OSX/Explloit.Smid B trojan

Discussion in 'ESET Smart Security' started by onetime, Apr 14, 2010.

Thread Status:
Not open for further replies.
  1. onetime

    onetime Registered Member

    Joined:
    Sep 25, 2009
    Posts:
    9
    I’ve had two objects quarantined by NOD32 ESS.

    ~Link removed~jar.php?id=2 :reason. A variant of an OSX/Exploit.Smid.B trojan
    Link removed~jar.php?id=1 :reason. Multiple threats.
    Could either or both have made their way onto the computer through either Java or adobe?
    I’ve submitted them both to ESET, if I delete them will there be anything left behind?
    Could any “damage” been done before the objects were quarantined?

    Are there any questions I should be asking myself and any steps that can be taken to prevent it from happening again?

    Thank you.
     
    Last edited by a moderator: Apr 14, 2010
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    It's highly likely that they came courtesy of java. We're they resident on your drive when detected or caught by web access protection?

    Look at running Firefox with the NoScript addon to block java and flash by default.
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Well the first one is a OS.X threat designed for Mac OS.X
    (I think according to the name it got), meaning it won't do any damage on your Windows PC wich I belive you using?
    But It's good it did get detected since I don't think you want it anyway;)

    NOD32 is crossplatform so it will detect Windows, Mac and Linux malware.

    The second one could do some damage if it wouldn't have got detected though.

    BTW, I just saw that the OSX/Exploit.Smid.B Trojan got added in the 5031 signature update.
     
    Last edited: Apr 15, 2010
  4. onetime

    onetime Registered Member

    Joined:
    Sep 25, 2009
    Posts:
    9
    Using (PC) windows 7 home premium that’s why the osx variant surprised me. I didn’t get a notification of the items being quarantined, so they went unnoticed even though they were added on the first of April.
    I’ll definitely look into Firefox. I never had a need or use for java or flash but they’re “required” to access a government site.
    I’m glad it got detected and that they updated the signatures. This is the only thing able to make its way on other than a rogue AV attempt.
     
Thread Status:
Not open for further replies.