Posted by: David Harley | April 24, 2010

OSX/HellRTS – more info

I’ve been asked for more information on the recent threat that ESET calls OSX/HellRTS.AA. ESET hasn’t put up a description so far, but several other vendors have:

And while I’ve already pointed to descriptions by Intego and Sophos in a previous blog, they are, for completeness, at: 

If you were wondering, the reason that this detection has so many variant names is that nowadays, variant naming tends to reflect the type of detection used in a product rather than the identity of a single binary: otherwise, we’d be seeing malware with names like W32/YetAnotherNastyTrojan.HNEDODENOXQIDSEZZUAUOP… 😉

I’ve written a couple of papers on naming issues: see (written with Pierre-Marc Bureau) and

Mac Virus
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: