AAPL Stock: 124.24 ( + 0.86 )

Printed from

New Mac Trojan masquerades as video codec

updated 12:05 pm EDT, Thu June 11, 2009

New Mac malware circulates

A new piece of Mac-targeted malware has entered the wild, say security researchers with ParetoLogic. Dubbed OSX/Jahlav-C, the software is currently associated with a website called PornTube, and is described as a Trojan concealing itself as an ActiveX object needed to run video. The approach is somewhat unusual in that ActiveX is uniquely associated with Windows, and therefore less likely to deceive a Mac user.

Should a PornTube visitor agree to install the object, an "AdobeFlash" shell script file is created in a Mac's /Library/Internet Plug-Ins folder. The file is set to execute periodically, and contains a shell script with a Perl script buried inside. The Perl code in turn communicates with a distant website, downloading data for malicious purposes. Other files associated with the Trojan include: HDTVPlayerv3.5.dmg, VideoCodec.dmg, FlashPlayer.dmg, MacTubePlayer.dmg, macvideo.dmg, License.v.3.413.dmg, play-video.dmg and QuickTime.dmg.

While malware remains uncommon on the Mac, Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users. A high-profile Trojan released this year has been tied to pirated copies of iWork and Photoshop, and it is believed that more malware will debut as Macs gain popularity. Hackers are known to target common platforms for the widest possible impact.

by MacNN Staff





  1. lkrupp

    Joined: Dec 1969


    So tell us please

    "Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users."

    What vulnerability, security defect, poor programming, or other defect in OS X allows this trojan to be installed surreptitiously without the poor, clueless user knowing about it? Oh wait, it's the vulnerability, security defect, poor programming between the user's ears that is the problem, not OS X. I see now. Thanks for clearing that up.

  1. lkrupp

    Joined: Dec 1969


    And oh...

    We'll probably never hear a peep out of anyone who gets nailed by this trojan. It would be too embarrassing to have to admit how stupid they are.

  1. nat

    Joined: Dec 1969



    let's say that the mac gets 10 viruses a day, every day, from now on and windows somehow manages to never get another one. since windows has conservatively 150,000 today, it would take roughly 40 years for the mac to catch up.

    i'll take my chances.

  1. IxOsX

    Joined: Dec 1969


    Trojan not Virus

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS? Do not think that it is... This is a malware installed by the user and allowed to run by the distract user. So unlike the a real Virus, dissimination is null. Except for that user!

  1. testudo

    Joined: Dec 1969


    Re: so

    Windows doesn't have 150,000 viruses. Most of those are trojans, malware/spyware, and other fun stuff users install because people are good at fooling users at installing stuff.

  1. byRyan

    Joined: Dec 1969



    and here I thought a Trojan was supposed to protect you from the nasty viruses assosiated with the S***** women of the adult industry ;)

  1. nat

    Joined: Dec 1969


    you say tomato..

    "Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states."

  1. eldarkus

    Joined: Dec 1969


    re: IxOsX

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS?

    Absolutely true.. My house came with a similar defect. I sent keys to my house to over 100 people who were on parole for burglary.. and damned if a bunch of them didn't break in!

  1. MacScientist

    Joined: Dec 1969


    ActiveX for MacOS X?

    This Trojan is supposed to be an exe file that installs an ActiveX object? I can confirm that this is true. Exactly how is this even Mac malware? Just because it has OS-X in its name?

    Every Mac user with half a brain knows that legitimate sites do not prompt users to install codecs. Furthermore, I have never ever seen a QuickTime codec installed automatically--not the first time, anyway. They all require explicit and affirmative action by the user. This site has been flagged by Google as distributing malware. My installation of Safari 4.0 diverts all attempts to watch the video to a warning about malware. It's more of a block actually. However, the blocked file is clearly a Windows file.

    Long story short--this is much ado about nothing.

  1. dynsight

    Joined: Dec 1969



    People who contract this OS X trojan should use the OTHER types of Trojans so they don't propagate their "stupid" gene to their offspring.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...


Most Commented