phretor/blackholeratcheck.sh

## blackholeratcheck.sh
#! /bin/sh
# Quick and dirty check for BlackHole RAT (OSX/MusMinim-A)
#   * http://www.sophos.com/security/analyses/viruses-and-spyware/osxmusminima.html
#
# USAGE:
# - Copy this file in your Desktop
# - Open Terminal.app
# - Run the following commands:
#   - cd ~/Desktop
#   - chmod +x blackholeratcheck.sh
#   - ./blackholeratcheck.sh
#
# DISCLAIMER: This script can lie to you :)
#
/usr/sbin/netstat -n -p tcp | awk '{print $5}' | awk -F\. '{ print $5}' | sort -u | grep -q -E '^(7777|7779|7780|7781|7782|9999|10000|10001|10004|10005)$' && echo 'You are probably infected by OSX/MusMinim-A (BlackHole RAT)' || echo 'Your Mac looks clean. But try an A/V product anyways.'
	#! /bin/sh
	# Quick and dirty check for BlackHole RAT (OSX/MusMinim-A)
	# * http://www.sophos.com/security/analyses/viruses-and-spyware/osxmusminima.html
	#
	# USAGE:
	# - Copy this file in your Desktop
	# - Open Terminal.app
	# - Run the following commands:
	# - cd ~/Desktop
	# - chmod +x blackholeratcheck.sh
	# - ./blackholeratcheck.sh
	#
	# DISCLAIMER: This script can lie to you :)
	#
	/usr/sbin/netstat -n -p tcp \| awk '{print $5}' \| awk -F\. '{ print $5}' \| sort -u \| grep -q -E '^(7777\|7779\|7780\|7781\|7782\|9999\|10000\|10001\|10004\|10005)$' && echo 'You are probably infected by OSX/MusMinim-A (BlackHole RAT)' \|\| echo 'Your Mac looks clean. But try an A/V product anyways.'