|[9:00 AM] Czech Mac User Group Discovers What Could Be New Mac Viruses
The Czechs got it going on, if you'll pardon the vernacular. HOnza Koudelka reports finding what may be some new viruses that he says Virex does not yet recognize. Mr. Koudelka is President of KPPM - The Czech Mac User Group. He has notified Network Associates, the makers of Virex, and sent us the letter he sent them. According to Mr. Koudelka: [Warning: Some file names listed in this letter include language some may consider offensive.]
I would like to inform you that we have caught new Macintosh trojan horses which are not covered by your latest definitions.
The files were uploaded onto our pubic FTP/Hotline server within the last 15 hours. The person who uploaded them was using several IP addresses from the range 126.96.36.199 - 188.8.131.52 (seems like PPP connection).
The trojan horses were uploaded with the following names:
Virex 6.1 patch
They are all installers that install several system extensions. The extensions are masked as OpenTransport libraries so laic user mostly will not consider them unusual.
Our technical specialist debugged the installers and also the extensions installed by them and discovered that at least one of them may be destructive because it's using low level Device Manager calls very often.
If you want the files to do your own research, please let me know and I'll send them to you.
I will also greatly appreciate if you can help me with finding the distributor and performing a legal action against him. I can give you exact times when he was on-line and what IP addresses he was using. I guess the clues may be still hot enough to catch this virus distributor, so your quick assistance can help significantly.
Thanks to Mr. Koudelka for finding and acting on this information. If you see files with these names, beware.
The Mac Observer Spin: Hopefully this will turn out to be a false alarm, but none of those files listed should be installing system extensions. If they do turn out to be viruses or other destructive files, we can hope that Mr. Koudelka's information on where these files were uploaded from can be used to visit some form of legal punishment to the creators.