AAPL Stock: 117.81 ( -0.22 )

Printed from

New Mac Trojan masquerades as video codec

updated 12:05 pm EDT, Thu June 11, 2009

New Mac malware circulates

A new piece of Mac-targeted malware has entered the wild, say security researchers with ParetoLogic. Dubbed OSX/Jahlav-C, the software is currently associated with a website called PornTube, and is described as a Trojan concealing itself as an ActiveX object needed to run video. The approach is somewhat unusual in that ActiveX is uniquely associated with Windows, and therefore less likely to deceive a Mac user.

Should a PornTube visitor agree to install the object, an "AdobeFlash" shell script file is created in a Mac's /Library/Internet Plug-Ins folder. The file is set to execute periodically, and contains a shell script with a Perl script buried inside. The Perl code in turn communicates with a distant website, downloading data for malicious purposes. Other files associated with the Trojan include: HDTVPlayerv3.5.dmg, VideoCodec.dmg, FlashPlayer.dmg, MacTubePlayer.dmg, macvideo.dmg, License.v.3.413.dmg, play-video.dmg and QuickTime.dmg.

While malware remains uncommon on the Mac, Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users. A high-profile Trojan released this year has been tied to pirated copies of iWork and Photoshop, and it is believed that more malware will debut as Macs gain popularity. Hackers are known to target common platforms for the widest possible impact.

by MacNN Staff




  1. lkrupp

    Joined: Dec 1969


    So tell us please

    "Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users."

    What vulnerability, security defect, poor programming, or other defect in OS X allows this trojan to be installed surreptitiously without the poor, clueless user knowing about it? Oh wait, it's the vulnerability, security defect, poor programming between the user's ears that is the problem, not OS X. I see now. Thanks for clearing that up.

  1. lkrupp

    Joined: Dec 1969


    And oh...

    We'll probably never hear a peep out of anyone who gets nailed by this trojan. It would be too embarrassing to have to admit how stupid they are.

  1. nat

    Joined: Dec 1969



    let's say that the mac gets 10 viruses a day, every day, from now on and windows somehow manages to never get another one. since windows has conservatively 150,000 today, it would take roughly 40 years for the mac to catch up.

    i'll take my chances.

  1. IxOsX

    Joined: Dec 1969


    Trojan not Virus

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS? Do not think that it is... This is a malware installed by the user and allowed to run by the distract user. So unlike the a real Virus, dissimination is null. Except for that user!

  1. testudo

    Joined: Dec 1969


    Re: so

    Windows doesn't have 150,000 viruses. Most of those are trojans, malware/spyware, and other fun stuff users install because people are good at fooling users at installing stuff.

  1. byRyan

    Joined: Dec 1969



    and here I thought a Trojan was supposed to protect you from the nasty viruses assosiated with the S***** women of the adult industry ;)

  1. nat

    Joined: Dec 1969


    you say tomato..

    "Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states."

  1. eldarkus

    Joined: Dec 1969


    re: IxOsX

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS?

    Absolutely true.. My house came with a similar defect. I sent keys to my house to over 100 people who were on parole for burglary.. and damned if a bunch of them didn't break in!

  1. MacScientist

    Joined: Dec 1969


    ActiveX for MacOS X?

    This Trojan is supposed to be an exe file that installs an ActiveX object? I can confirm that this is true. Exactly how is this even Mac malware? Just because it has OS-X in its name?

    Every Mac user with half a brain knows that legitimate sites do not prompt users to install codecs. Furthermore, I have never ever seen a QuickTime codec installed automatically--not the first time, anyway. They all require explicit and affirmative action by the user. This site has been flagged by Google as distributing malware. My installation of Safari 4.0 diverts all attempts to watch the video to a warning about malware. It's more of a block actually. However, the blocked file is clearly a Windows file.

    Long story short--this is much ado about nothing.

  1. dynsight

    Joined: Dec 1969



    People who contract this OS X trojan should use the OTHER types of Trojans so they don't propagate their "stupid" gene to their offspring.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented