Should be easy to fix. Thanks for the article.

–arden

Checking system commands…

Performing ’strings’ command checks
Checking ’strings’ command [ OK ]

Performing ’shared libraries’ checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Skipped ]

Performing file properties checks
Checking for prerequisites [ Warning ]
The (command properties test) is not completly supported in this version of OSX rootkit hunter
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/kill [ OK ]
/bin/ls [ OK ]
/bin/mv [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/sh [ OK ]
/bin/test [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/login [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/mktemp [ OK ]
/usr/bin/more [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/sed [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/su [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uname [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/sbin/dmesg [ OK ]
/sbin/ifconfig [ OK ]
/sbin/md5 [ OK ]
/sbin/mount [ OK ]
/sbin/nologin [ OK ]
/usr/sbin/chown [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/netstat [ OK ]
/usr/sbin/newsyslog [ OK ]
/usr/sbin/sysctl [ OK ]
/usr/sbin/syslogd [ OK ]
/usr/sbin/vipw [ OK ]
/usr/libexec/tcpd [ OK ]

Checking for rootkits…

Performing check of known rootkit files and directories
55808 Trojan – Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy’s Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe’s Rootkit [ Not found ]
RSHA’s Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]

Performing additional rootkit checks
Checking for possible rootkit files and directories [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for hidden processes [ Skipped ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]

Checking the network…

Performing check for backdoor ports
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 60922 [ Not found ]

Now we run an additional connection check, to inform you about used and listen tcp-ports
and their appropriate process/commands. – This additional check was created by Christian Hornung

There is a LISTEN tcp Port *:64000 created by Process/Command: prl_disp_
There is a LISTEN tcp Port localhost:47807 created by Process/Command: IntegoiCa
There is a LISTEN tcp Port localhost:ipp created by Process/Command: cupsd
There is a LISTEN tcp Port localhost:ipp created by Process/Command: launchd

FYI, named services are described in the file /etc/services

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

Checking the local host…

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ None found ]

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ OK ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Warning ]
Syslog configuration file allows remote logging: install.* @127.0.0.1:32376

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Hidden file found: /usr/share/man/man5/.rhosts.5.gz: gzip compressed data, from Unix

Checking application versions…

Checking version of Apache [ OK ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ OK ]

System checks summary
=====================

File properties checks…
Required commands check failed
Files checked: 80
Suspect files: 0

Rootkit checks…
Rootkits checked : 77
Possible rootkits: 0

Applications checks…
Applications checked: 6
Suspect applications: 0

The system checks took: 35 seconds

All results have been written to the logfile (/tmp/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/tmp/rkhunter.log)

Many thanks to the founder and developer of the original rootkit hunter:
Michael Boelen from http://www.rootkit.nl

any suggestions
also before i put in virus barrier i was getting
en3: flags=8922 mtu 1500 -
i am new to this world please help

If you could find a virus that infected both your Mac then it’s firmware you could definitely sell your computer for 6+ figures to security researchers and/or Apple. And I mean $100,000+ easy. That type of infection simple has not happened on a Mac that I know of.

btw with the possible malware that you thought was redirecting you, was it during a single browsing session or was it permanent even if you rebooted?

Anyway two points. 1) I personally believe we will be seeing more mac malware. I think the resent exploits are just the start and Macs will continue make up a still small but growing part of the large botnets that are out there.
2) The comments here were from a year and a half ago. 1.5 years ago any Mac would be justified in saying 99% of Mac “security” software was utterly useless and not needed. You can’t point at events that transpired after the poster’s initial statement and then claim he should have know better.

I personally highly recommend Little Snitch for every Mac out there. http://www.obdev.at

I took the Macbook to the authorized Apple dealer, who is now after 2 days as much puzzled as I am. He reports that he cannot find in tests anything wrong with the hardware but still cannot install the Leopard from my or his DVDs, also with his own HDDS, inserted in my Mac. We are now waiting for a replacement board to try with my original HDD and installer disks. If that solves the problem, we will be sure on a virus resident on the bios since hardware tests brought no failure results so far.

Not to mention that I tried nearly all antivirus software before going to the dealer. No sign of virus could be found except for Macscan, which reported something he could not describe.

To make a long story short, I would say that bios-viruses are not a myth, I personally believe that they do exist and we need a good protection, which in my experience isn’t currently available for the OSX in the market today.

ME: HAVE YOU SEARCHED GOOGLE DUMBASS???
http://lmgtfy.com/?q=mac+users+infected
http://macenstein.com/default/archives/2328
http://www.domain-b.com/infotech/itnews/20090124_iwork_copies.html

KEVIN: I’m not convinced that any of the rootkits this software actually scans for even function on OS X.

ME: AGAIN HAVE YOU SEARCHED GOOGLE DUMBASS??? Have you even checked how rkhunter works or at least GOOGLED for it? It actually does more than just check for ROOTKITS.
http://www.rootkit.nl/projects/rootkit_hunter.html

notchris

I have my doubts as to how well, or even at all that they could actually be utilized.

Certainly we can look back on the past 3 or 4 years to stories surfacing in January that ‘THIS IS THE YEAR FOR THE MAC VIRUS” only to find exploits available, exploits ’supposedly’ IN THE WILD that never amount to anything. If it genuinely, fully is as easy to pwn (Ghod I hate l33t, it’s so 1993) an OSX machine then there oughta be millions of zombied macs out there happily buzzing away.

As for Trojans, I can’t see how any real defense can be made against them other than understanding you can’t download whatever the devil you wish from the Internet. The OS is SUPPOSED to run applications for heavens sake. Now, one can make sure certain vital organs are not dangling out to get hit by the Trojan’s sword and I think OS X does a reasonably good job doing so.

So what am I saying with this rambling missive?

I’m saying this, have the tools at hand, but don’t be an idiot! I ran on Windows for years with nary a security app and the like and never got hit. Behind OS X I might as well be behind a wall of armor plate steel compared to my windows days.

You may have missed something in the article. The last sentence indicates that Apple has hardened their update mechanism against a man-in-the-middle attack such as this. Just because these fools (the people who created Evilgrade) SAY they can attack OS X’s Software Update doesn’t make it so.

From the article (http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta.php accessed on 8/4/08):

“Krebs also reports that, contrary to the claims of Evilgrade’s authors, Apple has strengthened their update mechanism to defeat this attack. ”

Bot

http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta.php

As for ClamAV, yes, that’s for detecting Windows malware. Don’t even bother looking for something to detect OS X malware, though, as that hinges upon the assumption that there is OS X malware, which is, for all practical purposes, untrue.

I know OS X is generally more secure than Windows, but hearing lately about Quicktime vulnerabilities where code can be executed and what not makes me a little worried.

Reading ClamXav website, it doesn’t look like it’s a security software for OS X. It looks like it’s basically security software for Windows PCs that runs on OS X to make sure you don’t spread Windows malware. Can it even detect OS X malware? I’m looking for something that can.