Have an account? Log in to leave your comments!
journal: mac
Mac trojan horse targets porn viewers
If you’re a Mac user, you may want to think twice before visiting that porn site, especially if you’re, uhm, unprotected.
Today Intego released a security alert regarding the discovery of a trojan horse affecting Mac OS X. The trojan horse targets visitors of pornography sites, and poses as a message advising users to upgrade to the newest version of a QuickTime codec.
Unlike some previous trojan horses on OS X this one is not just a proof-of-concept; it is actually malicious. From Intego’s warning:
This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.
As usual, the best advice is to be paranoid online and never download anything from web sites you are not familiar with. These type of schemes prey on gullible users. Also, you may want to avoid certain, ahem, adult-orientated web sites for the time being.
Macworld provides more information regarding this trojan, how to detect it, and how to remove it if you were one of the unlucky users who were duped into installing the fake codec.
 |
4 | 1383 |
| Nick | comments | views |
thinkback
Does Vista still install software automatically? Do you still have to stay away from “shady sites” with IE 7 in Vista? If your kid is running Vista with a limited account, are they still able to hose the whole system because of downloading crap and visiting “shady sites”?
This new Trojan on the Mac is a bit more malicious because it’s using a common dialog (missing codec) to install the payload. It wouldn’t affect my kids because my kids don’t have Admin privileges, which this Trojan requires.
I remember my neighbors next door with their Dell Windows XP PC being completely hosed on a regular basis because their 14-year old was downloading crap from Kaaza and going to “shady sites”. I thought Vista was better in this regard?
| Nov. 02, 2007 | ||
| 9:53 am |
So what does this have to do with Windows again? oh yeah, that’s right nothing. So how exactly are you not trolling?
I need to correct my comment about the QT dialog for this Mac Trojan, though. It doesn’t go through a common dialog. At first, I thought it actually spawned one of those QT system dialogs about missing software. It doesn’t. It’s just a note on a Web page with a link to a .DMG. So it’s not as dangerous as I thought. It’s pretty much like any other Trojan in the past in that regard.
| Nov. 08, 2007 | ||
| 8:20 am |
1.
Yeah, right, is there anyone braindead enough to install software from pornsites?
Be confident though fellow Mac users, malicious software like this one can’t be installed automatically as in windoze, only YOU have that power on a Mac.
I think it’s not impossible that the bombardment of the Mac community with malware will increase, but I’m willing to bet that only a tiny fraction of us will suffer from the consequences because the Mac really HAS great security but can’t protect everyone from doing stupid things.