Home>Network Worms>Internet Worms>

Worm.OSX.Inqtana.a

Alert Level :	Medium
Discovered:	Feb 24 2006
Tag:	Internet   Worms
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

Inqtana is a Mac OSX worm that spreads via Bluetooth. It propagates by sending an Object Exchange (OBEX) Push data transfer request to the potential victim machine. If the user accepts the request, the worm exploits a Bluetooth File and Object Exchange Directory Traversal vulnerability to gain access to locations outside the Bluetooth File and Object Exchange service path.

The worm drops two files, named com.openbundle.plist and com.pwned.plist to the LaunchAgents directory to ensure that it will be launched automatically when the victim machine is rebooted. w0rm-support.tgz, which contains the worm components, is dropped to /Users/.

Once the operating system has been restarted, com.openbundle.plist unpacks the worm components and com.pwned.plist executes the worm main binary . Inqtana than attempts to replicate by scanning for devices which have Bluetooth enabled. It will then send itself to to any devices found that support Object Exchange (OBEX) Push requests.

0

Removal Worm.OSX.Inqtana.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware