Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Extra Extra: the threat is real! A virus takes avantage of this security hole!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Extra Extra: the threat is real! A virus takes avantage of this security hole!
Authored by: xSmurf on Oct 05, '05 10:59:38AM

*** The security hole in LittleSnitch is not pure speculation. A virus already has taken advantage of it! ***

I was looking to see what the web had to say about LittleSnitch's security (googling with the terms "LittleSnitch Security") and something very interesting came up from Symantec's virus description page (http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html)

"SH.Renepo.B is a data-collecting script virus that only runs on Mac OS X systems.
[...] When the virus is executed, it does the following: [...]
15. Looks for LittleSnitch software (a shareware Firewall program with application control) and tries to terminate the process, when LittleSnitch attempts to perform network access."

So I decided to search around a bit more to see what I could find. These are my findings. They are not exactly structured, but a lot of information can be found on these sites.

This information is well documented on many sites such as:

*** Objective Development has been aware of this for over a year but seamed to have decided not to act! ***
http://www.mail-archive.com/littlesnitch-talk@obdev.at/msg00132.html
(Note that they never mention in the mailinglist post that the opener kills the LittleSnitch daemon!)

The opener was featured on: More information about the SH.Renepo.B virus : Current Aliases used for this Virus:
  • SH.Renepo (CA)
  • SH.Renepo.B (Symantec)
  • SH/Renepo-A (Sophos)
  • SH/Renepo.A (Panda)
  • Worm.MacOS.Opener.a (Kaspersky)
  • MacOS.Renepo.A
  • MacOS.Renepo.B
  • MAC_RENEPO.B
  • Unix/Opener.worm
I have posted this information on LittleSnitch's mailing list. You can view this post here

---
SnitchCTL : Flawed security makes it fun! http://snitchctl.smurfturf.net/

PM G4 DP 800 / 1.25gb / 120Gb+80Gb / CD/DVD±RW/RAM/DL
- The only APP Smurf

[ Reply to This | # ]