[NPMUG] New OSX trojan out there

[Charles Firth]

Once again, the Zlob gang has released a new OSX-targeted trojan -  
very similar to their previous work.

It sits on dodgy or infected websites proporting to offer funny or  
explicit videos. When you attempt to view said video, you are told you  
are lacking a required Codec and are prompted to download either an  
EXE (Windows) or a DMG (OSX) file.

When you download the DMG, it contains a normal looking "install.pkg"  
file that then installs some Really Bad Stuff on your Mac. Most  
notably, it redirects your DNS requests to some rogue servers in the  
Ukraine. This lets them redirect any web traffic you type in to their  
own fake sites - for example, www.google.com would be redirected to a  
fake google.

So please be careful online and not install anything unless you  
completely trust it. Remember, if OSX asks for your password, it's  
because it's doing something serious to the machine and needs  
permission. Don't give permission unless you're sure it's safe.

More info on the new trojan, called Jahlav-A, can be found here:

http://www.sophos.com/security/blog/2008/11/2024.html


Note that this is not a "virus" - it can't spread on it's own - it  
requires you to download and install it for the hacker. Unfortunately,  
the weakest link in computer security is (and has always been) the  
user. Don't be that user. :)

Charles

PS: It's a testament to Homer that we use the word Trojan (short for  
Trojan Horse) to define these "fake gifts" containing malicious code.  
Nice on the outside (like a video codec) but full of enemy soldiers.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20081201/783f1be1/attachment.htm