aTypical Joe: a gay New Yorker living in the rural South
Wednesday, October 31, 2007
Professional malware Mac attack
Hackers are reportedly sticking virtual razor blades into Apple computers this Halloween, as a Mac security vendor reports Wednesday that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent video decoding file.
Mac OS X users visiting malicious porn sites are told to download a special codec that will let Apple’s Quicktime player to play the porn flicks, but instead of adult treats, users get a malicious trick, according to anti-virus vendor Intego.
The OS X Trojan, which infects a computer after a user chooses to download a proprietary codec, hijacks the infected computer’s DNS settings. Internet-connected applications use DNS settings to figure out how to translate URLs, such as Wired.com, into the physical address of a server, according to Intego’s alert. By hijacking the DNS, the Trojan is able to redirect visits to sites such as banks, eBay and PayPal to fake websites that attempt to harvest user’s logins and passwords to commit financial fraud.
Gadi Evron says:
I can sum it up in one sentence: OS X is the new Windows 98.
The same gang infects Windows machines as well, just that now they also target macs.[...]
This means one thing: Apple’s day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind.
Sunbelt Software’s Alex Eckelberry has screenshots.
Attribution corrected. Thanks, Alex!
