Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Codec is Mac OS X Trojan

Posted by Zonk on from the search-safely dept.

Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."

8 of 473 comments (clear)

  1. DNS by Anonymous Coward · · Score: 4, Informative

    The summary is misleading, it does not give full control of the computer to the attacker, but changes the DNS server for phishing.
    It could just as easily install a VNC server I suppose.

  2. Steps to get infected by giminy · · Score: 5, Informative

    To get infected, you have to:

    1) Go to a porn site
    2) Download a plugin from the porn site
    3) Click "OK" that you are downloading a .DMG file.
    4) Mount the .DMG
    5) Go back to the Finder
    6) Double-click the installer
    7) Type in your account password
    8) Click next a few times

    Calling this, "In the Wild," is laughable. How did the porn site "get infected"? I'll bet anything that the porn site(s) in question know exactly what they are doing...

    --
    The Right Reverend K. Reid Wightman,
    1. Re:Steps to get infected by Frogg · · Score: 4, Informative

      On a Mac, i believe you can get the Quicktime engine to have all the codecs you'll ever need by installing the free open source package Perian and the free (closed source) Flip4Mac WMV, which covers the last few.

      Arguably, Apple should pre-install both of these packages - or variants thereof.

      Now to get back onto the main topic..

      One could also argue that the Apple-provided Quicktime player sucks ass big-time - and of course that is very true - but that's easily fixed by installing NicePlayer (also FOSS) - the other route is to ignore all the Quicktime-based solutions, and use something like VLC.

      None of the above will stop an uneducated and/or unsuspecting user from clicking their way through an installer (and giving up an administrator password) believing it to install something great/fun/useful. If you try too hard to protect the naive and/or foolish from their own actions when administering the system then you end up taking the route Microsoft have with Vista (and their earlier Windows, each to a lesser extent) -- Are you sure? Are you really sure? Are you really really certain? Can i get a password with that? -- Ah.. Mac users are getting used to giving passwords during installs - bummer. (Mind you, they don't do it as quickly as the average Windows user/administrator can click Ok, Ok, Ok, Ok)

      Being honest though, i don't think naivety or foolishness really enter into the equation - after all, it's a social engineering trick driven by the simple male quest for boobies - a somewhat unstoppable force!

  3. Re:Hmm by sm62704 · · Score: 5, Informative

    This is neither a virus or a worm; it's a trojan. A trojan is a program that does or claims to do something useful, which gets you to install it. Once installed, it does something else in addition to or instead of what you installed it for.

    No OS is foolproof, and even Mac and Linux users can be fools. Mac and Linux machines can be broken into, can get trojans, theur users can be tricked into giving out passwords, but there are no Mac or Linux viruses in the wold.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  4. This is not a virus, it's a "wetware" exploit. by plasmacutter · · Score: 3, Informative

    Malware does not equal virus, iit does not "break" into a machine through security holes, it hacks the wetware between the monitor and the seat, convincing them to consent to the install.
    It's impossible to make a machine fully idiot proof, but in the past couple versions apple has added 3 new "nag" boxes to safari in attempts to warn people.
    Anyone who goes through that many screens deserves to have it installed.

    I don't install any media player or codec if it asks for root permission.

    even flip4mac doesn't require full permissions.

    you drop the free component into your home's library folder and it runs in user space when websites call for wmv decoding.

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
  5. Full Control of the Machine? by His+Shadow · · Score: 5, Informative
    Bullshit. It appends the DNS servers to point the user to phishing and porn sites and runs a cron job to make sure the changes are modified. Does it then email everyone in your address book and infect every other machine on your network? No. It can't even install itself without the Admin password. It's a social hack.

    Nice Try tho...

    --

    Fiat Homos et Pereat Theos

  6. Re:Hmm by djh101010 · · Score: 5, Informative

    http://www.apple.com/getamac/viruses.html

    And i quote "850 new threats were detected against Windows. Zero for Mac."

    Yes, it admits it's possible, it doesn't however, admit there are any.
    Wow, that's an astonishingly blatant use of creative quoting without context. Lets read the whole paragraph, unedited, shall we?

    By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, 850 new threats were detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious.

    A bit different than your out of context snippet this way, isn't it.

    How do the facts then agree with your claim that "it doesn't however, admit there are any."? Says right there "While no computer connected to the Internet will ever be 100% immune from attack,". Sheesh. It's almost like you figured nobody would check your claim to see how blantantly you misrepresented it.
  7. Re:But does it matter? by mollymoo · · Score: 4, Informative

    From the point of view of avoiding accidents, the safest cars aren't generally the ones considered or rated as "safe". Avoiding accidents ("active safety") is an entirely different ball game to surviving crashes ("passive safety"), which is what most people think of when they talk about safety. If you want to avoid an accident, you want lots of grip, good brakes, minimal mass, good visibility and small size. In other words, you want a sports car. If you want to survive an accident, you want large size and high mass. In other words you (theoretically) want an SUV (theoretically because SUVs are not all built to the same standards as cars).

    --
    Chernobyl 'not a wildlife haven' - BBC News