Home / malware Worm.Mac.Autostart.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
Worm.Mac.Autostart.A is also known as Worm.MacOS, MacOS/Autostart.B.W, MacOS/Autostart.D.
Explanation :
This worm affects computers running MAC OS with PowerPC processors with QuickTime v.2.0 or later installed and enabled CD-Rom AutoPlay feature.
When an infected media is attached it will run the invisible malware file in the root of the media, which can be named:
* DB;
* BD;
* DELDB.
If the host computer is not infected it copies itself to the extensions folder ("/System/Library/Extensions/") with one of the following names:
* "Desktop Print Spooler";
* "Desktop Printr Spooler";
* "DELDesktop Print Spooler",
and this copy will have the hidden/invisible attribute set.
After having itself in the extension folder it restarts the computer. At each restart/start of the computer it will get launched but it will not appear in the list of processes.
At certain intervals it will scan and infected mounted volumes.Last update 21 November 2011
