1. Symantec/
  2. Security Response/
  3. MacOS.MW2004.Trojan

MacOS.MW2004.Trojan

Risk Level 1: Very Low

Discovered:
May 12, 2004
Updated:
May 14, 2004 9:39:53 AM
Systems Affected:
Mac
MacOS.MW2004.Trojan is a Trojan horse targeted at Mac OS X. It masquerades as an installer of Microsoft Word 2004, named "Microsoft Word 2004 OSX Web Install" (taken from the Microsoft Office "Welcome" application).

When launched under OS X, it attempts to delete the user's home directory (that is, /Users/<current user name>) and all of its contents. The actual deleted files will depend on the user and file permissions.

It is actually a compiled AppleScript file that, when launched under OS X, performs the UNIX shell command:

rm -rf ~

This command attempts to delete the current user's home directory and its contents. Deleting the home directory for most users is not possible, since the root user owns it.

The user may not have permission to delete all the files or folders within the home directory. In these cases an error message appears saying:

"rm: /Users/<current user name>: Permission denied"

However, the trojan deletes many files and folders.

When the user logs in as root, the entire root folder and its contents is deleted. The above message does not appear.
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube