[NPMUG] New OSX trojan out there

William James wtjames at mac.com
Mon Dec 1 11:43:49 MST 2008 

So if my kid downloads is there a remedy... ?

Bill James

Sent from my iPod

On Dec 1, 2008, at 1:36 PM, Charles Firth  
<charles at firthconsulting.com> wrote:

> Once again, the Zlob gang has released a new OSX-targeted trojan -  
> very similar to their previous work.
>
> It sits on dodgy or infected websites proporting to offer funny or  
> explicit videos. When you attempt to view said video, you are told  
> you are lacking a required Codec and are prompted to download either  
> an EXE (Windows) or a DMG (OSX) file.
>
> When you download the DMG, it contains a normal looking  
> "install.pkg" file that then installs some Really Bad Stuff on your  
> Mac. Most notably, it redirects your DNS requests to some rogue  
> servers in the Ukraine. This lets them redirect any web traffic you  
> type in to their own fake sites - for example, www.google.com would  
> be redirected to a fake google.
>
> So please be careful online and not install anything unless you  
> completely trust it. Remember, if OSX asks for your password, it's  
> because it's doing something serious to the machine and needs  
> permission. Don't give permission unless you're sure it's safe.
>
> More info on the new trojan, called Jahlav-A, can be found here:
>
> http://www.sophos.com/security/blog/2008/11/2024.html
>
>
> Note that this is not a "virus" - it can't spread on it's own - it  
> requires you to download and install it for the hacker.  
> Unfortunately, the weakest link in computer security is (and has  
> always been) the user. Don't be that user. :)
>
> Charles
>
> PS: It's a testament to Homer that we use the word Trojan (short for  
> Trojan Horse) to define these "fake gifts" containing malicious  
> code. Nice on the outside (like a video codec) but full of enemy  
> soldiers.
>
>
> _______________________________________________
> NPMUG mailing list
> NPMUG at davesevick.com
> http://davesevick.com/mailman/listinfo/npmug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20081201/cfe10b1a/attachment.htm

More information about the NPMUG mailing list