Apple antivirus/anti-malware.

[BrainEater]

heh.

Mac OSX version 10.5.8
Dual 2Ghz PowerPC g5's
6 Gb ddr2

Open admin password
Firewall set to allow all
WOL admin active
Full share allow to guests
Guest account half open....

Sheesh....yea more secure BS.This can't be the default settings....wow.....I havnt even opened the BT.

Mebbie this IS the problem , I'm scanning it now with diff stuff , and writing down what I find....

hmmm....

:blarg:

 

[Desiato]

I know that when a unix machine is compromised by a decent root kit, even experienced admins have problems tracking it down within the OS itself. Same with Windows, of course; but there's so much poorly implemented malware for windows, many tend to forget this.

As for what's possible, once compromised, the sky is the limit. I imagine most unix exploit tools can be compiled in OSX. That is, for scanning and attacking other systems within the network.

Why don't you start with the evidence that your IT team is basing their assessment on? Or are they just making an assumption?

As for the security of the G4 OSX platform, it's definitely extremely vulnerable. Two minutes of research on Google can verify this. The safe way to continue using that hardware is a Linux distro. Even if it wasn't used in this particular incident, it's idiotic to continue using an unsupported OS in a business environment. Someone should be flayed for that.

 

[BrainEater]

Sounds like good advice.

Here's the score :

We are a company going from 'hobby' to 'professional corporation ' . In every aspect... I'm not even the IT guy , I'm just helping out , I'm a fabricator/maintenance guy.

I'm not sure if this mac is rooted or not ,still checking ....all I know , is , every single setting related to being secure was wiiiiiiide open.Ugly.I'd personally never allow that kinda $hit on MY network....but anyways , It's the evidence I'm looking for.Apparently , there's no infections on the other 15 pc's , but this mac had those settings and Vuze wide open..

sheesh.

I know the IT guy , he's working his ass off too , we are getting shit squared away.

----

This mac will never be allowed into our building again I'm afraid , ain't my decision....but it's owned by a friend tho , so I want to help em out....it's got a massive collection of music....

Save/nuke/pave ?

 

[Desiato]

It's been a long time since I was actively interested in network security, so this is extremely far from professional advice, but here's what I might do in your situation:

- I wouldn't spend much time in the OS itself, especially if you're not familiar with it. If the logs don't reveal anything, and there's no obvious signs such as recently modified executables or changes to users, I'd move on to external detection
- some of this *might* be relevant: Intrusion Discovery Cheat Sheet (Linux) | My Stupid Forensic Blog
- for external detection, I might connect it directly to a linux system via a crossover cable to an adapter set to promiscuous mode and monitor its activity through something like Wireshark - Wikipedia, the free encyclopedia
- I might do the same for each of the Windows systems considering there are so few
- If the source of the intrusion cannot be confirmed, I'd reimage everything