Mac Osx Security Alert

[cdnvic]

Mac Users Get A Credit Card Stealing Trojan for Halloween, Security Company Reports

By Ryan Singel EmailOctober 31, 2007 | 6:45:40 PMCategories: Hacks and Cracks

an apple halloweenHackers are reportedly sticking virtual razor blades into Apple computers this Halloween, as a Mac security vendor reports Wednesday that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent video decoding file.

Mac OS X users visiting malicious porn sites are told to download a special codec that will let Apple's Quicktime player to play the porn flicks, but instead of adult treats, users get a malicious trick, according to anti-virus vendor Intego.

The OS X Trojan, which infects a computer after a user chooses to download a proprietary codec, hijacks the infected computer's DNS settings. Internet-connected applications use DNS settings to figure out how to translate URLs, such as Wired.com, into the physical address of a server, according to Intego's alert. By hijacking the DNS, the Trojan is able to redirect visits to sites such as banks, eBay and PayPal to fake websites that attempt to harvest user's logins and passwords to commit financial fraud.

http://blog.wired.com/27bstroke6/2007/10/m...sers-get-a.html

[nikster]

The age of innocence has come to an end for Mac users! This one's for real.

The way this trojan infects a system is 100% social engineering and 0% hacking - you download a file. You let it install what it claims is a codec. And then... you enter your admin password!

Nevertheless, this is the first piece of malware on OS X that is not a proof of concept but rather a real piece of malware intent on stealing your banking and paypal passwords and who knows what else.

Consequences:

- Mac users have to be careful from now on.

- Don't enter your admin password for things you got off a "Porn" site

- If you are a person who enters their password for random programs from the internet, now is the time to get a virus scanner

Edited November 1, 2007 by nikster

[cdnvic]

Unfortunately those of us who have gotten tired of explaining safe computing practises have been for years advising the ones who didn't get it to Macs. Doesn't help that Apple itself has perpetuated the myth that Macs are immune to malware.

[cdnvic]

Here's a screenshot of the software trying to install (Courtesy of Sunbelt Software)

*note* click "cancel" if you see this.

Edited November 1, 2007 by cdnvic

[billp]

Well, we all know that Macs are not immune. There were never as many security holes in the OS as with Windows, nor as many willing to take advantage of every weakness. I recall even back in the OS 7 or OS 8 days there were a few viruses around. But, frankly, no matter what OS, anybody stupid enough to download a codec from a porn site and enter his admin password deserves everything he gets.

[DaffyDuck]

Might be worth noting:

- It's spread through porn sites (no surprise there)

- an anti-virus company not only brought it to the world's attention, but already has a fix and inoculation for it.

- I find that odd

Intego is also known for historically using trumped up virus and malware fears to sell their software.

I agree that it's 100% social engineering, and certainly well done (albeit the writer hasn't made any efforts to make the QuickTime notice look in any way authentic or legitimate - again, 90% of average users won't know this, or what to look for, and will click through in hopes of catching some skin.

There's one more reason for girlfriends who disagree with their boyfriends' porn surfing to scold them :-)

[cdnvic]

I used to try selling people on Linux because it was "Porn Safe"

http://www.thaivisa.com/forum/index.php?ac...st&id=28654