Fake Codec is Mac OS X Trojan

Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."

Keyloggers?

[C0rinthian]

In my Macintosh? It's more likely than you think.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:You get what you deserve.

[C0rinthian]

Or smart enough. Stupid people wouldn't make it through the install process. "Next" buttons are hard.

Tagging

Where is the "haha" tag for this post? WHERE?!

Lame excuse for a "trojan"

[monkeyboythom]

the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected

That's like saying that Troy had to put their enemies in the horse, then drag it up to the gate, drag it through and then offer a soft cushy landing spot for warriors coming out of the horse.

Comment removed

[account_deleted]

Comment removed based on user account deletion

What goes through the mind of the designer - ?

"Sure, Russian porn site offering me 'free' videos ripped from US porn producers ... I trust you to give me software to install in order to watch your video. Wait, I'm using a Mac - which ships with nearly every conceivable video codec I'd ever need to produce and edit professional video because It Just Works. What are the chances that Russian Mafia are one-up on Apple for a video codec I'd need?"

Suck It, Mac Haters!

[CheeseburgerBrown]

No more shall we endure your taunts of being too obscure a minority to content with! Even the Russian Mafia thinks we're worth taking notice of now.

...Now we too shall now the bane of being pestered by colleagues and neighbours to help them score pirate software and to undo the embarrassing things they do their machines.

maximum .dmg

[digitaldc]

The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec

I always knew there was something phishy about a .damage file. They should have never named it .dmg, it just begs to be used to .damage something!

the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed

Lesson learned - NEVER mount a .damaged Trojan, or you may become infected.

Downloads from porn sites

[Aqua+OS+X]

I don't know about you, but if grandmagoldenshowers.com recommends that I download software, I do. If my operating system give me a detailed warning about the software that I downloaded from the porn site, I disregard it. And if I'm forced to authenticate the installation, I do.

Porn sites have given me hours of free orgasms at my desk, why wouldn't I blindly trust them?

Oh and I also always give my credit card and social security number to Ebay when they're having problems with my account and they direct me to www.secureauthenticate.ebay.com.

Re:Downloads from porn sites

[martin_b1sh0p]

Oh and I also always give my credit card and social security number to Ebay when they're having problems with my account and they direct me to www.secureauthenticate.ebay.com.

Oh man you've been had!!! Every time I give them my SSN and CC it's at www.ebay.secureauthenticate.com. Obviously the site you have listed is a bogus / malware site!!!

Re:Downloads from porn sites

[greyhueofdoubt]

Porn sites have given me hours of free orgasms at my desk, why wouldn't I blindly trust them?


Intended or not, that was the best play on words in this thread :)

-b

Re:fanboys unite

[noamsml]

int main() {while 1;}

Re:But does it matter?

[bloobloo]

It's on a Mac. Of course it's Darwinian.

Click through...

[SteeldrivingJon]

"The target must click through a series of screens"

And engage in a specific pattern of toe-tapping and handwaving.

Mac users watch porn?

[r_jensen11]

I thought that, given their hip status, that they'd be having sex instead of watching porn. Does this make them as pathetic as Windows users, yet?

s-s-sudo

[ElephanTS]

I've found a great way of getting free pr0n and warez on Mac OSX. Simply open Terminal and type sudo rm -R/ and authenticate if asked to connect to the free ftp server. Works like a charm for me.

There, can someone write a story about this now.

Re:What's the sound of a thousand eyes rolling?

[necro2607]

"What's the sound of a thousand eyes rolling?"

Jeez, I don't know, but it probably sounds pretty damn disgusting. Gross! :(

Re:Hmm

[Daengbo]

where it could look for a nice bucket of 0-day exploits (e.g. the recent RealPlayer one).

So basically it redirects your browser to a page that hopes your system isn't patched?

So basically you don't understand what a 0-day exploit is? You'd better patch your system so you don't get that 0-day exploit! Quick now! ;)

Re:works on Mac OS X too

[objekt]

No, they don't. And that part I mentioned about enabling the root account was just a big lie. A really big lie. Macs don't even have a terminal program. And they use a one-button mouse. And they only do black and white.

Re:So much more user friendly

On linux is
1.Goto a site
2.Download beta version of plugin which MAY work for linux.
3.Discover that you need to Install a version X of Y and related libraries before it works.
4.Configure the plugin
5.Compile
6.watch it crash after a hour and find bugs at the source code, hoping they are minor.
7.Tweak the code and compile it second time.
8.After that you can enjoy your new plugin.That if it doesn't leaks enough memory to make firefox unstable.
(obviously posted as anonymous)