Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

trojan horse posts

Filed under: Security

Intego reporting new OS X trojan horse in the wild

by Michael Rose (RSS feed) on Oct 31st, 2007

Ah, Halloween, when all the nasties come out. Just when you thought it was safe to go surfing again, Mac AV vendor Intego is reporting an OS X-specific Trojan horse showing up on some sites and forums. The bit of nasty, which Intego is calling OSX.RSPlug.A and other sources refer to as DNSchanger or Ultracodec/Zlob (Windows version), is delivered on the pretense of installing a QuickTime codec necessary to view adult videos. Once the .dmg is downloaded and the installer is run (with administrative permissions), rather than a new video codec you've got rogue DNS server settings + a cron job that continually sets your DNS back to the bogus entries. Making matters worse, on Tiger the fake DNS settings are invisible in the Network system preference pane.

These fake DNS entries might mislead your machine to spyware sites (unlikely to affect your Mac), pay-per-click search engines (annoying but not dangerous), more pornography (potentially troublesome), or -- and this is really the problem -- Potemkin versions of financially sensitive sites like PayPal, eBay or banks, which would presumably capture your login credentials before handing you off to the genuine article.

While at least one unfortunate poster at Apple's support forum has been bitten by this malware, some simple precautions -- turning off "Open Safe Files" in Safari and, hmm, I dunno, not installing software downloaded from pornography sites -- will go a long way toward preventing the spread of this malware. Remember, a Trojan does not self-distribute; this code depends on user behavior as the vector of infection, so behave.

Update: Rob Griffiths at Macworld has posted helpful detection and removal instructions for the Trojan.

via MacTech

Tags: dnschanger, security, trojan horse, TrojanHorse, ultracodec

Filed under: Analysis / Opinion, OS, Internet

Possible Mac OS X Trojan Horse (mostly harmless)

by Damien Barrett (RSS feed) on Feb 16th, 2006

So I saw the news this morning about a possible first trojan horse for Mac OS X and decided I didn't really want to deal with the inevitable ensuing hysteria, flames, and crazy comments that would be sure to follow such a post. It was 8:00am and just way too early to deal. I mean, if I want to read stupid comments about Macs all day long, I'll just spend my time over at Digg.

Heh heh..I thought to myself, I'll let some other TUAW staff member post this news story. Then they can deal with the puerility.

But now it's almost noon and something like 42 people have sent in a tip and no one's stepped up to the plate, so I figure I probably should write up something.

Here's a quick summary:  Someone uploaded a trojan horse to the MacRumors.com forums which claims to be a .tgz archive of screenshots of Apple's upcoming Mac OS X 10.5 Leopard. Problem is that it seems to be a proof-of-concept trojan and isn't very successful at doing what it's supposed to do, which is propagate itself out via your IM buddy list. Andrew Welch, who founded Ambrosia Software (thanks for Apeiron, BTW!), has been doing a bang-up job of dissecting the trojan and has determined that it's mostly harmless. You can read the specifics in the Ambrosia forums. Sophos has already posted a definition for this trojan here.

The bottom line is that this really seems to be a proof-of-concept trojan more than an actual "in the wild, self-propagating" virus. So yeah, it's certainly very interesting, but I'm not about to start watching for the sky to fall. Leave that to cartoon birds, storybook characters, and PC magazine columnists.

Tags: mac os x, MacOsX, proof-of-concept, trojan horse, TrojanHorse, virus

Tip of the Day

Use Spotlight as a reference tool. Type any word in the Spotlight box and one of the top entries will be a definition. Click on it, and it will bring up the dictionary application to check the word in either the dictionary, thesaurus, Apple database, or Wikipedia.

Learn More

Follow us on Twitter!

TUAW flickr Pool

www.flickr.com
 TUAW [Cafepress]

Featured Galleries

DNC Macs
Macworld 2008 Keynote
Macworld 2008 Build-up
Google Earth for iPhone
Podcaster
Storyist 2.0
AT&T Navigator Road Test
Bento for iPhone 1.0
Scrabble for iPhone
Tom Bihn Checkpoint Flyer Briefcase
Apple Vanity Plates
Apple booth Macworld 07
WorldVoice Radio
Quickoffice for iPhone 1.1.1
Daylite 3.9 Review
DiscPainter
Mariner Calc for iPhone
2009CupertinoBus
Crash Bandicoot Nitro Kart 3D
MLB.com At Bat 2009
Macworld Expo 2007 show floor

 

Most Commented On (7 days)

Recent Comments

More Apple Analysis

More from AOL Money and Finance

AOL Radio TUAW on Stitcher