Author Topic: WireLurker (Read 3538 times)

irongod · « **on:** November 07, 2014, 01:25:23 PM »

Is the malware "WireLurker" detected by Avast Mac?

I could not find it in the definition update list.

specimen9999 · « **Reply #1 on:** November 07, 2014, 02:17:58 PM »

1. Wirelurker is not a malware, it's a vulnerability iOS. A malware may take advantage of this vulnerability, the known implementation of Wirelurker has been shut down by revocation of the Certificate, however, the vulnerability still exists.

2. Because this is a vulnerability in the OS, it's up to Apple to patch, it's up to Avast to keep track of any malware that uses it.

irongod · « **Reply #2 on:** November 07, 2014, 02:43:37 PM »

Thanks for the clarification!

I read about the Apple countermeasure, but I was wondering whether it would have been detected and stopped by Avast before actually running on OSX....

Pondus · « **Reply #3 on:** November 07, 2014, 03:09:37 PM »

Info: .... and lots more if you google it

http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
http://www.zdziarski.com/blog/?p=4140

Secondmineboy · « **Reply #4 on:** November 08, 2014, 03:19:26 PM »

Heres a detection report on 8 Wirlurker files from VT:

File found: mci (2)
SHA256 hash:93856f704db2efe2e2262e6c710a23d03d6b0748c02e4d5d8d2d4e25f56a8b32
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by NANO-Antivirus - Trojan.Mac.WireLurker.diiken
Detected by Symantec - OSX.Wirelurker
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by Avast - MacOS:WireLurker-B [Trj]
Detected by ClamAV - Ios.Trojan.Wirelurker
Detected by Kaspersky - Trojan-Downloader.OSX.WireLurker.a
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by Tencent - Win32.Trojan-downloader.Wirelurker.Swkx
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - Trojan-Spy:OSX/WireLurker.A
Detected by DrWeb - Mac.BackDoor.WireLurker.1
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-B
Detected by Avira - MACOS/WireLurker.A.3
Detected by ViRobot - Trojan.S.MacOS.WireLurker.69140
Detected by GData - MAC.IOS.WireLurker.B
Detected by AhnLab-V3 - OSX64-Trojan/Wirelurker
Detected by ESET-NOD32 - OSX/WireLurker.A
Detected by Ikarus - Trojan.IOS.Wirelurker
Detected by Fortinet - iOS/WireLurker.A!tr
Detected by AVG - OSX/WireLurker.A
Detected by Qihoo-360 - Trojan.Generic
Detection ratio: 27 / 54
Analysis date: 2014.11.08. 7:44:52
*******************************************************************************
File found: mci (3)
SHA256 hash:7250644ce5b202d05e52cf1c60f36c98ca5400c00a3afd22951a6afc9e8ce1f2
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by NANO-Antivirus - Trojan.Mac.WireLurker.diiqir
Detected by F-Prot - MacOS/WireLurker.A
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by Avast - MacOS:WireLurker-B [Trj]
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by Kaspersky - Trojan.OSX.WireLurker.a
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by Tencent - Win32.Trojan.Wirelurker.Kjup
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - MAC.IOS.WireLurker.B
Detected by DrWeb - Mac.BackDoor.WireLurker.1
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-A
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLurker.A.4
Detected by ViRobot - Trojan.S.MacOS.WireLurker.31196.A
Detected by GData - MAC.IOS.WireLurker.B
Detected by AhnLab-V3 - OSX64-Trojan/Wirelurker
Detected by ESET-NOD32 - OSX/WireLurker.A
Detected by Ikarus - Trojan.IOS.Wirelurker
Detected by Fortinet - iOS/WireLurker.A!tr
Detection ratio: 26 / 53
Analysis date: 2014.11.08. 7:44:55
*******************************************************************************
File found: mci (4)
SHA256 hash:7d3acad83a132dd2f52928122ad783693e87de07322e022e09199428a9399214
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by NANO-Antivirus - Trojan.Mac.WireLurker.diicfk
Detected by F-Prot - MacOS/WireLurker.A
Detected by Symantec - OSX.Wirelurker
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by Kaspersky - Trojan.OSX.WireLurker.c
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - Trojan-Spy:OSX/WireLurker.C
Detected by DrWeb - Mac.BackDoor.WireLurker.3
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-B
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLurker.A.12
Detected by GData - MAC.IOS.WireLurker.B
Detected by ESET-NOD32 - OSX/WireLurker.C
Detected by Ikarus - Trojan.OSX.Wirelurker
Detected by Fortinet - iOS/WireLurker.C!tr
Detection ratio: 23 / 54
Analysis date: 2014.11.08. 7:44:57
*******************************************************************************
File found: mci (5)
SHA256 hash:15ed4e5030fac728109571912bb2af8e6031f96a6b8b1dbc076d32a64c2550be
Retrieving report...
Detected by K7GW - Trojan ( 0001140e1 )
Detected by F-Prot - MacOS/WireLurker.A
Detected by Symantec - OSX.Wirelurker
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by TrendMicro - OSX_WIRELURK.A
Detected by Sophos - iPh/WireLurk-B
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLuker.affw
Detected by AhnLab-V3 - IOSX64-Trojan/Wirelurker
Detected by ESET-NOD32 - iOS/WireLurker.B
Detected by Ikarus - Trojan.IOS.Wirelurker
Detection ratio: 12 / 54
Analysis date: 2014.11.08. 7:45:00
*******************************************************************************
File found: mci (6)
SHA256 hash:88a902fbcf8a8c90eaa645d795c3b995dc9d6db9811403edca5f0f878e6d06f2
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by NANO-Antivirus - Trojan.Mac.IphoneOS.diijyk
Detected by F-Prot - MacOS/WireLurker.A
Detected by Symantec - OSX.Wirelurker
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by Avast - MacOS:WireLurker-E [Trj]
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by Kaspersky - Trojan-Spy.IphoneOS.WireLurker.a
Detected by BitDefender - MAC.IOS.WireLurker.A
Detected by ViRobot - Trojan.S.MacOS.WireLurker.296288
Detected by Tencent - Win32.Trojan-spy.Wirelurker.Pgcw
Detected by Ad-Aware - MAC.IOS.WireLurker.A
Detected by Emsisoft - MAC.IOS.WireLurker.A (B)
Detected by F-Secure - Trojan-Spy:iPhoneOS/WireLurker.A
Detected by DrWeb - IPhoneOS.BackDoor.WireLurker.2
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - iPh/WireLurk-A
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLurker.A.88
Detected by GData - MAC.IOS.WireLurker.A
Detected by ESET-NOD32 - iOS/WireLurker.A
Detected by Ikarus - Trojan.IOS.Wirelurker
Detected by Fortinet - iOS/WireLurker.B!tr
Detected by Qihoo-360 - Trojan.Generic
Detection ratio: 27 / 54
Analysis date: 2014.11.08. 7:45:03
*******************************************************************************
File found: mci (7)
SHA256 hash:98a01e7d0d5cbefa5569b1bcb5881b1f6618d18fe7e1e6ab1c4e8b02c14d1693
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by Avast - MacOS:WireLurker-A [Trj]
Detected by ClamAV - OSX.Trojan.Wirelurker
Detected by Kaspersky - Trojan.Shell.WireLurker.a
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by ViRobot - Trojan.S.MacOS.WireLurker.552
Detected by Tencent - Win32.Trojan.Wirelurker.Loie
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - MAC.IOS.WireLurker.B
Detected by DrWeb - Mac.BackDoor.WireLurker.1
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-A
Detected by Avira - MACOS/WireLurker.A.81
Detected by GData - MAC.IOS.WireLurker.B
Detected by AhnLab-V3 - SH/Wirelurker
Detected by ESET-NOD32 - OSX/WireLurker.A
Detected by Ikarus - Trojan.OSX.Wirelurker
Detected by Fortinet - iOS/WireLurker.A!tr
Detected by AVG - OSX/WireLurker.A
Detection ratio: 22 / 54
Analysis date: 2014.11.08. 7:45:06
*******************************************************************************
File found: mci (

SHA256 hash:241c004b73f4bd5006aca32bbe7eef30d03beab1b18d6a4597cea57234f71afe
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by F-Prot - MacOS/WireLurker.A
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by Kaspersky - Trojan.OSX.WireLurker.c
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by NANO-Antivirus - Trojan.Mac.WireLurker.diiqis
Detected by Tencent - Win32.Trojan.Wirelurker.Svqs
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - MAC.IOS.WireLurker.B
Detected by DrWeb - Mac.BackDoor.WireLurker.1
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-B
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLurker.A.8
Detected by GData - MAC.IOS.WireLurker.B
Detected by ESET-NOD32 - a variant of OSX/WireLurker.C
Detected by Ikarus - Trojan.OSX.Wirelurker
Detected by Fortinet - iOS/WireLurker.C!tr
Detection ratio: 23 / 54
Analysis date: 2014.11.08. 7:45:09
*******************************************************************************
File found: mci (1)
SHA256 hash:84759a091bd591f741ce16f85a229c90f4e2299a51c1899e6240c277aef11934
Retrieving report...
Detected by McAfee - OSX/MAChook
Detected by K7AntiVirus - Trojan ( 0001140e1 )
Detected by K7GW - Trojan ( 0001140e1 )
Detected by NANO-Antivirus - Trojan.Mac.WireLurker.diirfm
Detected by F-Prot - MacOS/WireLurker.A
Detected by TrendMicro-HouseCall - OSX_WIRELURK.A
Detected by ClamAV - OSX.Trojan.Wirelurker-1
Detected by Kaspersky - Trojan.OSX.WireLurker.c
Detected by BitDefender - MAC.IOS.WireLurker.B
Detected by Ad-Aware - MAC.IOS.WireLurker.B
Detected by Emsisoft - MAC.IOS.WireLurker.B (B)
Detected by F-Secure - MAC.IOS.WireLurker.B
Detected by DrWeb - Mac.BackDoor.WireLurker.3
Detected by TrendMicro - OSX_WIRELURK.A
Detected by McAfee-GW-Edition - OSX/MAChook
Detected by Sophos - OSX/WireLurk-B
Detected by Cyren - MacOS/WireLurker.A
Detected by Avira - MACOS/WireLurker.A.11
Detected by GData - MAC.IOS.WireLurker.B
Detected by ESET-NOD32 - a variant of OSX/WireLurker.C
Detected by Ikarus - Trojan.OSX.Wirelurker
Detected by Fortinet - iOS/WireLurker.C!tr
Detection ratio: 22 / 53
Analysis date: 2014.11.08. 7:44:49
*******************************************************************************

specimen9999 · « **Reply #5 on:** November 08, 2014, 03:56:02 PM »

4 out of 7 for Avast!, not a stellar performance there. Sophos and Avira (the major 'free' competitors on the Mac platform) detected 7 out of 7.

Secondmineboy · « **Reply #6 on:** November 09, 2014, 11:19:12 AM »

Small report from Symantec: http://www.symantec.com/security_response/writeup.jsp?docid=2014-110714-3329-99&tabid=2

Author Topic: WireLurker (Read 3538 times)

irongod

WireLurker

specimen9999

Re: WireLurker

irongod

Re: WireLurker

Pondus

Re: WireLurker

Secondmineboy

Re: WireLurker

specimen9999

Re: WireLurker

Secondmineboy

Re: WireLurker