Inside GT Global

Luxembourg CIRC develops LaunchAgent monitoring tool for OS X

Apr 23, 2012 Blog 0 Comment
Luxembourg CIRC develops LaunchAgent monitoring tool for OS X

Estonian hackers have been going around changing your DNS without your knowledge. Such attacks include some recent and notable malware scams in OS X including DNSChanger, MacDefender, and the most recent Flashback malware.

Related: Service Desk & Small Business Services for OS X

Fear not, Computer Incident Response Center of Luxembourg has made a new tool to monitor and fix any attempts at your OS X system.

Source: Cnet

Computer Incident Response Center of Luxembourg (similar to US-CERT) created a small and convenient utility based on my procedure, that can perform these steps for you. By simply running the application, you’ll enable Folder Actions and bind the appropriate scripts to the LaunchAgent and LaunchDaemon folders on the system.

If you haven’t already enabled this feature, then I highly recommend you do so either with this utility or through the manual approach I outlined; however, regardless of which approach you take, be sure to check the results by opening the Folder Actions Setup utility in the /System/Library/CoreServices/ folder, and use it to check the scripts bound to each folder. You can also ensure the scripts work as intended by revealing these folders (click the Show Folder button in the utility to do so for the highlighted folder) and dragging any file to them — this should result in a warning about the change.

This tool from CIRCL is a great option to use, especially if you wish to enable these notifications on multiple systems; however, as with my original instructions, it enables notifications on only the folders that automatically launch scripts in OS X. This should be plenty to help proactively counter malware attacks, but this notification system can be used for more than just LaunchAgent folders.