This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects OSX.Seadoor activity on compromised machine.
Once executed, it does following:
Copies itself as following:
It creates entry on following in order to execute itself when computer boots.
It opens DSC00117.jpg file in its body.
Then the threat connects to a command and control server to receive commands:
servicemsc.sytes.net on TCP port 7777
It may receive following commands:
Get System Information(version, memory size, machine type, disk size, serial number)
Get User name
Get process list
Create tar archive
Obtains name or path of Login Item, including hidden Login Item.
Delete Login Item.
Create new hidden Login Item.
Change audio volume.
Download file as /User/Shared/up.zip