You'll get your Mac news here from now on...

Help TMO Grow

Subscriber Login

Advertising Info


The Mac Observer Express Daily Newsletter


More Info

Site Navigation

Home
News
Tips
Columns & Editorials
Reviews
Reports
Archives
Search
Forums
Links
Mac Links
Software
Reports
Contact

March 2nd, 2000

[10:00 AM] Symantec Identifies Trojan Horse Virus Reported Last Week
by Staff

Last week we posted a story about some trojan horse viruses discovered by HOnzua Koudelka of Czechoslovakia. In that report, we relayed the excellent work that Mr. Koudelka and other members of his Czech Mac User's Group had done in tracking down the source of the problem. While that work was sent to Network Associates, makers of Virex, Symantec contacted Mr. Koudelka (with a little help from us), and subsequently got down to the bottom of the situation. If you need more information on this story, check out the original post.

The company tells The Mac Observer that the files are not technically viruses, but are in fact Trojan Horse pranks. However, and this is important, the company stressed that they don't like to announce pranks because people may tend to consider these files to be "safe." Should these files later be modified to become more malicious, people may not take them seriously. Subsequently, Symantec has offered us a description of what the symptoms might be if you installed one of these pranks. According to Symantec:

There was a bug in the installer logic of one of the files that caused it to install a bad Open Tpt Internet Library, which will cause a crash on startup, but will not delete files or otherwise cause damage. This mistake was so blatant and sloppy that we felt it was not intentional. One of the trojans simply moved the mouse cursor to the bottom of the screen after 50 seconds of inactivity, and the other gradually and progressively dimmed the screen until it was at something like 25% brightness. The visual cues (mouse cursor moving off the screen, screen dimming slowly) indicate that someone has picked up one of these trojans.

Also, if the user is experiencing a crash at startup during the extension loading phase, we suggest that he or she look for the file "Open Tpt Internet Library" or "OpenTptInternetLib" in the Extensions folder. In System 8.5.1 the first of these files is around 450K, and the second is around 250K. The bogus versions of these files will only be about 8K in size. Provided that there are no other problems, removing the bogus file will allow the Mac to be restarted successfully.

The files "OpenTptSerial" and "OpenTptLibrary", which look like legitimate shared libraries, but which are actually extensions that perform the pranks, are installed by these trojans.

Also, as usual, Symantec would stress that all Mac users obtain, and make use of, an anti-virus program, and that they keep their virus definitions up to date. Norton AntiVirus 6.0 for Macintosh has been designed to make the updating procedure as quick and as painless as possible, and we naturally recommend it. The web site http://www.symantec.com/avcenter/ contains information about viruses and hoaxes, as well as other kinds of attacks on users systems.

The company will be including these latest files in their next release of the Norton Anti Virus (NAV) virus definitions. The most recent definitions do not include information on dealing with these files.

The Mac Observer Spin: Kudos to Symantec for dealing with this so fast and working to keep the Mac community informed. Kudos to Mr. Koudelka for finding the problem in the first place!

Symantec



Today's Mac Headlines

[Podcast]Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad

We also offer Today's News On One Page!

Yesterday's News

 

[Podcast]Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds

We also offer Yesterday's News On One Page!

Mac Products Guide
New Arrivals
New and updated products added to the Guide.

Hot Deals
Great prices on hot selling Mac products from your favorite Macintosh resellers.

Special Offers
Promotions and offers direct from Macintosh developers and magazines.

Software
Browse the software section for over 17,000 Macintosh applications and software titles.

Hardware
Over 4,000 peripherals and accessories such as cameras, printers, scanners, keyboards, mice and more.

© All information presented on this site is copyrighted by The Mac Observer except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another .