[DM-MUG] Finder Issue (Trojan)
AB
anastasia_prittee at yahoo.com
Mon Nov 30 10:34:04 CST 2009
My gut instinctively pegged it for a virus/trojan.... but I've never had one on a Mac. I'd still send a report to the URLs popping up, because it's bad for their reputation, assuming they are a legitimate business. If it's the same URL popping up in the Shared Devices list in the Sidebar, there's the FBI Internet Crimes website you can file a report at in full detail. I did that after I got phishing emails from banks I don't even bank at.
Can you use Time Machine to restore it to an earlier date?
--- On Mon, 11/30/09, Alan Maupin <alan.maupin at gmail.com> wrote:
From: Alan Maupin <alan.maupin at gmail.com>
Subject: Re: [DM-MUG] Finder Issue
To: "Des Moines Mac Users Group" <dmmug at dmmug.org>
Date: Monday, November 30, 2009, 9:23 AM
Yes still there.
On Nov 30, 2009, at 10:13 AM, Jon Thompson wrote:
I wasn't concerned with the trojan being on your computer as so much as the trojan modifying your DNS settings, which are tied with the mDNS that you see in the Shared list.
Am I correct in you saying that the items are still there?
--
Jon Thompson
Evolve
www.dmevolve.com
On Mon, Nov 30, 2009 at 10:02 AM, Alan Maupin <alan.maupin at gmail.com> wrote:
Jon here is a newer article that mentions the trojan spoke of in the previous article you sent, with an updated look at Snow Leopards defense: http://blogs.zdnet.com/security/?p=4139
On Nov 30, 2009, at 8:51 AM, Jon Thompson wrote:
Alan,
Try running the commands in this article, as these types of things could appear if you are using a DNS server that is not one given to you by your ISP.
http://www.macworld.com/article/60823/2007/10/trojanhorse.html
I'm giving you this as a precaution, as well as to eliminate it as a possibility.
--
Jon Thompson
Evolve
www.dmevolve.com
On Mon, Nov 30, 2009 at 2:13 AM, Alan Maupin <alan.maupin at gmail.com> wrote:
AB thank you very much for this information. You are quite the internet sleuth!
On Nov 29, 2009, at 7:21 PM, AB wrote:
When typing in wildfire.gigya.com I got a "directory not listed" message, see screenshot.
I went to the gigya.com website. It is a social media and content management internet based company with offices in CA, NY, and Israel.
Perhaps they can investigate their own security on their servers since the discussion thread mentioned it was a leak in the respective company's network servers.
here's the contact info for them.
Whether you have a comment, a bug to report,
or a press or business inquiry, please use the following contact information.
We will get back to you as soon as possible.
Liza Hausman, Gigya
650.353.4178 Office
Mark Naples, WIT
215.893.0581 Direct
646.265.7372 Cell
Customer Support and Product Feedback Inquiries: support at gigya-inc.com
Sales related inquiries: sales at gigya-inc.com
Partner and Business Development Inquiries: bizdev at gigya-inc.comQuestions Relating to Terms of Use and/or our Privacy Policy:
privacy at gigya-inc.com
Our offices
Palo Alto Office (Corporate Headquarters)
855 El Camino Real
Building 4, Suite 290
Palo Alto, CA 94301
650.353.7230
New York Office.
817 Broadway, 10th Floor
New York, NY 10003-4709
646.722.8137
Tel Aviv Office
132 Begin road
Azrieli round tower (13 floor)
Tel Aviv, Israel 67021
+972.73.7852400
--- On Sun, 11/29/09, Victoria L. Herring <vlh at herringlaw.com> wrote:
From: Victoria L. Herring <vlh at herringlaw.com>
Subject: Re: [DM-MUG] Finder Issue
To: "Des Moines Mac Users Group" <dmmug at dmmug.org>
Cc: alan.maupin at gmail.com
Date: Sunday, November 29, 2009, 5:57 PM
you can go to Apple.com and set up a phone support call and explain the whole problem in the message so the person you speak to has an idea of the reason for the support call. Seems easier than going out to the Apple Store - maybe a first step.
I certainly don't know but if you are having things show up in the finder window you might go to the Prefs for Finder and check on what is listed as contents on sidebar =- I don't know what Neighborhood would be other than perhaps you have Bluetooth or Bonjour enabled??? And they/it are picking up signals??
On Thu, Nov 26, 2009 at 3:33 PM, Alan Maupin <alan.maupin at gmail.com> wrote:
The problem is located in Finder application, on the Shared menu, under the submenu All: random named URL's are showing up and are listed as Neighborhood.
The most recent URL to show up is "wildfire.gigya.com"
It does not go away with a reboot.
Does anyone know what causes this issue? Is it a security issue?
Thanks in advance,
Alan
<Screen shot 2009-11-29 at 6.11.32 PM.png>_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
-----Inline Attachment Follows-----
_______________________________________________
DMMUG mailing list
Use this Address to send mail to the list:
DMMUG at dmmug.org
Use this page to modify subscription options:
http://cialug.org/mailman/listinfo/dmmug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/dmmug/attachments/20091130/2cd49db9/attachment.htm
More information about the DMMUG
mailing list