onrop ( * )
VxF ( * )
to all people on #virus #vxcode @ Undernet N to all the other VXers N AVers who have supported the project .
__________________________________________
*** Detection names and virus descriptions
-- http://www.f-secure.com/v-descs/worm_osx_tored_a.shtml
Worm:OSX/Tored.A ( F-Secure )
-- http://www.symantec.com/security_response/writeup.jsp?docid=2009-050514-1952-99
OSX.Tored@mm ( Symantec )
-- http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=OSX_TORED.D
OSX_TORED.D ( Trend Micro )
-- OSX.Worm.Tored.A ( iAntivirus )
-- OSX/Tored.worm ( McAfee )
-- Email-Worm.OSX.Tored.a ( Kaspersky )
-- http://www.sophos.com/security/analyses/viruses-and-spyware/osxtoredfam.html
OSX/Tored-Fam (Sophos)
-- OSX/Tored ( CA )
-- Backdoor:MacOS/Tored.A ( Microsoft )
-- http://www.precisesecurity.com/threats/virus/osxraedbot/
OSX.Raedbot ( PreciseSecurity )
*** Articles about
A Cross-Platform innovation
- http://www.scmagazineus.com/mac-worm-poses-little-risk-represents-cross-platform-innovation/article/136219/
About Tored-Fam
- http://www.spamfighter.com/News-12581-Sophos-Discovers-Two-New-Malware-for-Mac-Computers.htm
- http://www.hkactivity.com/how-to-remove-tored-fam-mac-osx/
*** Contact
X-Ag_Raed-X( at )hotmail( dot )fr
评论0